Credit Card Security: Update on Securing Payments/Cardholder Data

By Bob Carr Chairman & CEO, Heartland Payment Systems | October 17, 2010

As hotels become increasingly popular targets for cybercriminals, protecting cardholder data is more critical now than ever for you and your guests alike. In just a few brief seconds - from the time a guest swipes a credit or debit card to pay for a stay or a purchase until the transaction is complete- sensitive cardholder data can be vulnerable. If your hotel's system is breached, you could pay steep fines and face legal issues, business recovery and the rebuilding of customer confidence - as well as the possibility of going out of business. Payment Card Industry (PCI) compliance is important to ensure your hotel has certain security safeguards in place, but it may not be enough to prevent intrusions.

With that in mind, many payments processors and security/ technology providers have developed a wide array of "solutions" as an answer to these requirements and the overall threats to cardholder data security. End-to-end encryption has emerged as the forerunner in the payments industry, offering protection from card swipe to and through a processing network.

End-to-End Encryption

Encryption scrambles cardholder data so it cannot be read. True end-to-end encryption safeguards cardholder information from the moment a card is swiped or hand-keyed, to and through a processor's network - not just at certain points of the transaction flow - rendering it useless in the event of a compromise. It is important to make card data indiscernible as it enters the payment cycle so if firewalls are weak, the enemy gains nothing of commercial value.

Because this encryption model assists in protecting data before it enters your payment system, it reduces the cost of PCI compliance and the risks of being non-compliant. An end-to-end solution should include four zones of the card processing ecosystem:

  1. From data entry/card read at your hotel to the payments processor's
    authorized network;
  2. From entry to that network and throughout the entire
    processor/sub-contractor network where data is in motion;
  3. While the data resides in a central processing unit (CPU) or a host security
    module (HSM). An HSM is a specialized server that locks down information;
  4. In storage where data is at rest.

Keep in mind that not all encryption is end-to-end. Some solutions only encrypt the data between each zone when the data is in transit, leaving the information in the clear at other points. Any encryption solution that does not start at the card swipe or key entry and include all of these four zones is not end-to-end; it is "point-to-point."

Choose a Social Network!

The social network you are looking for is not available.


Hotel Newswire Headlines Feed  

Brenda Fields
Vanessa Horwell
Mary Gendron
Paolo Boni
Josiah MacKenzie
Lonnie Giamela
Miranda Kitterlin, Ph.D.
Nina Curtis
Kelly McGuire
Derek White
Coming up in May 2019...

Eco-Friendly Practices: Corporate Social Responsibility

The hotel industry has undertaken a long-term effort to build more responsible and socially conscious businesses. What began with small efforts to reduce waste - such as paperless checkouts and refillable soap dispensers - has evolved into an international movement toward implementing sustainable development practices. In addition to establishing themselves as good corporate citizens, adopting eco-friendly practices is sound business for hotels. According to a recent report from Deloitte, 95% of business travelers believe the hotel industry should be undertaking “green” initiatives, and Millennials are twice as likely to support brands with strong management of environmental and social issues. Given these conclusions, hotels are continuing to innovate in the areas of environmental sustainability. For example, one leading hotel chain has designed special elevators that collect kinetic energy from the moving lift and in the process, they have reduced their energy consumption by 50%  over conventional elevators. Also, they installed an advanced air conditioning system which employs a magnetic mechanical system that makes them more energy efficient. Other hotels are installing Intelligent Building Systems which monitor and control temperatures in rooms, common areas and swimming pools, as well as ventilation and cold water systems. Some hotels are installing Electric Vehicle charging stations, planting rooftop gardens, implementing stringent recycling programs, and insisting on the use of biodegradable materials. Another trend is the creation of Green Teams within a hotel's operation that are tasked to implement earth-friendly practices and manage budgets for green projects. Some hotels have even gone so far as to curtail or eliminate room service, believing that keeping the kitchen open 24/7 isn't terribly sustainable. The May issue of the Hotel Business Review will document what some hotels are doing to integrate sustainable practices into their operations and how they are benefiting from them.