Today we’re going to look at PMS security which, for the most part, is a pretty simple topic. However, there are a couple of aspects worth mentioning.
Rather than turning this into a giant post on security best practices (you can find that elsewhere by doing a quick search), we’re going to talk about two of the most important security factors that concern the hospitality industry:
User access control and PCI for credit card processing.
PCI Compliance – Credit Card Processing
PCI compliance is a mandated security standard that properties handling credit cards must adhere to. Any time a property stores or processes a credit card it must follow this process, and each year it must be certified to prove purchases are being handled correctly.
Note that PCI compliance does not apply to debit or other types of payment methods.
There are a lot of rules revolving around PCI compliance. From Wikipedia, the requirements are to:
Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
Software also has a compliance system, called PA, which works hand-in-hand with PCI.
When choosing a vendor, make sure the software is PA compliant, which will assist you with becoming PCI compliant
Dealing with Multiple Systems
Having multiple technology solutions in your hotel can make things challenging. Your POS, PMS, and booking engine will all need to be PCI compliant.
At IQware we developed a unique PA compliant solution for our clients called the IQvault. Properties using our PMS/POS/booking engine are able to offload their credit card storage and processing needs into the system.
Basically, it serves as a central point for all your credit processing needs, which keeps things extremely simple.
Properties that use the IQvault will still need to obtain their own PCI certification with the assistance of a third-party auditor, however our PA certification will ease this process.
PMS Security: User Access Control
It’s very understandable that properties do not want their employees accessing the entire system. This is easily solved in software by ensuring there are permission settings for a variety of access levels.
Typically you’ll find settings for administrators, managers, and front-line employees. When it comes to purchasing PMS software, this should be fairly standard across most major providers, but it’s worth double checking to ensure the features are there.
So there you have it, two of the most common factors with PMS security.