Two years ago, an article released by Allied Market Research estimated that the global online travel industry will potentially reach $1,091 Billion in 2022. Per the report, analysts stated that direct bookings through hotels, airlines and car rental companies will play a major role in this number, but Online Travel Agencies (OTAs) will witness a higher growth over the next 5-6 years.
The potential growth of the online travel market is great, however, it brings up questions and concerns about network security with payments, user data and user privacy. According to the statistics, the top two most concerning areas in regard to network security are Payment Fraud and Personal Data Leak. Fortunately, the industry has developed two major protocols that will lessen the opportunity for these concerns to occur.
Online Payment Security
The Payment Card Industry (PCI) Data Security Standard was established by the founding members of the PCI Security Standards Committee– Visa, Mastercard, American Express, Discover Financial Services and JCB– to adopt consistent international data security measures which are now referred to as PCI DSS.
PCI DSS created standard requirements for all security aspects related to credit card institutions including security management, policy, process, network architecture and a list of software design requirements that comprehensively ensure security on each transaction. PCI DSS applies to all entities that are involved in payment card processing including merchants, processing agencies, purchasers, distributors and service providers as well as all other entities that store, process or transmit data of cardholders. PCI DSS includes a set of basic requirements for protecting cardholder information and may add additional controls to further reduce risk of fraud or leaks.
In early 2009, DerbySoft received the first PCI certification to ensure the safety of online payment security, which was also accepted by the major OTAs in the industry. There was an update to the PCI certificate which included cardholder’s data protection, password protection, wireless transmission protection and encryption of sensitive content during transmission over public networks to which DerbySoft met all these requirements. Under the current PCI Certified Payment Security, major OTAs can safely transmit customers’ payment information to DerbySoft which makes real-time booking online seamless.
User Data Security
On May 25, 2018, the European Union issued the General Data Protection Regulation (GDPR), ensuring data and privacy protection for all individuals within the European Union by regulating the export of personal data outside of Europe. The main goal of GDPR is to protect the citizens and residents of the EU in regard to their personal data as well as to simplify and create consistent norms within the EU for international business.
Additionally, the EU requires all online customer data to be encrypted, and GDPR gives customers the ability to delete or change their own information at any time. If a company violates GDPR, the EU could impose a fine anywhere from €10 million to 4% of a company’s worldwide annual revenue from the prior fiscal year, whichever is higher.
DerbySoft fully complied with the new EU requirements in May 2018 and believes in the the protection, privacy and security of customers’ data online.
As an international travel technology company, DerbySoft works with more than 180,000 hotels around the world and processes 8 million room night bookings per month. Even though DerbySoft is both PCI and GDPR compliant, the company maintains a high-level of standards for self-supervision to ensure the security of online bookings, payments and user data when working with hotel groups, OTAs, metasearch engines, distributors and wholesalers.