Blog category: bookassist

​Why You Seriously Need PCI-Compliant Partners

By Des O'Mahony | On Wed, September 18, 2013

Don’t Risk It

If you operate your hotel without the necessary measures to protect your business and your customers from a hack or data breach, you are exposing your business and customers to risk. If you use online partners who are not fully compliant with the Payment Card Industry’s standards, then you are the one who will ultimately suffer. Without the proper controls your confidential information and your customers’ personal information and credit card details could be hacked into, causing immeasurable damage.

You need to protect your reputation by making sure that your most valuable asset - your customer - and their data is managed well. PCI Digital Security Standards (DSS) compliance gives you the peace of mind that your suppliers know what they are doing.

Bookassist operates across many countries and constantly monitors international legislative developments for the benefit of our hotel clients.

  • Bookassist is PCI DSS compliant, was one of the first in the online bookings business to be compliant, as has retained compliance for many years.

  • Bookassist is a registered VISA Merchant for PCI purposes - just search for Bookassist on this link: https://www.visamerchantagentslist.com/

Before you engage with an online provider, search for their status on https://www.visamerchantagentslist.com/ and request their PCI-DSS compliance statement.

What is PCI DSS?

Payment Card Industry Data Security Standards (PCI DSS) are technical and operational standards that were created by the major credit cards companies (Visa, Mastercard, American Express) in 2004, and have been upgraded continually since. The standards apply to all organisations who store, transmit or process cardholder data. PCI DSS is an industry standard and is not actually a legal requirement in Ireland and many other countries.

The aim of PCI DSS is to set standards that assist in the prevention of fraud. Being PCI DSS compliant does not mean that you won’t have a data breach but it does mean that in the event of a data breach arising, the credit card companies will support you.

What you can / cannot do?

For starters, hotels or any business should not under any circumstances store CVC (card verification code) numbers (also known as CVV or CVV2). CVC numbers are personal numbers on credit cards and are similar to a personal signature. In the event of fraud arising, card details without CVC numbers are less useful to fraudsters.

  • Access to machines that hold reservation information should be restricted and passwords should never be shared between staff.

  • Cardholder information should not be kept or transmitted in an unsecure manner. Where you are sending or receiving cardholder information by fax or email, you need to ensure that the network used is secure and encrypted to protect the information. Standard email is never secure and should never be used for credit cards by anyone. The strongest risk in hotels is actually with credit card details on fax paper or printed emails left lying around.

  • Staff should be trained on the importance of protecting cardholder data.

Consequences of non-compliance

Non-compliant businesses can face fines from the credit card companies, brand damage, potential lawsuits, insurance claims, difficult business conditions and a negative impact on customers. In the case of the data breach suffered by the Radisson Group in recent years, they had to contact guests to ask them to check their account statements for unauthorized purchases - hardly good for your image. Wyndham Worldwide Group were recently charged by the Federal Trade Commission in the US for three separate data breaches which, it is claimed by the FTC, resulted in $10.6m lost to fraud.

How Bookassist complies with PCI DSS

Bookassist takes compliance with PCI DSS seriously and we go to considerable effort and cost to achieve the standards of compliance. All hotel clients of the Bookassist system must sign up to the PCI DSS standards, all access to our system is logged and access to the system is password protected (and passwords need to be re-set every 90 days). CVC numbers are never logged on the Bookassist system and are not available to hotels in accordance with PCI DSS. Customer cardholder data can only be viewed for up to one month following the customer’s departure date. After that date, the information is automatically deleted from the Bookassist system and cannot be retrieved.

In addition to this, Bookassist have a dedicated Security Officer with responsibility for all PCI DSS compliance and security issues, a full incident response team and response plan in the event of any issues arising and staff on call 24/7/365. We have invested heavily in hardware and software to ensure security and monitoring and we have an annual external audit, part of which consists of hack attempts at our systems and monitoring how these attempts are dealt with automatically by our system.

At Bookassist we feel that the investment we have made in PCI DSS compliance is important for us - and for our hotel clients.

Dr Des O’Mahony is CEO and founder at Bookassist (bookassist.org), the award-winning technology and online strategy partner for hotels worldwide.

Labels: security, pci, bookassist

Share this post on:

  • Google+
  • Digg
  • Del.icio.us
  • LinkedIn

3 Great Reasons to Choose Bookassist

By Claire Sawier | On Tue, October 22, 2013

Here are 3 great reasons why we think you should choose Bookassist for your hotel’s online needs:

Our booking technology is better than ever!

Our Booking Engine has continuous major upgrades making it more flexible, more responsive, with higher conversion and strong new features:

  • New modern interface with advanced CSS, highly adaptable to your hotel’s website
  • Dynamic Pricing capabilities to offer automatic packaging, discounts and specials with prices recalculated on-the-fly
  • Meal Plans to offer breakfasts, dinners as add-ons depending on occupants and ages
  • This year we launched our new Distribution Manager, a game-changer for the industry. We are different from other channel manager companies in one very important way, we actually help hotels to find the sale with the best margin

Our technology continues to beat the industry

We always strive to deliver above the industry norm

  • Our team are Google Adwords certified AND Google Analytics qualified.
  • We are not only PCI compliant but we are registered Visa merchants. We take your business very seriously and work very hard to protect it.
  • We don’t just advise on direct business, we also integrate with Meta Search providers to automatically manage hotels information straight from the booking engine admin system delivering more direct business and higher margins for our hotels.
  • We don’t just bring you local expertise we bring you global expertise. Our international market intelligence helps us to make our booking technology and our online strategy advice second to none.

Bookassist - for those who won’t settle for second best.

Labels: strategy, booking engine, bookassist, awards

Share this post on:

  • Google+
  • Digg
  • Del.icio.us
  • LinkedIn

bookassist - technology & online strategy for hotels

Address: 1st Floor South Block, Rockfield Central, Dublin D16 R6V0, Ireland
Phone: +353 1 676 2913 Fax: +353 1 676 2916
Email:
Web: https://bookassist.org/en