Hotel Online
News for the Hospitality Executive

HTNG Unites Leading Hotel Groups to Reduce Vulnerability
of Customer Payment Card Information

HTNG Secure Payments Framework for Hospitality Reduces the Cost and Complexity of
Securing Customer Payment Card Information and Satisfying Compliance Requirements

ATLANTA | February 27, 2013 – Hotel Technology Next Generation (HTNG), the membership association  that unites the world’s hospitality companies and technology innovators to solve industry challenges, today announced the availability of the HTNG Secure Payments Framework for Hospitality.  The Framework is a collaborative effort of over a dozen HTNG members representing the world’s major hotel groups that will improve payment card security across the industry, and greatly reduce the cost and complexity for hotels of all sizes of satisfying Payment Card Industry Data Security Standards (PCI-DSS).

The hotel industry is widely reported to be one of the most frequent targets of credit card thieves.  The structure of the hotel business contributes to its vulnerability, as it typically requires that customer payment card information be available for use over a period of weeks or months.  Additionally, the hotel booking ecosystem requires frequent exchange of payment card data among unrelated businesses, such as OTAs, brands and franchisees.  Compounding these risks is the fact that many hotels are independently owned small businesses that lack the technical expertise and budget required to implement payment card security measures that can keep pace with the increasing sophistication of criminal organizations attempting to steal this information.
The HTNG Secure Payments Framework for Hospitality was unveiled at the Hotel Technology Next Generation (HTNG) North American conference in Atlanta.  The Framework achieves its core objective by defining a viable, cost-effective approach to credit card security by ensuring that no hotel system would ever need to process, store, or transmit payment card data.  Achieving this objective removes the most difficult and expensive aspects of PCI compliance for hotels.  While some larger hotel companies may still choose to retain payment card data in certain systems, the Framework allows this to become a conscious choice, rather than a necessary risk of doing business.

The HTNG Secure Payments Framework for Hospitality also creates significant new business opportunities for technology vendors and service providers who already operate within PCI scope, such as payment gateways, merchant acquirers and payment terminal manufacturers.  “The objective is to let hotels focus on hospitality, and let the payment services industry deal with payment card security,” said Douglas Rice, HTNG’s Chief Executive Officer.

Due to the critical, industry-wide need to confront the escalating threat of payment card information theft, HTNG is making this Secure Payments Framework for Hospitality document available to all interested parties throughout the hospitality industry and its suppliers regardless of HTNG membership.  “This is a major milestone that has the support of the leading companies in our industry,” said Rice.  “But it will only be fully effective in protecting hotel customers if every hotel company, every independent hotel, every application vendor, every distributor, and every payment service provider uses it.  By making it widely available and freely usable, we will accelerate the adoption of the solution that can soon make payment card information breaches and the high cost of PCI compliance yesterday’s problem for hoteliers.”

Numerous leading PCI-qualified security assessors (QSAs) in North America and Europe have reviewed the HTNG Secure Payments Framework for Hospitality over the past 18 months at the request of HTNG and its participating hotel security executives.  Their evaluations to date support the position of participating hotels that the Framework incorporates known best practices, and — when properly and fully implemented — can remove hotel systems from the scope of onerous PCI validation requirements.  Today, those requirements typically apply to property management systems (PMS), point of sale systems (POS), central reservations systems (CRS), booking websites, e-mail systems, fax servers and other applications commonly used by hotels.  Both HTNG and the QSAs remind hotels, however, that even though their systems may be taken out of scope for PCI compliance by implementing the Framework, other PCI requirements still apply, as they would for any merchant that accepts payment cards.

The HTNG Secure Payments Framework for Hospitality builds upon, rather than replaces, extensive payment card security solutions that several major hotel groups, as well as their payment service providers, have already implemented.  In particular, it supports all known variations of “tokenization,” a widely used approach that replaces sensitive payment card data with a token, or marker.  Hotels can use tokens to process payments, but they expose no sensitive customer credit card information to potential thieves.  The Framework also incorporates emerging payment card industry approaches for card capture (e.g. swipe devices) based on point-to-point encryption (P2PE).  In addition, the Framework solves challenges that even the largest hotel groups have found difficult or impossible to address through tokenization or encryption approaches, including:
  • Accepting third-party reservations containing payment card information, without exposing at least one hotel system (and often many) to sensitive card data
  • Allowing customers to provide payment card data during voice reservation transactions, without exposing the agent, call center system, or call recording systems to PCI scope
  • Allowing unrelated business entities (e.g. brands, franchisees, OTAs) to send reservations with payment card data, without exposing either party’s systems to sensitive card data, and without requiring the parties to use the same security approach, tokenization provider, or payment gateway
  • Accepting payment card data through hotel web sites without bringing any hotel systems into the PCI scope
  • Accepting information submitted by customers through e-mail, fax, or document upload (e.g. meeting planner spreadsheet), without exposing hotel systems to PCI scope
  • Supporting research of credit card transactions by hotel staff, such as for dispute investigation, without bringing hotel systems or networks into PCI scope.
The HTNG Secure Payments Framework for Hospitality also specifies the need for new payment products and services to meet certain unique needs of the hotel industry.  Several participating hotel companies have already begun discussions with their payment service providers and systems suppliers to develop products and services that are compatible with the Framework, many of which are expected to be announced in the coming months.
The full HTNG Secure Payments for Hospitality Framework specification document is available at: .
About Hotel Technology Next Generation
The premier technology solutions association in the hospitality industry, HTNG is a self-funded, nonprofit organization with members from hotel and hospitality companies, technology vendors to hospitality, and other industry members including consultants, media and academic experts.  HTNG’s members participate in focused workgroups to bring to market open solution sets addressing specific business problems.  HTNG fosters the selection and adoption of existing open standards.  Where necessary, it also develops new open standards to meet the needs of the global hospitality industry.

