Skip to main content

4 Measures Hotels Can Take to Protect Their Data


While the number of data breaches has decreased by about 10 percent nationally this year, a recent IBM report shows that the size of individual breaches has grown by 1.8 percent. This includes more than 24,000 compromised records, proving that when breaches do occur, they occur on a very large scale. This is due, in part, to hackers changing the way they attack, making it much more difficult to detect a breach. 

The time it takes to detect a breach is the biggest threat to the hospitality industry, and unfortunately faster detection has not progressed much over the past few years. According to the same IBM report, it takes about 191 days to detect a breach, down only slightly from a 201 days in 2016. Hackers quickly gain confidence when their malware is installed and remains undetected for a long period of time, allowing them to turn their attention towards the property management and central reservation systems in hotels.  

This article from Elavon discusses four simple measures that hotels can take to help protect themselves from hospitality data breaches:

  1. Follow PCI security standards;
  2. Properly train staff;
  3. Provide customer-facing payment terminals;
  4. Create a culture of security.


Reduce PCI Compliance Burdens

The first big step in prevention is to reduce any PCI compliance burdens. For example, with card present transactions, hoteliers must seek out solutions that offer both encryption at the earliest point of card data entry and tokenization. Encryption and tokenization ensure that the customer’s card number is never physically housed at the hotel or restaurant as it is replaced with token data. The hotel can then safely store the token and use it for incremental authorizations, voids or future transactions. The tokenized numbers can be used only by the hotel and cannot be used as a keyed transaction or in a printout. This protects against someone trying to produce fake credit cards, for example.

Properly Train Staff

Staff training, or lack thereof, is probably the biggest threat to data security. One of the most common ways in which systems get compromised is when employees are allowed to connect personal devices to their computer or terminal. As employees become more comfortable with technology in the workplace, something as seemingly harmless as charging a phone via the USB port on a work station can open the door for hackers to access a hotel’s core system. Regular staff security training and reminders help keep security on the forefront of employee’s minds.

Provide customer-facing Payment Terminals

Another way in which hotels can protect against breaches is by integrating an EMV-enabled point-of-sale terminal that allows a guest to hold onto their card at all times. This helps keep the payment process simple and seamless, and provides a sense of security to guests. Additionally, frontline staff must be trained to recognize card skimmers and know what to look for on the terminal.

Create a Culture of Security

Reducing PCI compliance burdens, properly training staff and providing self-service payment terminals are all part of a much larger need within the hospitality industry: creating an overall culture of security. This can be a daunting, costly undertaking if it is handled internally. Hoteliers should consider employing a trusted partner to help manage these tasks. Choosing a partner with data security as a top priority can help prevent costly losses in the future.

Data breaches often generate news headlines. A well-publicized breach is a threat that is detrimental for hoteliers’ brand, and is generally avoidable if the above considerations are put into practice. Hackers will never stop trying to penetrate hotel systems, but integrating solutions that provide encryption and tokenization, implementing an overall culture of security and remaining PCI compliant helps to mitigate the risk that valuable data can be stolen if a breach does happen.

This ad will auto-close in 10 seconds