As if the travel, leisure and hospitality industries aren’t having a hard-enough time right now, the latest headlines*1 make for sobering reading.  Leading online brands Expedia, Booking.com and Hotels.com have reportedly been the subject of a third party cyberattacks, which has led to potential breaches of booking information – including names, email addresses, telephone numbers and payment data.

On top of this Ticketmaster*2 has this month been fined £1.25 million by the UK’s Information Commissioner’s Office for failing to keep personal data secure via  its online payment page back in 2018. Again, this led to a data hack compromising customers’ payment card information.

As we know, payment card data is likely to be considered the ultimate prize for hackers and it is imperative that businesses consider any areas of potential vulnerability in systems and processes to prevent these types of incidences from occurring.  In doing so, it will not only help firms avoid significant financial penalties from regulators, but also the significant reputational harm that cyberattacks of this nature have on the brands in question.

From the research we conducted a significant three quarters (74%) of consumers said that they would avoid shopping with a brand for a ‘few months’ if they are aware that the organisation has been the subject of a data breach or hack in the last year.

This illustrates the significant risk facing businesses today and emphasises the importance of using technologies that ‘de-scope’ organisations from the requirements of PCI DSS and remove the sensitive cardholder data from their infrastructure – meaning risk is removed as there is no sensitive data stored to steal.

Being able to prove that technology and strict protocols are in place also provides assurances to customers that organisations are taking the security of their personal data seriously, and will hopefully give consumers’ confidence on where they decide to take their spend.

 

References:

  1. https://www.itgovernance.co.uk/blog/millions-of-expedia-and-booking-com-customers-at-risk-after-data-breach?utm_source=Email&utm_medium=Macro&utm_campaign=S01&utm_content=2020-11-13
  2. https://www.aol.co.uk/news/2020/11/13/ticketmaster-fined-a-1-25-million-for-2018-chat-bot-cyber-attack/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAADspQxhjbb8IH7zPDqeAVLcv7-iP7EQF9j7NNKCayNbMVsvSZ3aA1k_jMfhnUnKFwn5hXs6wQYpaFx_1nAdq13Kz41tXEhIKhJuqlx7hZrGYL7-58ojUL1fn29RLj1cQj0NIJHqg96BPzCemhZlL3z_kogUqe3OZ4Yci9Hjp2HHT