Tag Archives: Tokenization

Hospitality Industry Information Security: Major Hotels Move Closer To "Secure Payments Framework" That Will Protect Guest Credit Card Data Through "Tokenization"

 “Every major hotel company is working to get as many of their systems as possible out of the scope of the Payment Card Industry Data Security Standards (PCI-DSS)…Most of these companies have focused on solutions based on tokenization, and many have implemented them or are in the process of doing so.”

Tokenization is a process whereby sensitive card data is stored in a single secure location, which may be operated by a hotel brand, a payment gateway or another third party, and replaced in hotel systems by substitute “tokens.”  The tokens can be used to complete the transaction, but are useless if intercepted electronically by a thief. 

Top hotel security executives met several times to discuss this problem as the HTNG Secure Payments Framework effort took shape during August and early September.  Early discussions indicated a broad agreement that a single industry framework is needed, and that the framework needs to work with existing security approaches in place at major hotel companies and in commonly used systems.  There was also agreement on the key elements needed for the industry framework.  The group intends to document this framework conceptually in a white paper that will form the basis for subsequent standards development.

  This new effort will leverage hotel companies’ prior investment in tokenization efforts, adding a layer of security that will enable those solutions to be extended to unrelated parties that may be involved in transactions, such as online travel agencies, global distribution systems, switches, channel management systems, central reservation systems, management companies, independent hotels, payment gateways, swipe devices, and other parties.  “The approach is intended to enable the tokenization of card data by the first system that touches the reservation,” said Rice.  “The sensitive data will remain stored in a secure vault, and all of the other systems will simply pass along the token in place of the credit card.  The hotel itself can then submit the token to its token provider or gateway to complete the card transaction.  The card data itself need never touch a hotel system.”

For more:  http://www.hotelnewsresource.com/article58324.html

Comments Off on Hospitality Industry Information Security: Major Hotels Move Closer To "Secure Payments Framework" That Will Protect Guest Credit Card Data Through "Tokenization"

Filed under Guest Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology

Hospitality Industry Data Security: Hotel And Restaurant Management Should Consider "Tokenization" For Credit Cards And Sensitive Data

“…tokenization is a data security model that generates surrogate values, called tokens, to replace sensitive data—credit card numbers, for example—in applications and database fields. The sensitive data is simultaneously encrypted and stored in a central data vault, where it can be unlocked only with proper authorization credentials...”

In 2011…expect to see many more mid-sized to large enterprises adopt tokenization more broadly to protect many other types of sensitive information, including electronic health records (EHR).

It does this by removing sensitive data from applications and databases, which has the added benefit of reducing scope for Payment Card Industry Data Security Standards (PCI DSS) compliance audits.  Over the past couple of years, the tokenization data security model has taken its rightful place alongside data encryption, and it is well on its way to becoming a commonplace solution for credit card protection.

What’s more, a particular version of tokenization—Format Preserving Tokenization™—is equally adept at protecting personally identifiable information (PII) and electronic health records (EHR) to help organizations comply with data privacy laws like the EU Data Privacy Directive and HIPAA.

For more:  http://www.thetechherald.com/article.php/201107/6818/RSAC-2011-Data-Security-Wunderkind-Tokenization

2 Comments

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology