With 68% of travelers booking exclusively online in 2016, all hotels should offer online booking and payment options today. In order to accept online payments, hotels must be PCI DSS (Payment Card Industry Data Security Standard) compliant, and obtain SSL (Secure Sockets Layer) certification. Hotels can choose between building their own payment pages, and obtaining the required certifications, or integrating a hosted payment page, via a PSP (Payment Service Provider).
PCI DSS is a security standard that was established by the major credit card companies to reduce credit card data loss. Any company that accepts, processes, transmits or stores credit card information is required to report compliance to the PCI council and meet the requirements of the standard.
SSL is the standard security technology for authentication and encryption, which provides site validation to your potential customers. An SSL link ensures that all data transferred from the guest to your hotel remains private.
According to a 2016 PYMNTS report, online fraud is consistently rising, with close to 4.8% of all money spent online at risk of a fraud attack in Q4 2015, which was up from 2.9% in Q1 2015. The volume of fraud attacks increased 215% between Q1 and Q4 of 2015. According to BI Intelligence, ecommerce fraud costs online retailers $32 billion in 2014, and the rate of fraud doubled between 2014 and 2015. As such, it is important that all hotels ensure that their sites are secure, for both your sakes, and the sakes of your guests.
There are a number of reasons to use a hosted payment page on your hotel’s booking site. The main reasons for opting for a hosted payment page over one developed independently are as follows:
1. Save on Development Costs
If you decide to build your own payment page, you must invest both time and money in obtaining the various security certifications (see below). You must partner with various credit and debit card companies, paying the related merchant fees to each, under their agreements.
Plus, each payment method and technology needs to be integrated, including the increasingly popular mobile payment technologies.
Alternatively, if you opt for a hosted payment page, you receive all the functionality, built in. Hosted payment pages can also be personalized to match your look and feel, without the significant investment required in independent development or design.
2. PCI DSS Compliancy Requires Continuous Investment
PCI compliance requires annual reporting or annual auditing, depending on the volume of credit card transactions. There are 4 PCI levels, based on business transaction volume, which dictate the requirements the company must meet. The lowest level, level 4, is sufficient for businesses with under 20,000 transactions per year. The highest level, level 1, is required for over 6 million transactions a year.
Validation of compliance is performed annually; whether via Self-Assessment Questionnaire (SAQ), an annual questionnaire, or via an Internal Security Assessor (ISA), which prepares an annual report on compliance.
Levels 2-4 require annual scanning of the websites by an approved entity, completion of the SAQ, and Attestation of Compliance. Level 1 compliance requires an annual audit. Payment service provider’s offer level 1 compliancy, with annual auditing.
The costs for the various level of PCI compliance are approximately
Level 4 –. Costs could be as low as $700 per year
Level 3 – Minimum annual cost of $1,200, increasing based on the size of your network.
Level 2 – Costs can range between $10,000 and $50,000 annually
Level 1 – From $50,000 annually and up.
When you choose to partner with a PSP and use their hosted payment page, they undergo the PCI audit and not your hotel, saving you tens of thousands of dollars annually, not to mention time, money and hassle.
3. High Level of SSL Protection Included
Different business types require different levels of SSL certification, with higher levels costing more, annually. Lower levels of protection, offer businesses lower warranty and protection, in case of fraud. Domain validation (DV), the lowest level of SSL protection, costs approximately $150 a year, while higher levels, such as organization validation (OV) and extended validation (EV) cost $199 and $299 annually, respectively. Additional wildcard protection can be added for hundreds of dollars annually.
If your hotel enjoys a high proportion of online sales, and deals with a huge number of guests, annually, you need to offer a high level of SSL certification. The highest level of certification provides the confidence guests need to complete transactions online. If your guests don’t feel confident about making a payment on your site, they will go elsewhere. A hosted payment page from a PSP offers the SSL certification level you need to assure your customers that their data is safe, and it is included in the payment to the PSP.
4. Optimized Maintenance Equals Higher Reliability
Security and reliability are key components of a PSP’s business. This is what they do. They focus on payment technologies and high-level security service, and provide ongoing maintenance of their systems.
For your hotel to reach this level of security, you will need to invest in ongoing monitoring, frequent updates and constant maintenance. This would obviously be a drain of your resources, and a source of constant anxiety on management, which should be focusing on your main business – increasing bookings and improving your level of service.
5. Offer More Payment Options to your Clientele
Travel is a global business. According to TopDeck Travel, 88% of travelers surveyed from 134 countries claim they travel overseas 1-3 times a year. Of these, 94% are Millennials. With guests coming from all corners of the earth, it is important to provide a variety of payment options, from leading local payment cards in various countries, to mobile payment options.
Offering more payment options increases bookings to your hotel, as potential guests feel confident completing transactions when offered to pay in their preferred payment method. As mobile booking popularity grows as well as the acceptance of mobile wallets and money, guests will appreciate hotels that offer a simple, end-to-end booking experience. Hosted payment pages enable hotels to easily offer this wide variety of payment options and technologies to their guests.
By integrating a hosted payment page, you can focus your main efforts and your valuable resources on your core business and area of expertise – hospitality. It will allow you to leave payment and security concerns to experts in that field, while enjoying the added benefits of lower setup and maintenance costs.
