Hotel Credit Card Security
HTNG is helping the hotel industry battle the credit card thieves on several fronts. This page provides details on data security specifications, best practices, and some of our workgroup efforts to address the problem.
HTNG's Efforts to Improve Hotel Data Security
Available Now - HTNG Secure Payments Framework for Hospitality
HTNG's Secure Payments Framework document is now available! This plan was devised by data security leaders from many of the world's leading hotel chains and it outlines how hotel companies of any size can configure their payment systems to eliminate the need for guest credit card data to ever be processed, stored or transmitted from hotel applications. This document was announced on February 27, 2013 at HTNG's North American Conference.
Due to the extreme need within hospitality for an effective solution to the challenges of securing payment systems, HTNG is making the document available to anyone in the industry who can benefit from its solutions.
You can read more about the framework's genesis and download the full framework document http://www.htng.org/secure-payments-framework.
Available Now - Certifiable Specifications
Our Payment Systems & Data Security Workgroup has created solutions to help protect guest credit card data.
The Payment Processing Specification describes the messages that enable hotel systems, such as Point-of-Sale and Property Management, to process lodging industry payment card transactions with payment gateways or acquiring banks.
The Data Proxy Specification defines messages that allow sensitive cardholder information to be stored offsite and replaced by substitute numbers that are worthless to others, thus reducing or eliminating PCI compliance requirements for local PMS, Point of Sale and other systems. It can be used independently or in conjunction with the Payments Processing Specification.
Hosted Payment Capture Systems Workgroup designed solutions and standards for hosted capturing and processing of credit-card information, with secure application of the payment information back to hotelier systems. The Hosted Payments Capture System specification was completed in May of 2012 and is available for anyone to use.
Understanding the Scope of the Issue
Verizon Business recently reported that 40% of data breaches that it investigated in 2010 were in hotels. For detailed information about the nature of the breaches, we suggest you review these reports:Verizon Business Report 2011
Trustwave SpiderLabs Global Security Report 2011 (2013 version is also available, but requires viewer data)
Joint Press Release Informs Hoteliers About Action Needed to Secure Their Hotel's Data
On March 15, 2011, HTNG joined with two other major hotel industry associations--the American Hotel & Lodging Association (AH&LA) and Hospitality Financial and Technology Professionals (HFTP) to issue a joint statement to hotels regarding actions they need to take immediately to thwart organized cyber crime attacks on guest credit card data. Read the press release.