July 16 2014

Hotel Mobile PMS & Credit Card Security…What Now?

While I’m not the world’s leading expert at credit card security, my 4 years running sales & marketing for Merchant Link, one of the industry’s leading payment gateway, gave me some perspective. While Merchant Link’s traditional base of business was with integrated payments for restaurant Point-of-Sales (POS), I’m proud to have been part of the effort to move Merchant Link into integrated payments for hotel Property Management Systems (PMS), now one of their fastest growing markets. I was especially proud to be on the forefront of newer technologies created to keep customer credit card data secure, created to the combat data thieves who are constantly getting more creative in ways to reach into a hotel’s technology infrastructure and steal their guest’s credit card data. As most readers know, two technologies supported by the PCI Security Standards Council are point-to-point encryption (P2Pe) and tokenization, two technologies pioneered by Merchant Link. Both are also available from other fine gateway companies such as Elavon and Shift4, to name a few.

Now that Jos and I started our very own technology company, StayNTouch, we had to once again address keeping credit card data safe. StayNTouch delivers a cloud platform that plugs into your existing PMS bringing mobility to hotel staff and to hotel guests. Hotel staff now has mobile PMS access through a touch-optimized tablet experience. Hotel guests can now check in and out from their smart phones or tablets in a PMS integrated fashion. Both enable mobile credit card acceptance. So the question arises…how do you keep that credit card data secure when its flying through the airwaves, over WiFi or 3G/4G networks?? This is almost the very first question asked by any of our customers. I’m glad to say…we have a great answer! In the end, the StayNTouch answer returns to those two tried and true technologies, P2Pe and tokenization. If interested, the PCI Council made this clear when they stated “...P2PE is a key component to securing mobile payment transactions”. With both baked into the StayNTouch core offering, our customers have the best data security available.

The key is that whatever mobility solution you choose, make sure that credit card swipes are encrypted right within the magnetic stripe reader and transported out of your organization’s technology infrastructure encrypted. The other key thing to remember is to ensure that the decryption method is housed somewhere else…not as part of your organization’s infrastructure. Finally, when credit card data is returned to your ‘data castle’, make sure it is tokenized.

So, in the end, credit card acceptance via hotel mobile PMS can be just as safe, or even safer than traditional methods. Just make sure the technology partner you choose does the hard work to incorporate these very effective partnered technologies.

Tell me what you think!