Workgroup Wiki | Join | Contact | Member Services | Sitemap
Resources Menu
Home Credit Card Security

Hotel Credit Card Security

HTNG is helping the hotel industry battle the credit card thieves on several fronts.  This page provides details on data security specifications, best practices, and some of our workgroup efforts to address the problem.

 

HTNG's Efforts to Improve Hotel Data Security

New Workgroup Efforts

On September 27, 2011, HTNG announced the Secure Payments Framework Workgroup, an effort designed by security executives representing, initially, 16 major hotel groups.  Its objective is do design a security framework for credit card data in hospitality, that will provide end-to-end security regardless of the number of systems or companies involved in a transaction.  The group will document this framework in a white paper that will serve as a guide to vendors and as blueprint for development and refinement of standards. See the press release.

The Hosted Payment Capture Systems Workgroup, which was chartered in July 2011, will address the exchange of data necessary for a complex hotel organization with multiple payment gateways and processors to migrate to a hosted payment processing environment--reducing PCI scope of systems such as PMS and POS.

If you think you might have something to add to either of these efforts, fill out our Participate in a Workgroup form to register your interest and become updated on meeting information.  The Secure Payments Framework Workgroup is currently open to hoteliers only but is expected to be opened to participation by vendors and service providers after the completion of the initial framework white paper.

 

HTNG members can also monitor the progress of these and any HTNG workgroups by submitting the Monitor Progress form.

Available Now - Certifiable Specifications

Our Payments and Data Security Workgroup has created solutions to help protect guest credit card data.

The Payments Processing Specification describes the messages that enable hotel systems, such as Point-of-Sale and Property Management, to process lodging industry payment card transactions with payment gateways or acquiring banks.

The Data Proxy Specification defines messages that allow sensitive cardholder information to be stored offsite and replaced by substitute numbers that are worthless to others, thus reducing or eliminating PCI compliance requirements for local PMS, Point of Sale and other systems.  It can be used independently or in conjunction with the Payments Processing Specification.

 

 

 

 
Understanding the Scope of the Issue

Verizon Business recently reported that 40% of data breaches that it investigated in 2010 were in hotels.  For detailed information about the nature of the breaches, we suggest you review these reports:

Verizon Business Report 2011
Trustwave SpiderLabs Global Security Report 2011

 

 

Joint Press Release Informs Hoteliers About Action Needed to Secure Their Hotel's Data

On March 15, 2011, HTNG joined with two other major hotel industry associations--the American Hotel & Lodging Association (AH&LA) and Hospitality Financial and Technology Professionals (HFTP) to issue a joint statement to hotels regarding actions they need to take immediately to thwart organized cyber crime attacks on guest credit card data.  Read the press release.

 
©  2002 - 2012 Hotel Technology Next Generation Careers | Legal | Contact