PCI DSS compliance for the travel & hospitality sector

Whether planning a trip through a travel agent, booking a room with a hotel, reserving a table at a restaurant, or making a secure digital payment in person for a tourist activity, the use cases for making secure PCI DSS compliant payments abound.

As the sector emerges from the profound disruption created by national lockdowns, re-booting business now depends on adapting fast to new customer behaviors and operational realities.

With more travelers and guests now reliant on contact centers and digital channels to make inquiries, place bookings and make payments, ensuring your payments are PCI DSS compliant has never been more important.

What is PCI DSS compliance – and why is it important?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements that protect cardholder account information and applies to any company that accepts credit or debit card payments.

In recent years, the hospitality sector has been the target of fraudulent attacks. Major hotel chains like Hilton, Starwood and Hyatt have all fallen victim to malicious cyberattacks that have exposed the payment card details of guests. This type of data security breach has a significant impact on brand reputation – and any failure to comply with regulatory compliance such as PCI DSS will result in significant fines.

Similarly, travel agents and tour operators need to be confident they can take secure payments over the phone, via the web or a self-service portal. One that makes it possible to remove the need to pause call recordings and assure an optimized and seamless and frictionless experience for customers.

Collecting payment over the phone

Whether you’re a hotel or a tourist attraction, assuring a secure payment transaction is difficult without using a dual-tone multi-frequency (DTMF) masking solution like Semafone’s Cardprotect Voice+ that makes it possible to accept payments made over the phone in a safe and PCI DSS compliant manner.

At the point when payment is required, customers simply enter their details into their telephone keypad, and DTMF tone suppression shields their card details from being heard by agents, captured on call recordings – or seen on their screens.

Since all payment information is instantly transmitted direct to your organization’s payment service provider (PSP), there is no need to store or secure sensitive customer payment data. Plus, since no payment data enters the VoIP network or contact center systems, travel and hospitality firms are able to descope their operations from PCI DSS.

Handling remote digital payments

In much the same way, today’s customers expect to encounter streamlined yet secure payment options that make it easy to transact in the channel of their choice.

Whether your teams are based in an office or are working remotely, omnichannel payment solutions like Cardprotect Relay+ enable your business to take payments anywhere and across any digital engagement channel, without having to invest in costly hardware or enter into a closed payment ecosystem.

Customers simply follow the secure link you can deliver in seconds via a webchat, automated chat-bot, email, SMS or over a social media platform. They then simply enter their payment details, and your teams are able to track the live journey of each link in real-time through to approval and completion.

Once again, no sensitive payment data ever enters your IT environment. All of which reduces the risk of data breaches and assures PCI DSS compliance.

Managing transactions through third-party websites

Completing PCI DSS compliant transactions via third party websites can be a particular challenge for the sector. That’s especially the case for travel agents, who frequently need to book flights or car hire and even theater tickets on behalf of customers when putting together a bespoke travel package tailored to their exact needs.

Solutions like Semafone SecureWeb+ enable customer service professionals to undertake simplified PCI DSS compliant transactions on behalf of others via third-party websites. There’s no need to toggle between tools or calls to complete payments for customers, and anyone booking on behalf of a customer is protected from any exposure to their sensitive payment information.

Once a customer provides their card payment details via Cardprotect Voice+, this information is then securely entered onto the specified website payment pages and cannot be copied, viewed or captured in a screenshot. All of which protects the reputation of service providers, and the third-party merchants they transact with on behalf of customers.

Dealing with in-person payments

There’s no denying that COVID-19 has sparked an appetite for new ways to pay. Just over a year ago, typing in a PIN at the point-of-sale was an automatic behavior, but social distancing mandates have triggered demand for new digital options. Whether that’s accessing a restaurant menu from their mobile device or taking advantage of newer digital payment options such as QR codes.

Eliminating any need to touch a payment terminal, using QR codes as a mobile payment option is becoming increasingly common in the light of customers’ new hygiene-motivated preferences for touchless alternatives.

Cardprotect Relay+ makes it easy to generate and send QR codes that can be used in-person or sent to the customer through any digital channel – including SMS, web chat or social media. To pay, customers simply aim their smartphone camera at the QR code and enter their payment card details into the secure web form that is presented to them.

Putting payment ease, security and convenience at the heart of your business

Today’s hospitality and travel firms are having to adapt fast to enable consumers to pay however they choose. Delivering an increasingly flexible choice of payment solutions that are easy to access, ensures that privacy considerations are respected, and eliminates any friction from the transaction.

Today’s modern payment solutions ensure that firms are able to ensure payment processing and data protection is placed at the heart of every customer service strategy. Making it easy to transact in a PCI DSS compliant way that truly resonates with customers.