Accor puts customer data security first with encryption system roll out


Accor puts customer data security first with encryption system roll out

Bill Goodwin

Accor Hotels is rolling out a multi-million-pound encryption system as part of a programme to safeguard customers' personal information, including credit card details, from the risk of identity theft.

The hotel chain is thought to be one of the first to use encryption technology to safeguard customer data held on hotel systems, central databases and the internet.

It will roll out the encryption system from security software firm RSA to more than 1,300 hotels across North America this year, and is evaluating a roll-out across Europe.

The project follows growing concern from organisations that identity theft and leaks of personal data can irreversibly damage a company's reputation.

Harvey Ewing, senior director of information technology security for Accor North America, said recent high-profile data breaches were one of the deciding factors behind the project.

"I have been in IT security for 10 years and data theft is something you never want to occur. The website documents 100 million breaches since February 2005 and that is just overwhelming. It has definitely had an impact on my strategy," he said.

The system will enable Accor to meet compliance regulations, including the credit card industry's Payment Card Industry Data Security Standard, as well as state reporting laws, which require firms to publicly announce any data breaches if the data is not encrypted.

Accor plans to integrate the RSA key management technology with its existing Unix-based legacy systems, hotel point-of-sale systems, call centres and internet booking systems.

The technology will initially ensure that all credit card data is encrypted from the time it is entered into a hotel point-of-sale system, through the internet or a call centre, but will ultimately allow all customer data to be encrypted.

"We are looking at credit card information in the first instance, but with ID fraud becoming more common we wanted architecture that is able to encrypt any data. If we decide names and address are confidential we can start to seamlessly encrypt them," said Ewing.

Read David Lacey's security blog

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy