Achieving Security Beyond Compliance with Future-Ready Payments
More Information
Integrating systems often is viewed as a challenge for hotels. How can solutions providers work together to take some of this burden off of hotels? What are the specific challenges that need to be addressed when it comes to systems integration related to payments?
Montellano:
The number of individual systems in use and payments endpoints in a hotel or resort environment can easily get into the dozens, and hoteliers are often left searching for that single payments provider who has the integrations needed to support various devices, online payments, tokenized reservations, auditing, reporting, etc. The simple truth is it’s hard to find.
Improving security is a hot button issue for hospitality operators. As breaches occur on a regular basis, what are the questions hotels should ask of partners? How do you react and respond when a partner of yours is breached to protect your hotel partners?
Montellano: Unfortunately, any hotel can be breached, but the important question is whether or not there is any card data that can be used if it’s stolen. It’s important that solutions achieve security beyond compliance. When implemented correctly, technologies should ensure that no cardholder data is stored in the hotel’s payments environment, including the POS or PMS system. There should be several different layers of payment security at multiple stages of the transaction, ensuring that both the technology partners and customers are covered. So, even if they are breached, it’s basically like robbing a bank and only finding paperclips and rubber bands in the vault.
How can tokenized reservations add to payment security?
Montellano: When you rely on an additional third party like a central reservation system or global distribution system, you are inherently adding another risk; another door that introduces sensitive data into your property management system. To help alleviate that risk, tokenization technology can be applied to the reservations that come in from those platforms before they get to the hotel. That way, the reservation is tied to the cardholder using a randomly generated, 16-digit token instead of the actual card number.