The hospitality industry’s value chain is complex, with numerous partners and regulatory requirements. Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is particularly challenging for many hotels. They expect their payment service providers (PSPs) to deliver solutions that facilitate their PCI compliance and ensure their guests’ security. PSPs in turn are looking for ways to balance security measures with seamless payment processing. Given this growing need for strong partnerships between hotels and PSPs to deliver secure five-star guest experiences on a global scale, Adyen, in collaboration with Infor HMS and Sabre Hospitality Solutions, launched its new proxy tokenization integration. This solution is already live in two hotel groups, one in the ultra-luxury hospitality segment and the other in the mid-scale category.

The challenge of PCI compliance when handling payments data

The PCI DSS is a set of global security standards that protect cardholder data. It consists of 12 requirements that together ensure that companies collecting, processing, storing, or transmitting cardholder data are maintaining a secure data environment. The PCI DSS is adopted by the major card schemes and so any business accepting credit card payments must comply with these requirements.

This includes businesses in the hospitality industry. Hotels are actively seeking ways to reduce their PCI scope, minimize security risks, and simplify compliance efforts. But they face multiple challenges.

To begin with, the hospitality ecosystem itself is complex. It includes multiple partners between a guest initiating a booking and a hotel receiving the reservation. This means that the reservation details, including a guest’s credit card data, are often shared between several players, making the data more vulnerable to breaches.

Secondly, data protection regulations are constantly changing worldwide. This added factor makes it even more challenging for players to consistently meet the set of technical and operational requirements needed to protect cardholder data, reduce fraud, and minimize the chances of a data breach resulting from malicious attacks.

The solution: Booking with proxy tokenization

Proxy tokenization presents a practical solution to the hospitality industry’s security challenges. It allows a PSP to intercept the booking message, which includes the booking details and card information, between the central reservation system (CRS) and the property management system (PMS). The PSP then replaces the sensitive card data with a secure payment token. The updated booking message, now devoid of sensitive information, is forwarded to the PMS, preventing the card data from ever touching its server.

What does this look like in practice? When a booking is made, Sabre’s SynXis CRS HTNG interface sends the guest’s card details to Adyen. Adyen processes the message, extracting the card details and replacing the original card data with a token. Adyen then sends the modified message to Infor HMS, so that the token is added to the reservation. Infor acknowledges the receipt of the message first to Adyen and then to Sabre.

Benefits: Enhanced security and streamlined operations

By leveraging proxy tokenization, the hospitality industry can unlock a host of benefits.

Firstly, the solution enables seamless payment processing. Not storing a guest’s raw financial information for security concerns could mean having to ask guests to frequently present their cards during their stay. By replacing card details with secure tokens, proxy tokenization gives guests a smoother journey. A hotel can simply use a token multiple times during the guest’s stay, or after the stay in case of late charges. This streamlining enhances the guest experience, minimizing friction and ensuring a smooth check-in and check-out process.

Proxy tokenization also helps hotels in scaling their PCI compliance. Secure payment tokens replace sensitive card data, and what is visible and shared between the different parties are the tokens themselves. This mitigates the risk of potential breaches and ensures the privacy of the guest information throughout the guest journey.

Proxy tokenization is also time and cost efficient. A major challenge for PMS and CRS providers is having to develop custom-built integration solutions for each of their customers. Proxy tokenization caters to different customer needs with a plug-and-play integration.

Read how brands like QC Terme and Oetker Collection have been leveraging the power of tokenization to safeguard their guests and elevate their journeys.

The future of hospitality payments

As the hospitality industry continues to evolve, hotel groups are demanding a future where secure transactions and exceptional guest experiences go hand in hand.

“Infor is committed to evolving its HMS software as industry needs dictate new challenges, which means new partnerships,” said Joe Vargas, senior vice president, Hospitality, Infor. “Partnering with Adyen to offer enhanced security through tokenization was a strategic decision to keep our customers competitive as data breaches increase, and protecting guest information remains of utmost importance.”

Adyen’s proxy tokenization paves the way for enhanced security, streamlined operations, and superior guest experiences. It’s available globally to all the hotel groups using Sabre’s SynXis CRS HTNG interface, Infor HMS, and Adyen processing and acquiring services.

Dive deeper into Adyen’s hospitality payment solutions

Adyen (AMS: ADYEN) is the financial technology platform of choice for leading companies. By providing end-to-end payments capabilities, data-driven insights, and financial products in a single global solution, Adyen helps businesses achieve their ambitions faster. With offices around the world, Adyen works with the likes of Sircle Collection, Iberostar Hotels & Resorts, Elite Hotels of Sweden, and QC Terme.