As we introduced in our previous blog, data security plays an integral part in a hotel’s reputation and revenue due to the lasting effects born from any reputational harm as well as compensatory damages and labor costs.
As cybersecurity is a core area of expertise for our company and an aspect that we continually upgrade for our products, we obviously have a lot to say on the matter. Where the previous blog touched upon TransForm’s ability to negate the credit card employee visibility problem for card-not-present (CNP) transactions, this next part discusses some other ancillary protection features and integrations.
What Internal Fraud Prevention Tools Does TransForm Have?
Shifting transactions from lodging to ecommerce can help hotels win chargebacks as well as help in instances of ‘friendly fraud’. This is when a good or service is rendered then the customer claims that this did not in fact happen or that said rendering was insufficient.
But there are still instances of ‘genuine fraud’ to worry about. These occur when unauthorized third parties gain access to part, or all, of a credit card’s details and use this card to make payments and purchases.
One feature that TransForm has in place for genuine fraud is its customizable entry attempt limit. Hotels using TransForm can set up a secure payment portal that can specify how many credit card entry attempts are permissible by the customer before the portal shuts down. Typically, this is set to three attempts, giving the guest three tries at inputting the right card number, expiry date, card verification code (CVC) on the back, and any other required fields, such as postal code.
Another major feature against genuine fraud is that TransForm’s payment portals close after completion in real-time. This prevents fraudsters from attempting to complete multiple payments to the same invoice, which can create a series of problems for the merchant during billing reconciliation.
Thirdly, TransForm allows hotels to set a date limit from the intended arrival date before guests are locked out and must present a credit card at check-in. People engaging in genuine fraud often try to complete a payment with an unauthorized card as close to arrival as possible so that the hotel doesn’t have enough time to verify the cardholder before the fraudster has already left the premises. The most common time limit is 72 hours, or three days, out from arrival.
What Happens After Transactions Are Completed?
TransForm integrates directly with numerous payment gateways that verify a cardholder’s information. Once the transaction verification has been completed, the guest’s credit card information is tokenized. This means that the sensitive data is ‘deidentified’ by being converted to randomly generated numbers called a ‘token’. This token has sole access to the real information stored within a token vault.
Upon tokenization, the credit card data is not stored within TransForm but passed into a secure database used by the hotel’s payment gateway as an encrypted token and hosted on the hotel’s servers. This encryption process strictly adheres to the protocols outlined by TLS 1.2+, earning TransForm a PCI DSS level 3.2.1 certification.
Finally, there’s the matter of integrations with the property management system (PMS). The tokenized credit card not only stays within the gateway’s secure storage but can automatically flow through to align with other guest profile information for better analytics. To this end, TransForm has established real-time interfaces with leading PMS providers including Oracle, Infor and Agilysys.
Taken together, the encryption protocols, tokenization, and secure pass-through to the PMS, combined with the internal anti-fraud features and the secure ecommerce portal, TransForm becomes an instrumental tool in hotel operations to safeguard against cybersecurity risks while saving costs in the process.