4 ways to protect your guests information

Today, January 28th, is data protection day. For too long, the hotel sector has been viewed as a soft target by hackers seeking to steal guest data. While some hoteliers take guest data security seriously, there are still too many operators using inadequate technology and processes to fully protect data. We've seen plenty of stories of serious data breaches creeping into the news on a regular basis and the hotel industry hasn’t escaped attention. Large organizations such as Wyndham Worldwide Group, Radisson Hotels Group, Tripadvisor and Facebook have been hit in recent times and have received the type of publicity no business needs.

Data Breaches

Any breach of data security is serious, and can have severe consequences in terms of loss of revenue, but also for the business's reputation and customer loyalty. It goes without saying that no guest wants to risk staying at a hotel if they are not confident that their personal information is safe. As a result, it is more important than ever to reassure customers that there are solid security measures in place to protect their information through online booking tools and when using credit cards within the actual hotel. 

You may be thinking that the companies I’ve referenced are all global corporations however hackers target all kinds of business and data security is still relevant for independent properties, particularly when you take payments from credit cards. Without the proper controls your confidential information and your customers’ personal information and credit card details could be hacked into, causing immeasurable damage.

Because Frontdesk Anywhere operates in numerous jurisdictions we're constantly monitoring legislative developments for the benefit of our hotel clients. Customers concerns tend to focus on the risk around credit card processing and as guests expect this as standard not offering the service isn't really the answer. 

How can you avoid these data protection concerns?

Reputable property management systems shoud have a credit card processing solution that allows you to collect payments, deposits or authorization securely. When you're reseraching your PMS or speaking with your provider make sure you enquire as to how they can keep your guests information safe. Frontdesk Anywhere takes compliance very seriously and goes to considerable effort and cost to meet and exceed the standards of compliance. We do this through using a method called “tokenization”.

What is Tokenization?

When applied to data security, tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has exploitable meaning or value. With our credit card processing system CVC numbers are never logged on the Frontdesk Anywhere hotel management system and are not available to hotels in accordance with PCI Data Security Standard. We have invested heavily in hardware and software to ensure security and monitoring and we have an annual external audit, part of which consists of hack attempts at our systems and monitoring how these attempts are dealt with automatically by our system.

Apart from chosing a secure system, what can you do?
  1. For starters, hotels or any business should not under any circumstances store CVC (card verification code) numbers. CVC numbers are personal numbers on credit cards and are similar to a personal signature. In the event of fraud arising, card details without CVC numbers are less useful to fraudsters.
  2. Access to machines which hold reservation information should be restricted and passwords       should not be shared between staff.
  3. Cardholder information should not be kept or transmitted in an unsecure manner. Where you      are sending or receiving cardholder information by fax or email, you need to ensure that the network used is secure and encrypted to protect the information. Standard email is not secure and shouldn’t be used for credit cards by anyone. The strongest risk in hotels is actually with credit card details on fax paper or printed emails being left lying around.
  4. Staff should be trained on the importance of protecting cardholder data.
What are the potential consequences of non compliance?

Non-compliant businesses can face

  1. fines from the credit card companies,
  2. brand damage,
  3. potential lawsuits,
  4. insurance claims,
  5. difficult business conditions,
  6. and a negative impact on customers.

In the case of the data breach suffered by the Radisson Group, they had to contact guests to ask them to check their account statements for unauthorized purchases - hardly good for your image. Wyndham Worldwide Group were recently charged by the Federal Trade Commission in the US for three separate data breaches which, it is claimed by the FTC, resulted in $10.6m lost to fraud.

How can Frontdesk Anywhere keep your hotel secure?

With our property management system you're able to charge guests credit cards with a single click right while you're in the guest reservation folio and have the funds automatically transfered to the property’s bank account, securely as we use tokenization. Integrated credit card processing provides a more natural, streamlined experience for both hotel staff and guests. Frontdesk Anywhere takes Data Protection and Consumer Protection compliance seriously and invests effort, time and money on compliance on behalf of our clients.

If you have any comments or questions please get in touch


 New Call-to-action