The hospitality industry presents one of the biggest difficulties for
credit card processing security,
because of the way hotels hold credit information for incidental expenses when a guest checks in.
The
hospitality point of sale systems that collect this information are often antiquated and fail to accurately separate and secure this kind of information, meaning all a thief needs to do is find a way into the computer system to access the complete credit information of every card stored.
The differences between this problem and the same risk when a standard merchant uses older technology are: many hotels are part of big chains that customers are less likely to suspect of security breaches, so card holders will be less cautious; hotel customers often give one credit card for incidentals but pay with a different card either because they booked online or because they want to use their major card during the trip and then use it to pay, so the identity theft risk per customer is for two cards; and because these large companies have older bureaucracies, they are slower to integrate new hospitality point of sale systems and security features, making them even more susceptible to simpler information theft.
Unfortunately, experts don’t have any specific, magic solution to this particular problem. The strategies are the same as they would be for any merchant and customer. Cardholders should be as careful as possible about giving credit info to any enterprise. For example they should ask that the card number and phone number be held but not the expiration date. They should also be sure their credit card providers have fraud protection to check from suspicious activity. Hospitality providers should have dedicated security to monitor the activity on their merchant accounts and practice limited access to credit information – such as by keeping physical copies in a locked room that only the managers have access to and can only be opened infrequently throughout the day as well as investing in upgrading their credit processing and hospitality point of sale systems.
Since 2008 the percentage of hotels that suffer security breaches annually has fallen, but it remains one of the most vulnerable industries for credit card information theft.