Security

‘Smart’ payments

With the growing use of credit cards for reservations and payments, the onus falls on the hotels and restaurants to ensure their customer's safety. Sanjeev Bhar finds out how they can do so.

Receiving online payments for hotel bookings or a food bill paid through a credit card is standard procedure these days. Unfortunately, what is also becoming standard is the misuse of credit cards and the incidence of frauds. Therefore, offering a secure payment gateway to customers must be a priority for those in the hospitality industry.

This concern for customer safety has led to the rapid emergence of the smart card market in the country. A smart card-based credit or debit card enhances security and reduces the possibility of fraud. Industry experts believe that chip architecture and programming security, encryption algorithms on the chip, PIN based re-verification of the customer identity, etc together increase the level of safety. Vipin Tyagi, president and CEO of Network Programs, says, "From a solutions point of view, smart cards are used for applications related to payments, identification and access. Private banks are driving usage of smart cards and, of late, we see state-owned banks rolling out smart card-based solutions for cash transactions, user identification, and payments."

Safeguarding payments

Indian hotel companies are working with the government on different projects that involve the implementation of smart cards, especially since all corporate payments are primarily through credit cards. Pradeep Kalra, vice president (Sales & Marketing) at Sarovar Hotels & Resorts says, "Roughly 40 per cent of our bookings are through credit cards. Yet people are still apprehensive in giving out their card details. Greed, unethical competition and other negative incentives may prompt people to resort to card fraud. The only way to overcome these impediments is through constant technical upgradation. For every transaction, we ask for all the vital information and don't proceed with the transaction in case of any inconsistency."

There are many technology companies that offer secure solutions on smart card-based platforms. For instance, Keane offers solution incorporating open architecture as opposed to proprietary solutions in micro-payment for transit ticketing. For safer transactions, an advanced card such as Verified by Visa (VbV) and Mastercard SecureCode are the emerging trends. Bratin Chakravorty of Keane says, "Chip level authentication based on open platforms like OATH (Open AuTHentication) is also emerging in the industry. Here, debit cards need more protection than credit cards. They enable access to your entire bank account instead of a pre-determined credit as in the case of a credit card. Thankfully, the proportion of such misuse is very low in India."

Keane offers technology solutions using Smart Card & RFID solution sets. Chakravorty emphasises that the instances where the physical card(s) has been abused has increased of late. He says, "After swiping the card at the point-of-sale machine given by the bank at the hotel's billing outlet, it is possible to theoretically swipe it again in a skimmer machine. This can extract the data on the magnetic stripe of the card in order to create a clone, extract the card number to use it for online shopping or be used for duplicate billing charges by forging the signature. The skimmer can be the size of a lipstick to avoid detection easily."

Encryption is necessary

Based on reports from banks and card companies, fraudsters seem to be more active in the space where online medium is involved, without physical delivery of goods. Therefore, data encryption is vital from the security point of view. Kalra says, "We make every effort to keep all personal information, including the credit card payments secure. Sarovar Hotels uses the Secured Socket Layer (SSL) technology to allow the credit card number to be transmitted to us over the internet through the browser supporting this encryption." As the number of the credit card is entered, SSL encodes it. This enables the information being transmitted in a format that prevents eavesdropping or data theft, adds Kalra. Once the hotel’s secure server receives the data, the credit card number is never transmitted over the internet again.

Chakravorty adds, "Any merchant establishment like a hotel has a set of basic guidelines to follow while accepting a card transaction including checking the signature i.e. the Merchant Compliance with Payment Card Industry (PCI) standards." The PCI Data Security Standard aligns Visa's Account Information Security programme (also known as Cardholder Information Security Program in the US), with MasterCard's Site Data Protection (SDP) programme to create streamlined requirements, compliance criteria and validation processes.

For online security, the payment giants have their security solutions in place. Chakravorty notes, "Credit card companies like Visa and MasterCard have deployed authenticated payment capabilities for online transaction security. A virtual signature in the form of a password can be chosen by users to sign up." Verified By Visa and MasterCard, SecureCode thus enables the card holder and card issuer to authenticate each other by exchanging these passwords before starting an online transaction. He concludes, "Hotels and other establishments will benefit if they sign up for these programmes for their net portals for reservations and payments."