Stay connected
Subscribe to our Inside WEX blog and follow us on social media for the insider view on everything WEX, from payments innovation to what it means to be a WEXer.
Hardly a week goes by without a major company announcing that their customers have been impacted by a credit card breach. The travel industry is far from immune; in 2016, a number of wide-spread data breaches affected the hotel industry, resulting in thousands of customers having their credit card information stolen. As a travel company, you’re likely concerned about protecting your company and your customers from these types of incidents.
Examples of recent data breaches that have hit hotels
To understand how to best protect yourself, it’s important to understand how fraud is taking place. Three of the major fraud cases affecting hotels recently involved credit cards and point-of-sale terminals.
A data breach reported at the end of last year that was caused by malware set up to gain access to credit card information swiped at the front desk of affected hotels:
From late 2015 to mid 2016 point-of-sale systems were attacked, impacting physical credit cards used at hotels:
Hotels/customers impacted: 49 locations in North America, impacting more than 50,000 customers
In early 2016 an owner of upscale hotel brands was subject to a data breach affecting point-of-sale terminals.
Hotels/customers impacted: 20 hotels in the US
While it’s impossible to protect your company against all fraud threats, there is a way to increase the security of your payment information and help protect your company’s and your customers’ data. Virtual card numbers (VCNs) are being widely adopted throughout the travel industry, with good reason. VCNs work just like traditional credit cards by using a 16-digit number, an expiration date, and a security code. However, unlike traditional credit cards, they’re set up for one time use and they offer a number of built in controls that can help protect against fraud.
How VCNs work
Say you have a customer who would like to book a hotel and flight to Florida. You provide a quote and they give you their credit card number to complete the booking. Instead of sending their credit card number to the hotel and airline, where it could easily be hacked, you keep it safe inside your own system. Then, you generate a VCN to send to the supplier that can only be used once and that you can put safeguards on, as outlined below.
Safeguards you can put in place using VCNs
VCNs have a number of useful features, but the most important is that you can specify exactly what the card can be used for, when, by whom, and for what amount. Setting up these parameters makes it highly unlikely that the card will be used for anything other than what you expect. These are the fields you can, and should, set up when using a VCN:
With data breaches and subsequent credit card fraud prevalent, VCNs are one of the easiest ways to avoid exposing your customers to data breaches while protecting your own business against unauthorized transactions. Learn more about virtual card numbers.
Subscribe to our Inside WEX blog and follow us on social media for the insider view on everything WEX, from payments innovation to what it means to be a WEXer.