In March, Merchant Link held its first Lodging Focus Group Summit. There were 14 large and mid-sized hotel brands represented, with the goal to bring together hospitality professionals to better understand what they knew about payment security, what they were concerned about in payment security and what things will be coming that they should begin preparing for with regards to payment security. It was discovered that e-commerce and the recent reported credit card breaches were two hot topics, followed closely by integrations to alternative third-party vendor interfaces.  

   With regards to e-commerce, hoteliers are working harder and harder to drive loyalty and in-house Web booking versus their third-party ADS/IDS options. It is necessary to have a successful and profitable online booking engine including the security of sensitive data; credit cards more specifically. There are a variety of ways to secure credit cards over the Internet, hoping is not one of them. Often hoteliers are misled by their Web developers to thinking that their site is secure simply because they have SSL, not true. By incorporating tokenization and hosted payment forms and/or pages into your website you will increase the security of your site exponentially. Hackers are becoming smarter every day and often see websites simply as challenges, then reap the benefits of thousands of identities and sensitive information by selling it. During the Summit, discussions led to the importance of securing not only your data at rest (tokenization for stored data) but also about securing your data in flight (P2PE –for data in transition). What we thought would be a heavily pursued topic at the Lodging Summit - EMV (Euro, Mastercard, Visa) initiative, really was not the driving factor for the hoteliers to attend.

   The breach felt by big box retailers shook the retail industry while it only slightly rocked hospitality. Hoteliers are now realizing that if a breach hit the industry with any strength, they would suffer significant loss – and as the industry is just starting to truly show signs of recovery, no brand wants to face down this devil. According to the New York Times, Target experienced a more than 40 percent revenue drop in the fourth quarter attributed directly to the breach. Can you imagine if hoteliers had to face that level of loss again, so soon after recovery finally seems to be taking hold?

   EMV would not have addressed the breach that Target, Michaels, Neiman Marcus and other big box stores experienced; even though that’s what you keep hearing in the news. P2PE would have halted the scam. It’s important that hoteliers do their research and homework – and take the sound bites from the news as just that – sound bites.  EMV has received a great deal of press and we believe that it is coming to the United States, just not as impactful as the hype is generating. EMV is fraud prevention– it would not have secured or protected the data that was being routed to the hacker’s storage. P2PE would have rendered the data unusable by encrypting it right at the swipe – so while they still would have received data, they would not have had the keys to unlock it. 
 
   Bottom line is, be vigilant in your pursuit of security. Make the time and investment necessary to research the right tools to protect your property(s) and your hotel. What would a breach like the one in retail do to your brand?