Hapi Achieves PCI-DSS Service Provider Certification
Hotels have a tough time staying PCI compliant. Systems that hold credit card data need to be PCI compliant. Recent PCI audits are now calling for systems that connect to 3rd parties holding credit card data, to also be PCI compliant. For hotels, this means that any solution touching the PMS may need to be PCI compliant even if the system itself does not deal with credit card data.
There is a new approach to solve this dilemma for hotels. The Data Travel team has achieved PCI-DSS Service Provider certification for Hapi. This certification gives Hapi platform users additional peace of mind that the appropriate measures are in place to secure their sensitive payment data. Equally important, hotels can connect non-PCI compliant solutions to Hapi to access data instead of direct PMS connections and stay compliant.
“Compliance is not the reason to use Hapi,” says Luis Segredo. “While compliance is critical, the real reason to use Hapi is that it is simply a more secure way to share guest data. Hapi serves as a data firewall of sorts for hotels that protects the system of record and filters PCI and PII data.”
Data Travel, the developers of Hapi, went through a rigorous process to ensure that its people, processes, and systems properly protect customer and payment data. In this era of GDPR, Hapi has been designed and built with data security & privacy as a first concern. Still, achieving PCI-DSS certification is a significant milestone for Data Travel and its customers using Hapi.