Back
Integrated payments within your hotel have several advantages that go beyond ease of use and simpler functionality for guests and staff. In this series, we unpack what integrated payments through your hospitality software ecosystem means for three key areas for every hotel: guests, revenue and security.
The last in the series: data security and compliance.
Research found that not only have 31% of hospitality businesses reported a data breach but that 89% have been affected more than once in a single year.
The average cost of a data breach isn’t small either, sitting at around $3.4m. But costs aside, the reputational damage can have severe and negative repercussions in themselves. Because of how competitive the industry is and the expectations of guests who are now demanding more, bad security can quickly equate to a suffering bottom line.
To help counter this and lower a hotel’s risk of such extensive damage, integrated payments is the unexpected solution security teams can overlook.
What are integrated payments?
Integrated payments means that all payment processing - no matter where within the hotel or online - connects to your hotel's PMS and with your hospitality software ecosystem. It means faster and easier payments and consolidation of payment information for staff and guests.
Risks for hoteliers
Hotels are vulnerable to attacks on their digital systems. From intrusions in the Point of Sale system targeting guests’ credit card details, to attacks on personal identifiable information on hospitality apps and spyware which can sit on either of these systems and more.
As the vast majority of guests make reservations online and prefer doing this directly with the hotel, hotels often end up hosting a variety of details about a single person. This presents opportunities for identity and payment fraud when placed in the wrong hands.
Learn more about Planet’s security measures
How integrated payments reduce payment risks
While integrated payments may initially seem like a benefit to primarily the guest experience, the technology is in fact incredibly beneficial to security too.
You may have a high turnover of staff through seasonal workforces, who all require security training. A high turnover of staff increases the risk of intentional or unintentional security threats, if you don’t have the necessary measures to protect your guests’ data in your payments system.
Your hotel may be one of multiple sites regionally or globally, leading to inconsistent security policies. Inconsistencies may be caused by differing local regulations requiring slight variances in data collection and storage.
Integrated payments address these risks. Data is fully tokenized, refunds can only be conducted upon pin entry and staff need swipe cards to log in to the system. These are a few examples of how integrated payments reduce payment risks for your hotel.
What is tokenization?
Tokenization, generally speaking, allows businesses to securely convert any sensitive data into non-sensitive data. The latter is called a ‘token’.
All tokens are stored in a centralised token vault and because the tokens alone are meaningless, they can’t be used for any malicious activity. The beauty of this is that the hotel doesn’t have to worry about storing my sensitive information, so there are fewer worries around hacking risks and compliance. And guests have the reassurance that their card details are secure; a win/win for everybody.
Additionally, the beauty of tokenization is that the token is completely unrelated to the original data. Unlike with encryption where a key exists to translate the data making it more vulnerable to hackers or brute force, tokens can’t be reverse-engineered.
How integrated payments reduce PCI DSS compliance scope
A large part of any business dealing with payments and customer financial data is ensuring they are PCI DSS compliant. Hotels are no different.
By embracing integrated payments and tokenization, hoteliers can reduce their PCI scope. According to the PCI DSS, “tokenization solutions do not eliminate the need to maintain and validate PCI DSS compliance, but they may simplify a merchant’s validation efforts by reducing the number of system components for which it applies.”
In other words, tokenization reduces the areas that a PCI DSS audit will need to assess.
To reduce PCI DSS scope, the organisation states the following:
1. If you don’t need it, don’t store it
The scope includes any time a merchant stores, processes or transmits cardholder data. To reduce this, only retain this data if it’s needed for business, legal or regulatory purposes.
2. The tokens and the token vault must be secure
To be considered out of scope, the tokens and the token vault must have no value to an attacker attempting to retrieve a Personal Account Number (PAN). Additionally, they shouldn’t be able to influence the security of the cardholder data.
How Planet’s integrated payments reduces security risk
Planet’s Tokenization instantly and securely converts credit card details upon first payment or pre-authorisation into non-sensitive data, a token. For the hotelier, this removes the risk of staff handling any sensitive payment information and for the hotel to store it too.
It means that guests also have peace of mind that their payment is going through smoothly and securely. With the reassurance of 3D Secure compliance, combined with tokenization, guests know their data is protected online too. This helps to build trust between your customers and brand.
Planet’s integrated payment solutions give hotels more security, but also help create a seamless guest experience. Because Planet’s integrated payments means different platforms can come together seamlessly and securely, the payment process and exchange of card details are only ever needed once – during preauthorisation.
So when guests charge add-ons to their reservation whether in the bar or booking a spa treatment, in-person or online, everything can be totalled, viewed and paid on check-out effortlessly with the tokenized payment information.
Plus, guests’ card data is encrypted from the first point of contact – at the Point of Sale. While some providers may only encrypt customer data once it reaches the server, the benefit of encrypting customer data at the terminal level is that the payment is fully encrypted end-to-end, reducing the risk of interception.
Planet’s terminals also come with Remote Key Injection (RKI) which means hoteliers can complete the injection of encryption keys for the payment processing quickly and safely at the point of sale. This also reduces PCI scope as it removes the need for the hotel to maintain secure servers and ensure staff have the latest training certifications.
Online payments are also secured with Strong Customer Authentication (SCA) during payment. Guests may need to confirm their details using a code sent via SMS, or biometric authentication. No matter the authentication method, Planet’s online payments are always secured with SCA flows. Plus, Planet’s online payments solutions are SSL certified, keeping guests’ data safe as they pass to the payment gateway.
Planet’s security measures are built around our integrated payments ecosystem to ensure that hotels are more secure and compliant. So hoteliers have fewer headaches when it comes to compliance, and can assure guests can pay securely every time.
How Planet’s Integrated Payments makes PCI compliance simpler
Planet’s integrated payments use of tokenization means that when it comes to for PCI DSS audits, hotels can reduce their scope by up to 70%.
This is because hotels using Planet are no longer storing the original credit card details and using tokens instead. As a result, they automatically no longer need to complete every field on the audit form. Without that area being a risk, it simply no longer applies.
Final words
Integrated payments are a great source to provide efficiency and security throughout a hotel. Whether it’s for a better guest experience, an improved bottom line or higher payments protection, integrated payments and the use of tokenization can help to solve many key challenges for hotels.
For data security, where there is so much at stake including hefty fines and a ripple-effect negative reputation, tokenization minimises a hotel’s risk of these by removing the sensitive data from the start. Hackers and malicious users are less motivated to infiltrate a system when tokens are involved because they are simply useless to them.
Planet’s Integrated Payments work to make the evolving world of security and compliance simpler for hoteliers, regardless of how many different platforms are in play and how many guests pass through the doors.
Learn more about Planet’s Integrated Payment Solution
That’s our Integrated Payment Series done. Check back soon for other series, and get in touch to learn more.
Stay in English