Industry Pages

Industry Pages


Hospitality is all about making guests feel welcome. Beginning with the reservation-making process, throughout the stay, and until check-out, guests are made to feel welcome, pampered, and safe. Every interaction is designed to ensure those pleasant, comfortable stays which will, in turn, earn respect and trust with the customer base, including and especially positive social reviews. While one cleaning mishap, service flaw, or poor meal can often be overlooked, having their payment and personal information secured is an absolute must, a given. If their information is stolen from a host’s business ecosystem, no matter how well meaning initial security measures were, that breach can permanently and publicly ruin guest relationships with the entire hospitality brand. A modern, educated public has become well aware of the damage stolen data can do to their personal finances and identity, so any mishap of this nature will forever be remembered as a negative mark against the breached business.

Unfortunately, the hospitality industry has become a favorite target for hackers seeking valuable sensitive data, because its business systems include so many channels, or vulnerabilities. Hospitality organizations are ideal targets for thieves, in that they are typically part of an intertwined ecosystem of franchisees, facilities, services, and third-party vendors. Further, rewards programs may store personal and payment information on a national level. That means there can be multiple, separate databases and end-point devices that touch Payment Card Information (PCI) and Personally Identifiable Information (PII). The PII that hospitality organizations collect includes postal and email addresses, employer information, phone numbers, and other data that can be used for identity theft, authentication, or false account creation.


A hotel, for example, collects and shares guest information with the gift shop vendors, connected bars and restaurants, and external reservation systems. While the hospitality organization responsible for collecting, storing, and sharing PCI and PII may have a high level of data security protections in place, the channels through which that information travels, as well as third-party vendors that share that information may not maintain the same standards. In addition, third-party vendors can have point-of-sale systems separate from the host organization. If the food vendor is part of another franchise chain, for example, all their franchise systems— spread throughout various locations and hospitality organizations— may use their own consistent passcode scheme. If that passcode is hacked from one site, it makes it easy to attack multiple sites. Any weakness in the chain of vendors can potentially break the security for all. Just as with any organization that stores PCI and PII, it’s not a matter of if a hospitality organization will be breached by hackers, but when.

Even more insidious is that a breach often results in the spreading of sometimes hard to detect malware, sending it throughout the interconnected organizations, where it can persist undiscovered for months, harvesting guest payment and personal data. Often the malware is only uncovered when stolen data is already being used for fraud and traced back to the hospitality organization as the source of the breach—much too late to warn guests of the damage.

While the hospitality industry certainly does everything it can to not roll out the carpet for hackers, the very complexity of their business relationships can provide access to sensitive shared data. The trend towards franchising instead of direct ownership results in uneven implementation of data security. The hospitality brand may choose to not impose consistent security on the franchisees for fear of legal liability should a successful breach occur. The need to integrate third-party vendors creates chained islands of guest information which in turn, creates a chain of risk.


The disparate networks of organization need a consistent approach to securing sensitive data. One that protects PCI and PII as soon as it enters the end-points of the Property Management System (PMS):

  • Reservations and room management
  • Front desk and mobile check-in points
  • Back office book keeping and payment processing
  • Restaurant and bar point-of-sale systems
  • Gift shops and spas
  • Rewards programs and storage

Using tokenization and cloud data vaulting to intercept incoming sensitive data at all of these end points ensures that no PCI or PII is accepted, stored, or transmitted by IT systems that could be hacked or inadvertently exposed by personnel. Using tokenization in union with a fraud prevention service, such as Kount, helps lower processing fees and eliminates much of the risk created by chaining business systems with third-party vendors.

The TokenEx Cloud Security Platform provides hospitality organizations with multiple methods of capturing, encrypting, tokenizing, and vaulting sensitive information. An organization can implement TokenEx Browser-based Encryption and tokenization via a web services API to route all PCI data through the tokenization process, replacing payment card data with tokens for future billing and processing. Mobile POS and hospitality apps can use the same tokens to take on-the-go orders and process guest requests, so that sensitive data is never exposed to the workforce. Property Management Systems can process reservations and payments using the tokens instead of Guest PII and PCI. With all the sensitive data securely stored away from the on-premise systems, the cost of PCI compliance is greatly reduced and guest information protected from theft.


TokenEx clients in the hospitality industry rely on tokenization in the cloud to be able to use virtually any payment processor that best fits business needs. TokenEx integrates payment streams with other payment processing services, such as fraud detection, account updater, and marketing analytics. TokenEx acts as a central integration point for payment gateways and services, passing the necessary payment data to the providers in the format they expect, without any payment data being accepted, stored, or transmitted by your business systems.


For security purposes, the following scenario is based on several TokenEx clients.

