powering tour and activity businesses worldwide

Securing Your Online Booking Engine

Your online booking engine has to be secure.  If you are currently requesting credit card information on a page that is NOT secure, you are in violation of your merchant agreement and could face severe penalties if you do not secure it. Let’s take a look at some simple precautions you can take to ensure your booking website is secure:

  1. Secure certificate: Your booking website should be protected with a secure certificate.  If you are using a web host, you can ask them to set one up for you for your booking page.  In general, secure certificates cost between $99-$499 per year.  Set-up will also run about $100.  Rezgo, for example, uses a much higher level of security and there will not be any additional cost associated with this.  If you install the WordPress plugin on your own website, then you will be required to set-up your own certificate if you want to handle the payment processing on your own site.  If you have your own website but are using Rezgo as your tour reservation system to handle your online bookings, then you won’t need to purchase your own secure certificate.
  2. Use a payment gateway: If you plan on accepting payments online from your customers, then use an approved payment gateway to process your credit cards in real-time.  Using a payment gateway instead of taking credit card information manually or over the phone reduces your risk of credit card theft and ensures that your customer data is secured.  A payment gateway is particularly well suited to operators who sell vouchers for their tours or activities.  Specialist operators who sell high priced packages that require a deposit may not need a payment gateway because they tend to receive payments in steps.  Integrating a payment gateway can be tricky business and will require a developer if you plan on doing yourself.  If you are using a web booking system like Rezgo, they will probably support some or all of these popular gateways.  This alone, could say you $1500 – $2500 in development fees.  But what about hosted payment pages such as 2checkout, Paypal standard payments, or bank specific payment pages?  These options are reasonable alternatives to fully integrated solution but can actually be much more cumbersome from an administrative standpoint and tend to have a much higher booking abandonment rate than integrated payment solutions.  If the booking solution you plan to use only supports hosted payment pages, you may want to consider looking for a package that supports a more robust payment integration.  Rezgo for example only supports fully integrated payment gateways in order to maintain the integrity of the customer experience and increase your brand credibility.
  3. PCI Compliance: Even if you don’t plan on using a payment gateway, you should ensure that your website is PCI Compliant, which means that your site is scanned for vulnerabilities and checked to ensure that known security issues are addressed in a timely manner.  If you plan on integrating a payment gateway, you will be required to be PCI compliant before your gateway is activated.  If you use your own website and booking page, then you will be responsible for PCI compliance.  If you use a web-based tour/activity booking system that is PCI compliant such as Rezgo, it can save you about $500 per year in compliance scanning costs.  If the tour operator software you are using is not PCI compliant, you may want to consider switching to a booking system that is PCI compliant.

Questions to ask your developer or web booking software vendor:

  1. Is the booking process secured with a high encryption secure certificate (256 bit or higher)?
  2. Are you directly integrated with payment gateways via secure APIs?
  3. Is the system PCI compliant?
  4. Do you store the CVV2 data or send it via email?

If the your current web booking software vendor answers “No” to questions 1-3 or "Yes" to question 4, you should consider switching to a secure platform.

Security and credit card safety are no laughing matter and your failure to protect your customers’ valuable personal and payment information can result in severe penalties.  By ensuring that your booking website is both secure and credit card safe is not difficult nor does it have to be expensive.  By partnering with the right software partner (one who clearly understands the importance of PCI compliance and security) you can be sure your booking process is safe and secure.

Written by

Stephen is the CEO and Co-Founder of Rezgo. He has been working as a travel & tourism technology consultant since 1995. Stephen is active in fostering tourism technology and is a Past Chair of the OpenTravel Alliance. He is also a regular contributor for Tnooz, a leading travel technology media site, and speaks regularly at conferences around the Globe on travel & tourism technology, messaging standards, and industry trends.

We would love your feedback