Why Your Hotel Management Software Needs To Be PCI-DSS Compliant (Achtung: German Language Link)
Along with the positive digitalisation of our world, comes the down-side too: viruses, trojans and other malware are also now firmly a part of the new working day. In a guest post on our blog (this link leads you to a German-language post), SiteMinder Asia’s Managing Director, Glenn Andrews, recently pointed out that we have all seen the headlines talking about the latest attacks on some pretty big companies, where the end-customer could easily get the feeling that their private data was not being protected adequately enough, like recently in the banking sector in Australia, for example. A big name brand is just as susceptible as the smaller player: the attackers know exactly how to leverage the weak points very effectively. However, there are indeed steps that anyone can take, in order to protect sensitive digital data.
Hoteliers should definitely defend their guests’ data from hackers. In Glenn Andrews’ experience however, few individual hotels are really concerned with data protection, until it is too late. Usually, the hacker attack has to happen first, before the necessary awareness for cyber criminality can be developed. However, the best thing is not to wait that long, but to positively pre-empt such an attack, way before it is staged. It’s worth remembering that on top of all the guest complaints, there’s also the negative PR and possible compensation claims to deal with – and these factors alone could easily ruin many hotel businesses for good.
It really pays to check that any software being deployed in the hotel to handle payments, bookings and guest records – especially where credit card details are concerned – has been PCI-DSS approved, and carries a valid certificate.
So what exactly is PCI-DSS-Compliance?
PCI-DSS stands for “Payment Card Industry Data Security Standards” and is a globally defined safety standard for electronic payment processing, designed to thwart fraudulent transactions at every level. SiteMinder and protel are both PCI-DSS approved, meaning that both systems can be deployed within a hotel as part of the hotel’s PCI conformity, meaning that guests credit card details can be handled safely, exactly as intended and specified by the Credit Card Industry. In addition to the safe scrambling of the credit card transaction data itself, the companies’ staff have also been screened and trained in data protection and security related matters as well.
If a hotel is on the look-out for new technologies to help with its everyday operational efficiency, it’s a good idea to check the validity of the PCI-DSS certificate, like this one:
In much the same way that a car must continually re-submit for a valid MOT document (UK) to show that it is technically fit for purpose, PCI also demands regular re-submission, to take the latest technical developments and threats into account. Looking at the above picture, it is clear to see when the last inspection took place, and what the outcome was. The status “compliant” proves beyond doubt, that at every stage of the process concerned with the secure transfer of the guests’ credit card data, the highest level of security is guaranteed.
If you know of a hotel who should be addressing their cyber-security issues, you could do a lot worse than directing them to this post!
Feel free to leave a comment below.
VP Marketing & PR at protel hotelsoftware GmbH, Germany.
Jeremy heads protel hotelsoftware’s marketing department.
He regularly demands cool beers and internet access, as well as great ideas for shaping positive user experiences.
He firmly believes in the power of change!