Delta Hotels and Resorts Moves Beyond PCI Compliance

As a full-service hotel chain catering to corporate and leisure travelers, Delta Hotels and Resorts, founded in 1962, has grown to become Canada’s leading hotel management company. Today, they boast a diversified portfolio of 37 city-center, airport and resort properties. Widely viewed as the brand of choice for discerning owners and guests, they take pride in being an exemplary employer to more than 5,800 people and an active corporate citizen building stronger Canadian communities from coast to coast.

In 2012, faced with the requirement to implement advanced security solutions across their brand and to reduce the amount of human and financial resources expended on PCI Compliance, the company moved away from an outdated premise-based payment gateway to a Merchant Link cloHTTP://www.merchantlink.comud-based solution that included TransactionVault® tokenization, TransactionShield®, Point-to-Point Encryption and E-commerce Security Solution. Security threats to the lodging industry have increased exponentially. It was clear to the Information Security and Information Systems divisions that their data security strategy had to move beyond compliance requirements.

The challenge became how to manage PCI compliance and ensure the highest level of data security while the IT environment was rapidly growing more complex.

“Our vision for payment security was to go beyond the recommended PCI compliance standards and provide the hotels, our staff and our guests the utmost protection for credit card data, by completely removing cardholder data from our systems,” Yu Jin said.

Delta Hotels and Resorts had to work across the entire Delta Hotels and Resorts network, including reservation/system channels, and to communicate seamlessly with their existing property management system. Further, having both corporate and franchise properties dictated that the solution had to be flexible and easy to implement, with no impact to the guest experience.

Delta Hotels and Resorts implemented Merchant Link’s full data security suite including TransactionVault, TransactionShield and E-commerce Security Solution. Merchant Link’s advanced tokenization solution, TransactionVault, protects credit card data at rest. TransactionVault tokenization reduces risk by offering a solution that can remove credit card data from all systems across the chain, touching every point that guest payments occur – from the web reservation booking engine to the central reservation system, including the property level PMS.

The TransactionVault solution works through the cloud-based Merchant Link Payment Gateway, so the enterprise never sees or stores volatile credit card data. Cardholder information is captured and stored in a secure, hosted “vault.” The data is replaced with tokens that safely live inside any lodging system.

“Ensuring that our credit card data is securely transmitted and stored is critically important to Delta Hotels and Resorts. The TransactionVault solution completely removes the data from our hotel systems while maintaining guest history information,” Yu Jin shared.

TransactionShield, Merchant Link’s Point-to-Point Encryption solution, protects data in-flight at the point of interaction (POI) and as it travels through the merchant’s IT environment. Depending on the merchant’s hardware, the POI may be within the actual magnetic stripe reader at the point of swipe or within a point-of-sale terminal or workstation. Decryption occurs within Merchant Link’s hosted payment gateway. This cloud-based decryption reduces the risk of compromised data as it removes all unencrypted data from the merchant environment.

TransactionShield is one of the most flexible point-to-point encryption solutions in the marketplace today. In order to round out the security suite, Delta Hotels and Resorts also implemented Merchant Link’s secure E-commerce Security Solution, ensuring that all of their online traffic was as safe and secure as their on property information. From direct billing to folio checkout the Merchant Link systems that Delta Hotels and Resorts put in place helped them reduce the cost with PCI compliance and security management.

Delta Hotels and Resorts was able to implement TransactionVault, TransactionShield and E-commerce Security Solution for all of their corporate and franchise locations. Yu Jin shared, “The security suite offered by Merchant Link was able to help us manage our complex payment environment and reduce financial expenditures associated with PCI compliance audits. Merchant Link has been a very responsive business partner. They delivered a full ‘data at rest and data in flight’ solution to support our overall security plan.”