A hotel and resort facility had a problem. A malware infection was uncovered in one of its service partner’s payment systems that could have easily spread to its own network of property management applications, reservation system, and point of sale (POS) at stores and food courts. The uncovered malware was designed to siphon off payment and personal information. The IT Security Manager of the resort knew it was only a matter of time before the malware would spread into IT systems using the same zero-day exploit. Fortunately, it was stopped at the partner’s systems before it could spread and the IT staff patched the known exploit. But what about the next variant of malware? It was only a matter of time before a breach was successful.

Taking this information to the resort’s management team, the Security Manager proposed looking for a layered security solution that would prevent any data loss should the next malware attack be successful. The questions he presented— How long would the period of time be between infection and discovery? How much data would be lost? What would be the true cost of the breach in fines and customer trust? – drove their search for solutions.

Management knew all too well from news headlines the repercussions of data breaches in the hospitality sector. Penalties and fines for lost data are a brutal business expense, but loss of trust from guests who have their personal and payment data stolen are virtually incalculable. The Security Manager was given a green light to investigate the best way to avoid these seemingly unavoidable hacks.

The Security Team at the resort went to work patching all their servers and databases, investing in viral detection software, and training personnel on security measures. All well and good as a first phase. But the team knew there was a huge honeypot of data sitting in their systems, both payment and PII, that could be at risk should any of the preventative measure fail against a new zero-day exploit or undetectable malware infection. The challenge remained, how to get the payment and PII data out of the resort’s IT systems and stored where it could never be stolen, yet be able to continue business operations as usual.

Through research and networking with other IT managers, the team settled on tokenization as the best overall solution to remove the toxic data out of the business systems. More research and interviews with other IT organizations led them to TokenEx, which was the only security vendor that could provide tokenization for both payment and PII data, secure cloud data vaulting, simultaneous access to multiple payment processors, and flexibility to work with third-party payment service providers such as fraud detection.

As TokenEx consulted with the resort, it became clear that the tokenization plan had to encompass the resort’s call center, web portal, on-site card readers, and back office reservation and property management system. At each point of data entry, payment and PII data had to be captured before entering any of the IT systems, encrypted, transmitted to the TokenEx Cloud Security Platform to be tokenized and the original data securely vaulted. Only tokens representing the PCI and PII data are returned to the resort’s business systems to be used as substitutes for guest data in billing and on-site services. As a result, should malware invade the call center, web server, or back office systems, there would be no valuable data to steal, only tokens that are undecipherable by any means to hackers. For each of the systems receiving sensitive data, a combination of TokenEx technologies are deployed.

  • The Call center is equipped with point to point encrypted (P2Pe) pin pads that encrypt upon data entry. The encrypted data is sent directly to the TokenEx Cloud Security Platform via the TokenEx API, where it is decrypted, tokenized, vaulted, and in some cases transmitted to the chosen payment gateway for real-time processing. Tokens representing the guest credit card account numbers are returned to the secure servers at the resort to be used for on-site services and checkout. Since the private encryption key for the pin pads is only known to TokenEx, the data is secure from the moment it is entered by the call center agent.
  • The resort’s web portal accepts guest reservations, payment information, and personal information during the reservation process. The resort opted to use the TokenEx iFrame Hosted Payment Page solution to move all final sensitive data entry through the portal onto the TokenEx Cloud Security Platform. As guests enter their payment and personal data, they are actually interacting with fields hosted by TokenEx. The process is transparent to the guests, as it appears to be happening on the resort’s web site page. As a result, no sensitive data is captured by the resort’s web server or back end systems. Only tokens are returned to the resort’s business systems for nightly payment batch processing. Personal data can be captured in the iFrame solution as well, keeping it secure and out of the business systems.
  • On-site at the resort, such as at the front desk, at restaurants, and the spa, guests typically rely on the payment information submitted through the call center or web portal. If they want to use a different card for points or rewards, the payment card information is swiped or dipped on P2Pe card readers, which transmits the encrypted PANs directly to the processor for authorization and settlement. At the end of the day a reporting file is generated by the processor with all the transaction details. That file, containing PAN data, is first routed through TokenEx where it is tokenized before it ever reaches the resort’s environment. Again, even if the back office server is somehow breached, only tokenized data is exposed.

By securing all sensitive data entry points with encryption, tokenization, and secure data vaulting, the resort eliminates the risk of data theft. Because TokenEx can tokenize all forms of sensitive data, PCI and PII, not only is payment data is safeguarded, but so is personal guest information. Bonus: by removing all payment data from IT systems, the scope and therefore cost of PCI compliance is greatly reduced, thus counterbalancing the costs of the tokenization project.

Connect with TokenEx to Secure Your Sensitive Data

Your business data belongs to you. Your customers’ data belongs to them. Keeping sensitive data of all types out of the reach of hackers, ransomware attacks, and state-sponsored spies is the job of TokenEx. You owe it to yourself and your customers to secure your enterprise against attack. You can depend on the TokenEx Cloud Security Platform to do just that. Contact us today to learn how we can eliminate the risk of data theft and reduce the cost of PCI compliance in your business.