- This validation, processed by A2SECURE’s QSAs auditors, ensures compliance with the payment card industry security standard in the hotels we work with
- “The most important value that Dingus brings in comparison with other market proposals is that of ensuring compliance with the rule throughout the life process of the reserves. This approach allows us to assure our clients, without any kind of doubt, that they comply with PCI”
At the same time that the hotel sector was beginning to talk about compliance with private regulations promoted by the payment card industry (PCI-DSS), we understood, as a provider of technology for the commercial distribution of hotels and tourist properties, that we had to implement the certification process in the standard for the security of bank data. The process, led by the authorized auditors QSAs of A2SECURE, has concluded in the most favorable way for Dingus: with the seal PCI Compliance Service Provider Level 1.
This certification closes a cycle that began three years ago when “we decided to prioritize the development of a product strategy that would assure our clients what was foreseen in the PCI standard. At that time,” recalls CEO Jaume Monserrat, “we already realised the enormous lack of knowledge about a vital issue that has a decisive influence on consumer confidence when making purchases over the Internet“. The norm existed, but there was also a lax way (at the time) to interpret it, something that was no excuse for Dingus “when it came to dealing with security in payments, something that sooner or later would be of capital importance in commercial transactions between our clients and their distribution channels“.
In the course of the months invested in the development of the Book&Payment product and the PCI certification “we have realised the real importance of our customers having advanced tools, as well as our positioning from the deployment of the strategy. The value of Dingus as a PCI company is to ensure 100% the reservation process from any sales channel and regardless of its nature, increasing the trust of the customer, the channel and the rest of the stakeholders that form the range of integrated solutions of one way or another with our products ”.
The advantages for the hotel of having a Channel Manager certified in PCI-DSS
As the A2SECURE experts explained in an article you can read by clicking here, there are two actors who can really help the hotelier simplify compliance. They are “both Channel Managers and PMS and, between the two, especially the Channel Managers, since due to their type of business they have been able to move earlier to the Cloud and offer their services effectively as a service. The CM, being a concentrator of many booking channels, has circulating through it a very high percentage of the cards that a hotel has to manage. Thus, the Channel Manager has the capacity to intercept these cards, store them in delegation by the hotel, and prevent them from entering the hotel’s own systems, simplifying part of the PCI-DSS compliance to the establishment. Finally, through integrations with PMS and payment gateways, it is possible to close the collection processes avoiding both that the card arrives at the hotel and that it is often visible to the staff”. According to A2SECURE, Dingus has chosen as its compliance strategy a novel solution “that supports regulatory requirements under the prism of improving their level of cybersecurity and making life easier for hotels, thanks to the collection management platform Book&Payment”.
A stage with incognites
At Dingus we believe that there are many good solutions on the market, which ensure that the company providing the solution complies with PCI “but forgets that, in itself, PCI is a process that cannot be broken at any time, which is something that companies should be vigilant about. Our technological solutions and the knowledge accumulated over the years through (also) meetings for analysis with collection platforms, banks and other intermediary actors, allow us to ensure that in our case this procedure is not truncated at any time, and that any stakeholder that connects with us will comply with PCI“. To ensure this point, Dingus developed a proprietary environment “where customers’ reservations remain under the SLA they have signed with us”.
PCI is an important technological step, although still with many doubts in the issuing entities, intermediary platforms and banks of the tourism industry. For this reason we collaborate actively with these entities and with the main actors of the distribution, in the development and application of the regulations for all the cases and legal regulations that may arise. With PCI Compliance Service Provider Level 1 certification, Dingus takes payment security one step further. But we believe that there is still a long way to go and that is why we continue to work and innovate.