Image by (aka Brent) via Flickr

Under the banner of the Hotel Technology Next Generation (HTNG), 16 major hotel groups from around the world are planning to work together to develop an industry specific IT Security framework  for handling sensitive and credit card data.

The HTNG will be a not for profit trade body which will develop solutions and standards that can be used in the hospitality industry.

Hotel credit card transactions are more difficult to secure than in other industries.  During the hotel reservation process, sensitive data often flows across systems managed by different companies. The data could be stored for weeks or months from the initial booking, to the checking in, charges for additional services e.g. bar bills all the way through to the final check out.

There are lots of different systems and software used in the processing of reservation making Security Standards very important.

Solutions like tokenization can provide an answer for a single hotel or hotel chain but they will require a great deal of sharing and integration if more than one company wishes to share the same token.

Wiki leak definition of Tokenization is “the process of breaking a stream of text up into words, phrases, symbols, or other meaningful elements called tokens. The list of tokens becomes input for further processing such as parsing or text mining. Tokenization is useful both in linguistics (where it is a form of text segmentation), and in computer science, where it forms part of lexical analysis“.

To find out more about Tokenization download the Tokenization for Dummies booklet by clicking here, registration is required.

While major hotel companies have invested heavily in security within their own systems, they have no control over the hundreds of third-party systems that may touch their reservations prior to their guests arrival.

Early discussions indicate a broad agreement that a single industry framework is required, and that the framework needs to work with existing security approaches in place at major hotel companies and in commonly used systems for example PCI DSS.  There was also agreement on the key elements needed for the industry framework.  The group intends to document this framework conceptually in a white paper that will form the basis for subsequent standards development.

Doug Rice, CEO of HTNG, said organization initiated the process for the industry security framework in June. A charter has been created to ensure the hotels and organizations involved are on the same page. The group’s first meeting will take place in November.

Rice said everyone involved in accepting payments in the hotel industry needs to agree on the same framework for it to work effectively. Online travel agencies, distribution partners and payment processors will all need to be on board. The plan is for the major hotel companies to inform their partners of the plan at approximately the same time. Vendors will realize this is what they need to do if they want to meet the needs of the hotel industry, he said.

Once the partners are on board with the solution, independent hotels will start getting involved, too.

Rice said education will not necessarily be the role of HTNG. However, the group expects to work with organizations such as the Hospitality Financial and Technology Professionals to help implement the solution and spread the word in the industry.

“This is not going to be an overnight solution, it’s a journey, but it’s something that the industry has recognized needs to be addressed,” Rice said

Read the HTNG Press Release here.

Also read “77% of Hospitality Sector Mistakenly Believe They Are PCI Compliant“.