PCI Lynx Case Study - The Best Western Valley Hotel
When the Best Western Valley Hotel in Ironbridge was informed by their bank that they must become compliant with the PCI DSS card data security standard, they consulted Guestline, they asked "how could this be achieved using our current IT infrastructure and Guestline PMS".
Fortunately Guestline had recently launched PCI Lynx service, a service which enables the hotel to comply with the standard, with a minimum of cost and disruption.
The PCI Lynx Solution
PCI Lynx, is a combination of technology and business processes aimed at achieving compliance in a structured, easy to follow process.
The PCI Lynx service, provides solutions to the key problem areas of the standard; wireless security scans, external vulnerability scans, an audit of firewalls and virus protection and full documentation, policies and procedures.
Key to the solution, is the integration of the Guestline PMS products, with the card acquiring services to provide a secure method of card data storage, enabling the hotel to complete a reduced self-assessment attestation for their bank.
How PCI Lynx Works
Through a secure direct connection with the payment processing network, Guestline’s PMS will check and authorise the card. It will also store a unique reference number which can be used for future, “Customer Not Present” transactions in the event that a guest does not arrive or cancels outside your terms and conditions.
Immediate payments may also be taken at the time of booking if required. The payment system is controlled through an easy to use, secure management screen.
Credit card details are passed to a Visa certified PCI DSS Level One Service Provider. Only the reference number is stored locally which is useless to a fraudster but can be used by the hotel to make subsequent charges to the card. All payments are paid directly into the hotels bank account thus eliminating further opportunities for fraud.
As part of the PCI Lynx solution Guestline provides:-
- A customised Information Security Policy
- An engineer's site visit to perform a comprehensive wireless security scan and an audit of the hotel's
- firewall and anti virus protection
- An on-line staff training facility in payment card security
- External security scans from an accredited scanning company (required quarterly) with the required certification
- A PCI DSS Self Assessment Form Tool to assist in the completion of this complex document
Principal business benefits of this solution are -
- Simple certification process
- Easy to use secure card management system
- Improved protection of customers' personal data as no card data is held locally
- All card payments are verified as genuine, not on the lost or stolen list and not maxed out
- Payments can be taken in advance via the hotels property management system
- Facilitates, “Customer Not Present” transactions
- Improved protection against PCI related fines that can arise from security breaches
- Increased protection from fraudsters
- Boosts customer confidence by providing higher levels of card data security for the hotel
Since the pilot installation at The Valley Hotel in March 2009 nearly 200 hotels have now contracted for the PCILynx compliance system
“Initially when we received the request from our bank to become compliant and we reviewed the paperwork it seemed an almost insurmountable problem, but Guestline’s PCI Lynx service took away the pain and we were soon able to achieve compliance and of course we also have the comfort of knowing we have virtually eliminated the risk of fraud on our guest credit cards.” Lisa Snape, Sales & Marketing Manager of The Valley Hotel.
“We fully understand the concern of our clients when faced with the long list of complex requirements comprising The PCI DSS standard and we are delighted to be able to offer the only truly comprehensive solution to achieving compliance” Phil Jones, Director of Compliance at Guestline