Skip to main content

PCI Compliance and the Guest Experience

Why PCI Compliance Matters for Hotels 

Do you know what the average cost of a single data breach is in the United States? A recent study sponsored by IBM revealed that number to be around the $8 million mark. 

While this number in itself is alarming, in reality, a data breach costs so much more than that.  

A breach in your hotel can cost you your reputation and the trust of your guests.  

The threat of a security breach has always been a top priority for hotels and businesses in the hospitality industry. And as attacks on hotels are becoming more frequent and sophisticated, no one is immune. Even top hotel brands around the world can fall victim to security breaches, putting their guests at risk. Check out our blog on 2020 security trends to stay up to date on the latest data and security threats.

It’s no surprise to anyone in the hospitality industry that security breaches and cyberattacks are a problem. We’ve talked about it on this blog various times ourselves. But something people don’t necessarily think about is how the threat of these attacks affects the way guests view hotels and how it impacts who they choose to do business with. 

Hotels are not only fighting against hackers and cybercriminals, they’re also battling guests’ perception of their cybersecurity. If a guest perceives a hotel as being a high risk or putting their personal information in danger, the likelihood of them booking with that hotel drops significantly.  

The hospitality industry is an easy target for those looking to steal data because they hold credit card information for millions of customers and are vulnerable to attacks from multiple entry points.

What’s a hotel to do? 

Investing time and resources into ensuring your hotel is PCI compliant can help to prevent criminal activity from occurring at your property. Achieving PCI compliance is something that can’t be overlooked or underrated. 

Being PCI compliant is essential to operating as a successful business, and if you’ve ever wondered if it really mattered, you’d be surprised at just how much it does. 

Now more than ever it’s important to get into the mindset of guests during their buyer journey and discover what goes into their decision when booking with a certain hotel.   

Morphisec, a company that focuses on preventing fraud attacks, released a 2019 report on the hospitality industry. But they took a unique approach – viewing fraud and security from the guest’s point of view. 

According to Morphisec’s study, 9% of U.S. adults over the age of 18 have been a victim of cybercrime due to a hotel booking. That means more than 22 million guests have been affected by these cyberattacks.  

You may have thought that your guests either didn’t know what PCI compliance was or didn’t care, but that couldn’t be further from the truth. Not only do guests care, they will even go so far as to not book at a hotel if they sense any gap in their security. 

A look at the numbers 

46% of people surveyed said they won’t stay at a hotel if they think their information may be in jeopardy.  

And yet, over 69% of those guests believe that most hotels, even the luxury resorts and well-known brands, aren’t investing enough to protect their payment information.  

This is a shift from past behavior wherein guests believed top names and brands to be infallible where security was concerned. That trust and loyalty is not so freely given these days. Security and compliance within hotels is becoming increasingly important to guests.  

It’s also interesting to look at how people in certain age ranges think about hospitality. 

When asked whether they thought an Airbnb or a traditional hotel was more vulnerable to a cybersecurity breach, baby boomers and millennials had different answers:  

Source: Morphisec 2019 Hospitality Cyberthreat Index

Those in between the ages of 25-35 seemingly have more trouble trusting traditional hotels than their baby boomer counterparts. In fact, many millennials would prefer to stay at non-conventional lodgings such as an Airbnb because they perceive it as being safer. On the flip side, those who are 65 and older believe a hotel to be more secure.  

It’s important to be aware of what consumers are thinking and feeling about your business. Getting inside the mind of your guests will help you know what it is they care about and how you can give that to them.  

Stand out among the crowd 

Make sure you‘re standing out among others in the hospitality industry by offering comprehensive security solutions to all your guests.  

What poses the greatest threats? 

As part of your security solution, take advanced measures to ensure your WiFi networks are safe and fortified from attack. Morphisec found that hotel guests are significantly more concerned with a potential breach in WiFi than other breaches. As many at 40% of responders to the study believed that a WiFi breach posed the greatest threat to them during their stay. 

This was followed by POS attacks, phishing scams, and ransomware.

What are best practices you can follow?

A best practice to ensure guest safety is to create separate networks for each aspect of your business.

For example, you don’t want to use the same network for collecting payments or making reservations that you use for areas that are more susceptible to breaches like email and social media. In doing so, you can prevent an infected email from gaining access to your payment accounts.  

Always remember that PCI compliance matters and it’s something your customers value. In addition to PCI compliance, a comprehensive safety plan and more secure WiFi networks will provide your guests a greater sense of trust and can even boost bookings at your hotel.