Preventing Credit Card Fraud and Phishing Attempts
Posted by Jeff Tweddale on 31 Mar 2021 09:46 AM
Preventing Credit Card Fraud and Phishing Attempts.
Below are some 'best practices' we recommend, all easy to accomplish.
- The best way to prevent fraudulent use of credit card data is to store the least amount needed. While it's hard to manage a hospitality business without requiring credit cards as deposits, consider dipping/tapping all card data via an EMV device so that the data is 'tokenized' and never viewable to you or your staff.
- Another option is to consider letting the OTA companies you work with require payment from your guests, and provide your property with a Virtual Card that will only be good from your merchant account, and only for he amount agreed between the checkin and checkout date. These cards aren't able to be used fraudulently as a result of these built-in protections.
- Only allow Users of your PMS to view card data who have a serious 'need to know'. Every other User shoud only be allowed to view the 'last 4' digits and expiry to avoid temptation and falling prey to 'phishing' that compromises your card data.
- Make sure you set the COUNTRY (which Country is allowed)and VPN access per User to be as restrictive as possible. By setting these securely, a User account that has been compromised can be prevented from logging in.
- Train your Users on the credit card handling procedures, as you are required to do anually when using credit card data, for PCI compliance. Don't fall short on this!
- Make sure your Credit Card retention policy is as restrictive as possible.
- Train your Users to NEVER divulge their IDs and Passwords to anyone/any system that are not pre-selected and approved by you, such as https://mypms.bookingcenter.com. Any other email, SMS, or website that asks them to input their User ID and password is a phishing ploy and they need to be aware of this.
- There are articles for preventing from fraud from your guests once they show up at your property, such as this one from Hotel Online here.