PMS Upgrade Offers PCI Peace of Mind

Mark Zipperer, CHA, president and CEO of Pride Hospitality LLC, is not a fan of standalone hotel operating systems.

“They drive me crazy!” he says.

So when the Harbor Winds Hotel, an independent property based in Sheboygan, Wis., and managed by Pride Hospitality, decided it was time to upgrade its PMS, there were two things that Zipperer was concerned with: PCI compliance and moving to the cloud.

PCI compliance was top-of-mind for Zipperer because he knew that hotels lacking a secure payment system could be held liable for a security breach. If the hotel is found liable for a security breach, credit card companies can stop payments to the hotel, and when credit card payments stop, cash flow stops. On top of that, the credit card companies can fine the breached hotel up to $250K, depending on the severity of the breach. For independent hotels such as Harbor Winds, these actions could cripple the business.

Independents are especially at risk because they don’t have a big brand behind them to tell the hotel which secure payment system to install or to investigate security breaches on their behalf. Knowing this, Zipperer said he tried to make sure his hotel had the best PCI compliance possible between his PMS and his processor.

“Our previous PMS was stuck,” he says. “The vendor we were using wasn’t enhancing their PMS, building it out or making it PCI compliant.”

After evaluating “a lot of PMS systems,” Zipperer was drawn to rGuest by Agilysys because the system provided a PCI compliant gateway to the hotel’s processor and because it used point to point encryption.

“PCI is no longer an issue because of the encryption,” he says. “The only point of failure a hotelier could have is from an unsecure connection from the hotel to the processor. But even if the connection is unsecure, the data is fully encrypted; it’s about as secure as you can get today.”

For Zipperer, the icing on the cake was how cost-effective and easy it was to set up the rGuest PMS. With his previous PMS, Zipperer paid $50K to install and $7K to periodically upgrade huge physical servers, in addition to the cost to maintain them at his property on a daily basis. However, he was able to put the rGuest system on a Chromebook, connect the Chromebook to a few monitors, a printer and a few other peripherals and be done with it. Every few years he updates the laptop, printer and peripherals.

“The costs to maintain and update this equipment is minimal compared to what I was doing previously with my server-based system,” he notes, crediting this to the fact that rGuest operates in the cloud.

“When you have a huge server, most of the information resides at the hotel, which is relatively unsecure,” he notes. “Why have a server when you could be on the cloud?”

According to HT’s 2017 Lodging Technology Study, more than half of hotel operators (57%) plan to have the PMS operating above property by 2018. For Pride Hospitality, having the PMS operating in the cloud offers operational benefits, such as enabling Zipperer to view important business information from anywhere at any time via the internet. 

“I can pull up my forecast without having to call the hotel, bug my employees and take them away from interacting with guests,” he adds.