Membership in HTNG is open to hotel and hospitality companies, technology vendors to hospitality, consultants, academics, press and others.  Currently more than 400 corporate and individual members from across this spectrum, including most of the world’s leading hotel companies and technology vendors, are active HTNG participants.  HTNG’s Board of Governors, consisting of 19 top IT leaders from hotel companies around the world, itself has responsibility for about 3.5 million guest rooms.  HTNG publishes workgroup proceedings, drafts and specifications for all HTNG members as soon as they are created, encouraging rapid and broad adoption.  Specifications are released to the public domain as they are ratified by the workgroups.  For more information, visit
Media Contact:

Bill Fallon
212 925 6900 (o)
973 768 6764 (m)

 Receive Your Hospitality Industry Headlines via Email for Free! Subscribe Here

To Learn More About Your News Being Published on Hotel-Online Inquire Here
Also See: Agenda Topics and Speakers Set for Hotel Technology Next Generation’s (HTNG's) 9th Annual North American Conference to Occur February 26 - 28, 2013 in Atlanta, Georgia / February 2013

Hotel Technology Next Generation (HTNG) Names EMEA Technology Innovators’ Award Winners; Rotana Hotels and Resorts, Hotel St. Gotthard Basel, and Kempinski Mall of the Emirates, Dubai Recognized for Creative and Innovative Applications of Existing Technology / January 2013

HTNG Releases New Technical Standards; New Guestroom Technology and Point-of-Sale Interfaces Available, as well as Expanded Customer Profile and Distribution Specs / October 2012

Top Hotel Technology Issues on Tap in Vienna; HTNG Releases Preliminary Agenda for 7th Annual European Conference to Occur December 4-6, 2012 in Vienna, Austria / October 2012

Hotel Technology Next Generation (HTNG) Fiber Optic Effort to Help Hotel Network Designers Meet Guests’ Future Bandwidth Needs; Planned Resources to Include Best Practice Documents, Design Guides, a Bandwidth Calculator Tool and Webinars / September 2012

Multi-Company Effort Creates New Solution to Guest Room Remote Control Challenges; Group of Hotel Technology Next Generation (HTNG) Members Publish New Standard for a Single Remote Supporting Multiple Devices / July 2012

Hotel Technology Next Generation (HTNG) Releases Interface Specifications; Sets Sights on Point-of-Sale Integration with PMS / May 2012

Agenda Topics and Speakers Set for Hotel Technology Next Generation’s (HTNG's) Conference to Occur in Chicago April 2-5, 2012 / March 2012

Entry Deadline Approaching for Hotel Technology Next Generation's (HTNG) Most Innovative Hospitality Technology Award; Entry Deadline is February 24, 2012 / February 2012

Agenda Topics and Speakers Set for Hotel Technology Next Generation’s (HTNG) Annual European Conference to Occur in Berlin, Germany Starting November 14, 2011 / October 2011

Major Hotel Groups Joining Forces to Improve Security of Credit Card Data Processing / September 2011

Hotel Technology (HTNG) Elects 15 Members for its First Vendor Advisory Council / August 2011

Agenda and Speakers Set for Hotel Technology Next Generation’s (HTNG) Inaugural Members Meeting in Dubai, May 15-16, 2011 / April 2011

AH&LA, HTNG and HFTP Issue a Joint Statement On Credit Card Security Urging Hotel Managers to Take Immediate Action / March 2011

Top Speakers and Issues on the Agenda for Hotel Technology Next Generation's 7th Annual North American Members' Meeting; Topics Include IT-Free Hotels and the Changing Face of Credit Card Breaches / February 2011

To search Hotel Online data base of News and Trends Go to Hotel.OnlineSearch

Home | Welcome | Hospitality News
| Industry Resources

Please contact Hotel.Online with your comments and suggestions.