Payment Trends

Order a reprint of this story
Close (X)

ORDER A REPRINT

To reprint an article or any part of an article from Hospitality Upgrade please email geneva@hospitalityupgrade.com. Fee is $250 per reprint. One-time reprint. Fee may be waived under certain circumstances.

SEND EMAIL

October 01, 2014
Credit Card | Security
Greg Burch

Security, especially as it pertains to payment acceptance, has become a hot button concern for the card-carrying public. Millions of consumers have already been personally affected by security breaches. What's worse, the estimated average cost per compromised account is more than $200. That's a lot of money gone.


Making sure cardholder data is handled securely should be the No. 1 priority of all operators, regardless of size or number of facilities. In fact, all merchants now face audits to ensure data is being handled securely. There are two separate but equally important practices for ensuring card data security:

1 Point-to-point (P2PE) data encryption, which ensures that sensitive cardholder information is protected throughout the transaction cycle, from the time of swipe through authorization and completion. End-to-end encryption ensures that data cannot be accessed or hacked, reducing your compliance scope at the same time it protects your guests against third-party fraud. With the recent evolution of PCI requirements, most PCI QSAs (Qualified Security Assessors) will not approve an enterprise implementation that does not secure cardholder data. Therefore, point-to-point encryption has quickly become a basic step in PCI-DSS compliance.

A routine step toward ensuring total PCI-DSS compliance is to ensure that all point-to-point encryption is implemented on PCI-PTS certified hardware.
 
2 EMV-compliant smartcard authentication at the point of sale, which uses an embedded “chip,” a small microprocessor, to validate that the payment card is original and genuine – that has not been cloned or duplicated. This chip actually protects against cloning by generating unique data with every use, unlike the magnetic stripe (MSR) cards most prevalent in the United States today, which use static, easily reproducible data.
 
Confused?  The evolution of PCI Standards as well as the introduction of EMV into the United States can cause some confusion about whether support for both are needed and where one initiative ends and the other begins.

Accessibility: Consumers expectations have already evolved
Your guests are more “connected” now than they have ever been. The number of smartphone users in the United States is projected to grow from 62.6 million users in 2010 to 220+ million users by 2018. Already, the number has grown to 163.9 million in 20141. On those smartphones, they carry a wealth of apps for navigating, buying, booking, communicating, exploring, social media sharing, payment, and more. They have no patience for waiting in line or following drawn-out procedures. Why, they ask, isn’t checking in as quick and easy as making an online reservation? Now more than ever, guests expect service where they are, when they’re ready. New technologies are expanding the point of service to enable the kind of streamlined, personalized experience your guests anticipate and appreciate.

For example, tablet-based devices can allow remote check-in, at the lobby door or hotel bar, on the airport shuttle, at the guestroom door. These devices also can program and generate RFID room keys, allowing guests to go directly to their room upon arrival and equipping staff to replace lost keys anywhere on property. 
Mobile payment technologies give guests the option to make secure electronic payment from virtually anywhere – on the golf course, poolside, at the spa, even at cash-bar events. The result is better customer service, often coupled with increased per-transaction spend.

Using new technologies such as Bluetooth Low Energy (BLE) and geo-location, guests can take advantage of their own “wireless personal area” to receive discounts, coupons and other personalized offers based on their current location and unique interests. These sophisticated systems also allow operators to extend the reach of their property management systems (PMS) and customer relationship management (CRM) systems to tablet- and smartphone-based devices, which allows the creation of highly customized guest services.

The good news is, these evolving solutions are all designed to be highly customer-centric, not only to speed and secure transactions but also to enhance the overall guest experience. This high-tech, high-touch approach enables seamless transactions regardless of location, personalized service, and a consistent presentation of a strong brand image. The challenge is that upgrading legacy systems can be time consuming and expensive.

All in all, these new technologies offer huge improvements for hospitality providers and guests and present big obstacles to fraudsters and hackers. So ask yourself, why not embrace the change?

Greg Burch is vice president of Mobility, Business Development & ISV Relationships at Ingenico, a leading provider of secure and innovative payment solutions with point-of-sale (POS) products and offerings used by one-third of the global population.

©2014 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com.

 

Takeaways

1 New security protocols are coming. By the end of 2015, U.S. lenders will issue more than 575 million new chip credit and debit cards. It’s vital that hospitality providers are EMV-ready and PCI-compliant.
2 These protocols and technologies are proven effective. EMV security protocols have been standard in much of the world for more than a decade and have dramatically decreased the incidence of fraud in those countries. P2P encyption is a validated means of data protection when implemented correctly and, while it is currently optional for merchants, it will likely become a requirement in the near future.
3 This offers a great opportunity to engage with savvy consumers and enhance your brand. Not only does successful implementation of new protocols protect your brand from risk and embarrassment, they offer innovative insights on upgrading and customizing your guest service and outreach.
4 The most successful projects are developed and implemented incrementally. Security and payment technologies will continue to evolve – there’s no such thing as “one-and-done” solutions. Incremental implementation allows you to test and adjust for maximum usability, adapt as new technologies become available, and conduct ongoing systematic training for staff and users. Make sure your systems-provider contracts address procedures for future upgrades.
5 You need designated payments technology experts on staff. IT is an important part of any business operation, with complex requirements and evolving standards. A strong technical staff is vital for hospitality providers to remain in compliance, to guarantee interoperability of systems, and to optimize returns on your technology investment.

 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.