What if your Booking Engine was hacked?
By Editor | On Mon, November 18, 2013
Cybercrime - It could happen to you!
Cybercrime is a reality and no company is completely immune. But you can and must take steps to protect your hotel and your customers from a security breach. With the rise of online payments and the increasing technical ability of cyber criminals, your data needs to be much better protected or you risk destroying your business. The highly-publicised recent data breach at Loyaltybuild, estimated to be the largest data breach in Europe within the last three years, emphasises the importance of taking action to ensure the protection of your business and your hotel brand against such a data breach. Loyaltybuild operates reward schemes for companies across Europe, including well known brands in the Irish market such as SuperValu, Axa, StenaLine and Electric Ireland. In October 2013, personal and credit card data processed by Loyaltybuild on behalf of a number of companies was compromised and a number of investigations are ongoing into the matter by the Data Protection Commissioner in Ireland and the Garda Bureau of Fraud Investigation. Breaches of this nature have the potential to have major implications for all companies and brands to whom Loyaltybuild provided services. Given the serious damage a data breach of your booking engine data could do to your business, we have compiled the following FAQ to help you put in place the best protection for your hotel.
1. I don’t need to worry because our booking engine provider processes bookings for us, so it’s their problem if there is a data breach, right?
Whilst a data breach would cause serious problems for your booking engine provider it would also have a huge negative impact on your hotel brand. Just as brands associated with Loyaltybuild are currently suffering from a crisis of customer confidence, you would be similarly affected through association with your booking engine provider. You need to protect your reputation by making sure that your most valuable asset - your customer - and their data is fully protected whether you or your suppliers are handling that data.
2. What can our hotel do to reduce the risk of a data breach of our booking engine?
First and foremost, you must ensure that the provider you work with is PCI DSS compliant. PCI DSS (Payment Card Industry Data Security Standard) compliance gives you the peace of mind that your suppliers know what they are doing and that your customers’ data is being stored securely by that third party in accordance with certified best practice.
3. What is PCI DSS?
The aim of PCI DSS (Payment Card Industry Data Security Standards) is to set standards that assist in the prevention of fraud. Being PCI DSS compliant does not mean that you won’t have a data breach but it does mean that in the event of a data breach arising, the credit card companies will support you. Working with PCI DSS compliant suppliers is like having an insurance policy that helps you when things go wrong.
4. How do I find out if my current booking engine provider is PCI DSS compliant?
Simply ask them for their PCI DSS statement of compliance.
5. My booking engine provider does not have a certificate of PCI DSS compliance so what effect would it have on my hotel if they experienced a data breach?
There would be serious implications for your provider as they would be offered little protection from the credit card companies for failing to comply to acceptable standards. Your hotel brand would experience significant damage as irate and unhappy customers, who had placed their trust in your brand express their anger. It is your responsibility to exercise due diligence to ensure that the partners you work with protect you and your customers. There may also be implications for your costs in processing credit cards with the main providers, or hefty fines from them, that could compromise your ability to do business.
Your single most important asset is your customer. You need to ensure that your hotel and the third parties that you contract with protect your customer’s data to the highest level. You can reduce the risk to your hotel by ensuring that your Booking Engine Provider provides you with evidence of PCI DSS compliance and adheres to the standards.
About Bookassist and PCI DSS
Bookassist, the World’s Leading Booking Engine Technology Provider, is certified PCI DSS compliant and was one of the first booking engine providers to adopt the standards. Bookassist has been compliant for over six years and continually invests in ensuring the highest standards of security. Bookassist can provide their certification on request, and we are listed on the certified Visa Merchant List https://www.visamerchantagentslist.com/