Credit card hackers are using the coronavirus pandemic as an opportunity to target more online transactions and, because hotel businesses have traditionally been a hot target for hackers, it’s never been more important to ensure your guest data remains safe.
According to Yahoo! Finance, attempted debit and credit fraud transactions rose 35% in April from a year earlier.
While the hotel industry has stepped up its efforts to make data security a top strategic goal over the last few years, is it doing enough? When was the last time your company audited its own practices to ensure compliance?
If you haven’t, consider the cost of not doing so. Hotels are contractually obliged to comply with PCI guidelines as per merchant agreements, but many are dropping the ball on the simplest of security components. Fines for breaches that result from non-compliance can be severe, ranging from $5,000 to $500,000. What’s more, banks and processors have been successfully filing for compensation from hotels after breaches.
How do you avoid that dreaded call from your bank? Here are three things that you can add to your PCI compliance strategy that hoteliers often overlook.
1. Verify that partners are PCI compliant
While PCI compliance encompasses many parts of a hotel, much of it is covered by the property management system and networking vendor. Check with your technology vendors to make sure the solutions you have running at your property are up to par. Blind trust isn’t a virtue here. If your vendors aren’t compliant, you could be the one holding the bill should a breach take place.
Understand the difference between PCI Compliance levels and work with partners who are at least Level 1 compliant, meaning they participate in yearly on-site reviews by an internal auditor and a required network scan by an approved scanning vendor.
2. Ensure credit card information is secure
How does your company acquire and store credit card authorization forms? If your hotel is still using paper or PDF versions for third-party authorizations, sales contracts and other forms, you are not PCI compliant and your company is at risk.
A secure, digital solution can bring you into compliance and help to manage that risk. Ease of use for your customers is another benefit of such a system. No longer will they need to fill out paper forms, sign, scan, and email or fax back to you. Then, you won’t need to find ways to store these paper files that are then left vulnerable for anyone to see. Ask yourself: What’s more secure — a binder filled with credit card numbers and personal information locked away in a filing cabinet, or a password-protected system that only certain employees have access to?
3. Implement password policies — and make sure employees follow them
Many vulnerabilities happen simply because employees set weak passwords — the reason cited for 63% of all breaches, according to Verizon’s Data Breach Investigations Report. To set your company up for success, you need to execute a strong policy that requires employees to change their passwords after a few months. Then, multi-factor authentication adds another layer of protection. This system requires more than one method of authentication to verify someone’s identity for login purposes. Those could include fingerprints, facial recognition, codes and the like.
Of course, rules are meaningless unless they are followed. As a leader, it’s your job to be certain that policies are being followed as written. Consider conducting an audit throughout the year to ensure all procedures are enforced. A little time now can save you a lot of money and heartache in the long run.
Failing to protect your hotel or business from fraud can lead to disastrous consequences, including losing loyal guests and revenue. In this blog posts, Canary's industry experts explain the most common types of fraud in the hotel industry — and how to avoid falling victim to them.Read More
Upselling should be an integral part of your hotel’s revenue management efforts. However, there is a big difference between simply understanding the need for upselling and putting the right upselling techniques into practice for your hotel and guests. In this blog post, Canary's experts walk through everything you need to know about upselling in hotels.Read More
Every hotelier wants to increase revenue, but it can be difficult to know where, or how, to get started. In this post, Canary's team provides 9 easy steps every hotelier can take to boost both bookings and revenue.Read More
Hotel revenue management refers to a property’s pricing strategies to sell perishable inventory. It is based on the behavioral economic concept of “willingness to pay”, which is the maximum price a consumer is willing to pay for something. Improving your hotel revenue management through the use of the right tools will help your hotel stay competitive and improve performance continually.Read More
Coming up with hotel improvement ideas is an important part of maintaining and increasing your hotel’s success. However, when you’re short on time, coming up with ideas isn’t always easy. And that's why Canary's team of industry experts has put together this list of helpful hotel improvement ideas for you to consider.Read More