Payment security is a hot topic whatever industry you’re in, but it presents some particular challenges for companies in the travel, tourism and hospitality sectors, as I’ll discuss in this blog post. In recent years there have been numerous high-profile examples of data breaches within the travel and tourism sector – brands from Marriottt International and Hyatt Hotels to British Airways have been hit, and these are just a few examples of payment card fraud that have affected travel and tourism organizations in recent years. These incidents highlight the importance of securing card payments (particularly in contact centers) and the need for organizations in this industry to invest in robust security measures to protect their customers’ payment data and personal information.
Complete dependence on electronic payment methods
The travel and tourism industry is completely dependent on electronic payment methods these days. Reservations are secured with credit or debit cards and then it’s often the case that the final payment is made with the same card, which the company has stored for both its own convenience and that of the customer. This then poses a significant security risk if the company’s systems are hacked.
High customer expectation of both service and security
The customer experience is also critically important, so travel and tourism companies need to ensure that payment card data is secure whilst also providing customers with as seamless a payment process as possible. Customers are typically spending large sums of money, much larger than they would generally spend, perhaps on ‘once in a lifetime’ experiences and so their expectations as regards service are extremely high.
At the same time consumers also expect security to be a priority. It’s clear that reading out payment card details over the phone to a contact center agent is no longer acceptable. However complex pause and resume systems, or diverting callers to a different system for secure payment interrupt the flow of the call and offer a poor customer experience as well as leaving companies still in scope for PCI DSS. Travel and tourism companies face the challenge of balancing consumers’ requirements for the highest possible standards of payment card security alongside their expectations for a seamless and high-quality service experience. Additionally, PCI compliance is mandatory so companies need to balance that requirement alongside the needs of their customers.
Heavy reliance on seasonal and temporary staff
The nature of employment within the tourism industry also presents a particular challenge when it comes to payment card security. The industry is heavily reliant on seasonal staff with a high level of employee turnover, now combined with significant numbers of contact center staff working from home. This presents several challenges to payment card security.
Motivated and well-trained staff are the first line of defence against security breaches, something that is much harder to achieve when staff are temporary, seasonal and often low paid. A single untrained employee can give fraudsters the access they need to sensitive payment card data, so the only way to ensure security is to make sure that card details are not accessible to employees under any circumstances. Systems such as so-called ‘pause and resume’ or network segmentation do not provide the levels of security provided as staff are still exposed to payment card details themselves when on calls with customers.
Avoiding financial loss and reputational damage
Trust is everything in the travel industry. Customers are paying large sums of money for often once in a lifetime experiences. The reputational damage associated with a payment card data breach can be impossible for a brand to recover from, not to mention the cost of legal fees and compensation payments if data is breached.
Why CardEasy is the best secure payment option for travel and tourism contact centers
CardEasy ensures that customers’ payment card data does not enter contact center environments at all, thus removing the risk of a breach and fully descoping the contact center environment from PCI DSS requirements completely. Customers make payment by entering their payment card details using their telephone keypad. Neither the agents nor the call recording are exposed to the card details at all. Card details are automatically blocked from both screen and call recordings with no need for a manual pause and resume function (which would still leave the agent exposed). Many companies mistakenly believe that so-called ‘pause and resume’ systems offer the required levels of security for PCI compliance but that’s not the case for the reason just mentioned – the agent remains exposed to the caller’s card details. I have explained the limitations of pause and resume in more detail in a previous blog here.
CardEasy also enables payment to be taken securely on any channel of the customer’s choice, be it telephone (via a live agent or through self-service IVR), SMS, social media, email, webchat or any other digital channel. There’s also an option for Automatic Speech Recognition – more information about that here. Whatever option you go for, there’s no need for callers to be transferred halfway through a call and the agent remains on the call throughout, so CardEasy offers a truly seamless payment experience that addresses customers’ need for both visible payment card security and a quick and easy payment process.
What our existing clients say about us
CardEasy works with numerous travel and tourism companies, from hotel chains and airlines to cruise companies and tour operators. Read more about how Hurtigruten, the luxury cruise company, uses CardEasy in this case study.
The benefit for us is that our customers know that their card details are safe. We don’t store their card details in any way. It’s all about giving our customers that peace of mind. As a contact center agent, if you call and make a booking with me, I don’t have access to your card details. You don’t have to worry about your card details being fraudulently used by somebody because they are never exposed. The benefit for us is the customer’s peace of mind.
Marc Bainbridge – Head of Integrated Services at Hurtigruten
