Hotel Data Security
An introduction to PCI and GDPR, and the importance of compliance.
Thank Hospitality that we live in a time where most booking channels and hotel management software can be integrated and managed from one single point. That being said, this makes it easy to forget on how many different places your guests' data actually is retrieved and stored. The increase in online distribution channels that provide and contain personal data to hotels, makes hotel data security a more important topic than ever.
Guest data does not only apply to credit card details (PCI - Payment Card Industry Data Security Standard) but also all other personal data like names, addresses, travel details and profile information (GDPR - General Data Protection Regulations). Considering your property is linked to multiple sources that handle guest data like (online) travel agencies, Channel Manager and PMS and/or CRS, this is something you need to be especially aware of. Because of this clustered data of personal information, the hospitality industry is vulnerable to attack.
Trustwave published a 2016 article that shows that the hospitality sector had the second largest share of data incidents by industry at 14%. Not only booking channels and online distribution providers can be held accountable for this increase, also internal facilities like the hotels WIFI network are risk factors that distribute many guest and hotel data.
Because of these increasing risks, distribution vendors need to uphold strict security regulations. It is not only your job to find the right vendor based on their unique offer and fit with your hotel, but also if they are PCI and GDPR compliant. Your guests also expect that you are following the same security rules. They might not be acquainted with terms like PCI and/or GDPR, but they are aware of hacking risks and are not always willing to provide all their personal information. As such, hotels have a heightened responsibility to protect this information at all costs. So this means that your hotel needs to safeguard digital data, meaning adhering to strict guidelines.
What are the consequences of not meeting the security standards?
Imagine a data security breach at your hotel that puts guest info and credit card details out in the open. Other than high financial charges, the hotel suffers huge losses on brand reputation. Especially if you are connected to franchise chain, the consequences could be severe. If you accept credit card payments, you are legally obliged to comply with PCI. If you fail to meet these obligations you can lose your right to accept credit card payments. The results of this are self-explanatory in today’s online payment landscape.
Ok, how do I check if my hotel is PCI and GDPR compliant?
Payment Card Industry Data Security Standard (PCI-DSS) is an international security regulation that is developed in cooperation with credit card companies. To ensure credit card data remains as secure as possible, the PCI Data Security Standard (PCI-DSS) offers a guideline with 12 central security areas. It consists of steps that mirror security best practices.
With a few steps, you can check if you meet the requirements of PCI-DSS compliance. We do suggest to get in touch with a specialized office in helping you with your hotel security.
From 25 may 2018 GDPR (General Data Protection Regulations) will be implemented in the European Union. This regulation was adopted on 27 April 2016 to extend and strengthen the rights of all EU citizens and residents concerning the collection, storing and processing of their personal data by companies and organizations. Personal data included an extensive list of details like a person's name, passport number, bank account number, email address, IP address etc.
With a few steps, you can check if you meet the requirements of GDPR compliance. We do suggest to get in touch with a specialized office in helping you with your hotel security.
Other useful links:
SmartHOTEL specializes in Oracle integrations with the main focus on integrated distribution solutions to Oracle Hospitality Distribution Cloud Services, OPERA and Suite8 systems and is the technology provider behind Oracle’s Channel Manager. Our knowledge of support, consultancy and technology meet the highest expectations of the hospitality market. For any questions regarding our solutions or anything else, feel free to contact us on +31 (0)182 75 11 18, or mail to firstname.lastname@example.org