The hospitality industry by its very name has always prided itself on taking good care of guests with even more consideration than they’d receive at home. As an hotelier, you go out of your way to make sure guests are comfortable and able to relax happily but there is one aspect of hospitality where hotels have always been a shining example: guest privacy.

There’s something undeniably admirable about how the concierge protects guests from unwanted attention, scammers, and wanna-be thieves. Hoteliers have always been proud of the privacy they provide their guests and, of course, you would never dream of handing a list of guest names and their payment information to anyone without an official court order.

Of course, the world has moved forward and there are many new forms of privacy and ways to violate it. In order to stay at the top of the hospitality game, you must be prepared to protect your guests’ personal information not just from in-person intrusions but from digital violation as well.

PCI-Compliance and Guest Privacy

PCI-compliance is really just a term for a very specific kind of guest privacy where you protect the credit card information processed by your hotel. Just as you would protect a guest’s wallet should you wind up in possession of it, PCI-compliance does the same thing only in the virtual world. Here’s how it works: When you scan a credit card, all the information a thief would need to start making fraudulent payments with that card is briefly read by the machine and processed into your computer. Hackers have been figuring out clever ways to steal credit card information from commercial venues for a long time.

By adhering to the PCI-DSS (Payment Card Industry – Data Security Standards), you can achieve top-notch digital security. This ensures that these malicious cyber-thieves don’t have access to your system and therefore cannot effectively ‘pick the pockets’ of your guests.

What PCI-Compliance Protects You From

Hackers can work in a variety of ways to gain access to information they shouldn’t have. However, their methods are limited by the equipment and protections already in place. One of the most common modern invasion tactics is malware which somehow infects the computer and company network, then lurks quietly on a computer either actively skimming or waiting for the right time to grab a stack of credit card numbers from your database and transmit them to the malware writer.

Another form involves a brief digital break-in where hackers specifically seek to create a security breach and/or force their way in so they can steal all the credit card information you have ‘on file’. Finally, there’s the most efficient method which usually involves either malware infection or the installation of a physical device known as a skimmer. This attacks the swiping device itself and collects the credit card information the moment it’s processed.

Modern Hotels Rely on Credit Cards 

Two receptionists at a reception desk, one taking credit card information
Credit cards are frequently used by travelers, and their information needs to be protected.

The credit card is one of the most freeing financial tools any traveler can have. The convenience of being able to pay for things without worry, avoid fumbling for cash, and even to ‘go over’ in an emergency are all vital. It is also incredibly convenient for hotels who use credit cards, ensuring that guests can check in quickly and efficiently and hold a number ‘on file’ as a security deposit for the rooms.

Unfortunately, credit card information breaches have been running rampant recently. In 2017 alone there have been multiple reports of credit card breaches and the Trump Hotels, in particular, reported that the information stolen not only included credit card numbers but guest names, addresses, phone numbers, and the expiration dates of the cards as well. In other words: everything you need to start stealing someone’s identity.

Allowing hackers to steal your guests’ credit card information is bad enough, but in the modern world, incautious digital security procedures can reveal even the information hotels have always specialized in keeping private.

How to Become PCI-Compliant

Hotels may be a centuries-old tradition of luxury, relaxation, and guest privacy but your digital infrastructure had better be on the cutting edge of data security. The good news is that you don’t have to be an IT genius to set up a PCI-compliant hotel, though you might want to hire one to maintain your system and help you keep an eye out for signs of tampering that could compromise your protections.

Building the Infrastructure

The first step is to build and maintain a secure network infrastructure. This means a strong firewall, regular virus scanning, malware detection, and network monitoring are a good place to start. On top of this infrastructure, add newly secured point of sale computers, each with its own firewall, along with PCI-approved PIN entry devices and validated payment software.

Encrypting and Storing the Guest Information

The moment the PIN entry/card swiping device reads the card, the information needs to be immediately encrypted and remain encrypted the entire time it is in the hotel’s possession. This means that even if a hacker does get ahold of the information, they can’t do anything because without your encryption key the data is gibberish. That said, do your best not to store any sensitive data locally. Consider cloud storage of encrypted guest data instead so that local malware can’t reach it.

Password Protection

There are several parts of good password security. First and foremost, never leave a default username and password in place. Hackers know these and many hacks are the results of default passwords. From your network routers to your payment software, build strong passwords and change them regularly. Three random words in a row are very strong and easy to remember like “spoonsweaterlake“.

Check for Hacking Attempts

Whether or not they’re successful, people will try to hack your point of service computers and PIN entry devices. After all, hotels process a lot of money. It’s important that you run malware detection regularly on the software and check your PIN entry units to ensure that no data skimming devices have been planted. If you find evidence, report it to the police like any other theft attempt and close any possibility of a data breach.

Preparing Your Staff for PCI-Compliance

While secured hotel computers and devices are key to keeping your customer’s credit card and other personal information safe, the actions, choices, and security protocol of your staff will also play a significant part in maintaining guest privacy. Make sure everyone on the team understands how important it is to protect any identifying information about guests and payment information in particular. They should understand the digital security procedures, how to run a malware scan and check for skimming devices, and how to ensure that guests don’t get a look at their screen if sensitive data is displayed. Everything else they should already be well-versed in as standard hotel privacy policy.

You protect access to guest rooms, you refuse to give out identifying information to people asking about guests, and you protect the safe where guests store their valuables. You have every reason to build on this solid reputation for respected guest privacy by ensuring that their credit card information is never at risk of being stolen or even peeked at. Your guests count on you to protect them and their information and with PCI-compliance, you can provide for their needs every single time. After all, taking care of guests is what you do best.

If you are interested in seeing just how a protel PMS solution can help your security, please reach out to us via our website!

VP Marketing & PR at protel hotelsoftware GmbH, Germany.

Jeremy heads protel hotelsoftware’s marketing department.
He regularly demands cool beers and internet access, as well as great ideas for shaping positive user experiences.

He firmly believes in the power of change!

Interesting? Please tell your friends...
Share on FacebookTweet about this on TwitterShare on LinkedIn