Hotel Distribution
Hotel Marketing @en
Management @en

Are hotels ready to protect client data?


25 October 2016 at 12:59, by

seguridad-onlineWe live in a world where electronic commerce has become THE way to make purchases for most users, and information is more valuable, and delicate, then ever. The PCI-DSS protocol –most hoteliers will have heard of this at some stage- protects the safety of client’s data when they make their payments using the hotel’s electronic facilities, like for example, their website.

Large chains, such as Hyatt, Hilton and Marriot have recently suffered infiltrations in their safety systems that affected the data of hundreds of clients. No matter the size of the hotel, data protection is essential nowadays to ensure client trust. One leak in safety can lead to large fines and a loss in consumer trust and their subsequent future loyalty.

The standard developed by the PCI Security Standards Council, and created by the main credit card companies, looks out for the safety of data related to said cards, whether in physical POS or online payment gateways. Unfortunately, no system is 100% fool proof, the certificate does not guarantee that information theft will not occur, but in the near future, banks will require this from hotels of any size..

Is it mandatory for hotels to be up to date?

The law does not demand hotels meet with PCI DSS validation, but it will be essential for them to do so soon, to carry on correct operations. Until now, the requirement to meet this regulation only affected hotel providers (booking engines, PMS producers, channel managers, etc.) But soon banks will demand that hotels keep up to date with the regulation too, and no bank will work with a hotel that does not comply. They will also demand that hotels always work with external providers that scrupulously meet the standard.

What must hotels do to obtain the certificate?

It is very laborious and expensive to obtain and keep the PCI DSS certificate up to date. Both in the management, that involves scanning the whole infrastructure to correct possible vulnerabilities or overhauling all the security policies, and in the process, making it absolutely essential to use a qualified certification company. It is important to highlight that it is a recurring process that must be renewed yearly to guarantee the safe environment that is required. In any case, the hotel will need to put aside a significant investment, one from which there is no real financial benefit.

What does the PCI DSS validation require from hotels?

You can download the complete manual regarding procedures and requirements to adapt your hotel to the regulation here, but in brief, there are twelve elements:

1) Install and maintain a safe configuration of the firewall.

2) Avoid using default parameters.

3) Guarantee protection of the stored data.

4) Encode card data through public open networks.

5) Constantly update all antiviruses.

6) Develop and maintain secure applications and systems.

7) Restrict client access to certain data.

8) Assign a unique ID to each client.

9) Limit physical access to data.

10) Trace and monitor all data.

11) Constantly evaluate system security.

12) Opt for a solid security policy; from staff data to client data.

Generally, adapting to the PCI DSS standard does not just imply an investment of time and money, it also makes hotel management more complicated in certain aspects.

To start with, any hotel employee who has access to client data must have a unique user profile, so any use of said data can be monitored and any procedural errors traced. In many cases it will be important to enable separated areas for the logistics that manage user data, starting with the fax machine, and install surveillance cameras in said areas as well as controlling entrances and exits.

And of course, when it comes to hotel staff, it will be necessary to plan a series of training for all those who come into contract with client data. This training must be continual as the validation has to be renewed yearly.

How should hotels treat client’s card data?

Apart from extremely strict protection when it comes to storage and transporting the data, the regulations only allow storage of the full card number, name of the cardholder and expiry date. Storing any card security codes is forbidden, as is storing the full number in any non-approved system. The card data must be encrypted with robust encryption algorithms, and can only be stored during the set time, when deleted this must also be done securely.

Benefits of having the PCI DSS certification

It may seem that obtaining the PCI DSS certification is a very complicated and expensive process, and to be fair it is, but once set into motion, every year it will be a little easier to renew, bearing in mind that the regulation does evolve and there may be new requirements in the future. In any case, activating this procedure will soon not be an option, but an obligation all hotels must meet. So it’s best to start as soon as possible.

Apart from this, the hotel must see this effort as a way of standing out and showing better service to their clients, mainly because of the following four points:

1) Client card data protection.

2) Maintaining client trust because of the higher level of data security.

3) Protection of brand reputation.

4) Decrease in possible financial and image loss derived from security breaches.


For the sixth year running, Idiso has passed the Payment Card Industry Data Security Standard, and on the 27th of June received the Attestation of Compliance for storage of credit card data when managing bookings and customer care. At Idiso we know that for any business to excel, the security of its client’s data is essential.



Idiso is much more than a technological service provider. Our mission is to provide real value to our clients. We want to become THE GLOBAL HOTEL SALES PARTNER, helping hoteliers sell more and better thanks to our 360º distribution and marketing solutions.

13 comentarios 

  1. HaroquagDush 23 September 2017 - 19:39

    Vardenafil 20 Ml cialis Quick Med Online Pharmacy Propecia Vorher Nachher Bilder Buy Diflucan 150 Mg

  2. HaroquagDush 27 September 2017 - 1:10

    Who Can Prescribe Dostinex Viagra Rezeptfrei Ausland Buy Xenical Online New Zealand cialis How To Buy Fucidin Cream

  3. HaroquagDush 30 September 2017 - 17:50

    Does Alcohol Interact With Amoxicillin cialis Canada Pharmacy Mebendazole Tadalafil 20 Mg Without Prescription

  4. HaroquagDush 1 October 2017 - 17:56

    Levitra Es Mejor Que Viagra online pharmacy Viagra Soft Tabs Erfahrung United Pharmacies Propecia

  5. HaroquagDush 4 October 2017 - 9:25

    That kind of tries to tackle a problem of repeat borrowing and longterm borrowing but thats a symptom Bourke said. online loans a Be a US citizen.

  6. HaroquagDush 5 October 2017 - 0:54

    How Long Does It Take Zithromax To Start Working Levitra In Biologia Cheap Bactrim No Rx levitra discount Dostinex Where Can I Buy A Z Pack Online

  7. RonOranuami 5 October 2017 - 12:40

    Viagra Prix Ligne Conseil Acheter Cialis online pharmacy Clobetasol 30g Eczema Wolverhampton

  8. HaroquagDush 6 October 2017 - 15:04

    Jelly Kamagra Disfuncion Erectil Amoxicillin And Chlamydia viagra Levitra Bayer 20 Mg Propecia Dizionario Viagra Posologie Vidal

  9. HaroquagDush 7 October 2017 - 5:40

    Purchasing Fedex Shipping Clobetasol Omaha Propecia How Much Does It Cost viagra Mail Order Levaquin 500mg Cod Only

  10. HaroquagDush 7 October 2017 - 6:01

    Cortef Without A Prescription Viagra Pressione Alta Cephalexin Cause Throat To Swell viagra prescription Georgia Vermox 100 Mg Viagra 50 Ans Cialis Erstattung Krankenkasse

  11. HaroquagDush 9 October 2017 - 14:04

    Cialis 20mg For Sale Viagra Cheap viagra Cheap 25 Mg Viagra Price

  12. HaroquagDush 10 October 2017 - 5:02

    Cialis Carte Bancaire Propecia Prodotti Galenici Direct isotretinoin website no doctors consult pharmacy buy viagra online Prix Viagra 100 Mg Vermox By Mail Vente Baclofen

  13. Vada 10 October 2017 - 21:17

    excellent points altogether, you simply gained a brand new reader. What could you suggest about your submit that you simply made some days ago? Any sure?

También te puede interesar