Achieving Security Beyond Compliance with Future-Ready Payments
Hotels remain slow to adapt to accept mobile and alternative payments. How can hotels shift to be more future-ready for next-generation payments to stay competitive while being proactive about security?
Traditionally, hotels are not early adopters of new technologies. This has been due to the fact that omni-commerce hotel environments are considered to be the most complex payments ecosystems with the longest payment lifecycle. Any technology changes can have unforeseen, far-reaching impacts on hotel operations and overall data security. Adopting mobile payments is an ongoing balancing act for hotels between improving the guest experience and ensuring new technologies are vetted and secure. Having a mobile solution that’s integrated into the rest of the hotel’s systems is also a big factor, since introducing standalone mobile hardware into established operations can introduce compatibility problems.
Integrating systems often is viewed as a challenge for hotels. How can solutions providers work together to take some of this burden off of hotels? What are the specific challenges that need to be addressed when it comes to systems integration related to payments?
The number of individual systems in use and payments endpoints in a hotel or resort environment can easily get into the dozens, and hoteliers are often left searching for that single payments provider who has the integrations needed to support various devices, online payments, tokenized reservations, auditing, reporting, etc. The simple truth is it’s hard to find.
Improving security is a hot button issue for hospitality operators. As breaches occur on a regular basis, what are the questions hotels should ask of partners? How do you react and respond when a partner of yours is breached to protect your hotel partners?
Montellano: Unfortunately, any hotel can be breached, but the important question is whether or not there is any card data that can be used if it’s stolen. It’s important that solutions achieve security beyond compliance. When implemented correctly, technologies should ensure that no cardholder data is stored in the hotel’s payments environment, including the POS or PMS system. There should be several different layers of payment security at multiple stages of the transaction, ensuring that both the technology partners and customers are covered. So, even if they are breached, it’s basically like robbing a bank and only finding paperclips and rubber bands in the vault.
How can tokenized reservations add to payment security?
Montellano: When you rely on an additional third party like a central reservation system or global distribution system, you are inherently adding another risk; another door that introduces sensitive data into your property management system. To help alleviate that risk, tokenization technology can be applied to the reservations that come in from those platforms before they get to the hotel. That way, the reservation is tied to the cardholder using a randomly generated, 16-digit token instead of the actual card number.