Historically the hospitality industry has held cardholder data across more systems and for longer compared to other industries. When data is held on point-of-sale, property management, loyalty and third party systems for use before, during and after the service is rendered, it increases the risk exposure to data breaches.
Certain technical network, hardware and software practices are common across the industry, which in turn may make it more of a target. Systems may be networked together. This may make sense operationally, but also makes it easier for attackers to enter and traverse linked networks in search of sensitive data.
Because the sector has been slower to implement EMV chip technology, its physical point-of-sale environment is not as hardened to attackers as other sectors.
What are the consequences of a data security breach?
Data security is bigger than just payment card data security. And the consequences of data loss or theft bigger than just a fine. The fully-loaded costs of a data security incident or cyber attack include business continuity risks, legal and contractual obligations and reputational impacts.
There are the impacts on revenue and productivity if your staff are unable to access computer, point-of-sale or property management systems. There are the legal and contractual obligations to customers, staff and suppliers if your business is unable to render the service on time and as specified.
Finally, there is the impact to your brand and reputation if customers, staff and stakeholders lose confidence in your business.
How can I mitigate my data security risk exposure?
The Payment Card Industry Data Security Standards (PCI DSS) offers a baseline standard for any business that stores, processes or transmits sensitive card data. We would recommend that you comply with the standards and can help you do so.
We can offer advice on mitigating your risk exposure through use of encryption, tokenisation, scope reduction among other measures. We can offer advice around education, awareness and training and business processes for handling sensitive card data. This is because good security is about people and processes, not just about technology. However, there is no one thing a company can do to protect all data, all the time. There is no silver bullet solution to security, so we advise adopting a matrix of measures.
This includes detective, response and recovery controls to build operational resilience and accelerate post-incident recovery. Whilst this may require cultural change and cross-company working, it helps emphasise that security is an ongoing process, not a one-off, annual exercise.
How to find out more
For more information, please see the PXP Financial Hospitality Guide.
There is no one-size-fits-all approach to data security and the hospitality industry has some particular requirements. For a free 30-minute consultation, please complete the form below or call 0844 209 4370.
The End-to-end payment platform
PXP Financial provides a single unified payments platform to accept payments online, on mobile and at the point of sale. Powered by inhouse global acquiring, 200+ alternative payment methods & financial services, PXP processes over EUR 16 billion annually through our unified gateway.
Whatever your business needs today or tomorrow, PXP Financials’ innovative payment platform will support your business growth with all the payment services you will ever need from one source, wherever your business takes you.