Your booking page, whether you create it yourself, or you use a software product has to be secure. If you are currently requesting credit card information on a page that is NOT secure, you are probably in violation of your merchant agreement and could face severe penalties if you do not secure it. Okay, now that I've raised the red flag, let's take a look at some simple precautions you can take to ensure your booking website is secure:
Secure certificate: Your booking website should be protected with a secure certificate. If you are using a web host, you can ask them to set one up for you for your booking page. In general, secure certificates cost between $99-$499 per year. Set-up will also run about $100. If you are using a software as a service booking system, make sure they are using a secure certificate during the booking process. In most cases these hosted solutions will use a higher level of security and there will not be any additional cost associated with this. If you have to install the system on your own website, then you may be required to set-up your own certificate. If you have your own website but are using a web-based tour reservation system to handle your online bookings, then you probably won't need to purchase your own secure certificate.
Use a payment gateway: If you plan on accepting payments on-line from your customers, then use an approved payment gateway to process your credit cards in real-time. Using a payment gateway instead of taking credit card information manually or over the phone reduces your risk of credit card theft and ensures that your customer data is secured. A payment gateway is particularly well suited to operators who sell vouchers for their tours or activities. Specialist operators who sell high priced packages that require a deposit may not need a payment gateway because they tend to receive payments in steps. Popular payment gateways include PayPal Website Payments Pro, Authorize.net, Chase Paymentech, iTransact, Ogone, Payjunction, Eway, DPS Payment Express, and PPI Paymover. Integrating a payment gateway can be tricky business and will require a developer if you plan on doing it yourself. If you are using a web booking system, they will probably support some or all of these popular gateways. This alone, could save you $1500 - $2500 in development fees.
But what about hosted payment pages such as 2checkout, Paypal standard payments, or bank specific payment pages? These options are reasonable alternatives to fully integrated solution but can actually be much more cumbersome from an administrative standpoint and tend to have a much higher booking abandonment rate that integrated booking solution. If the booking solution you plan to use only supports hosted payment pages, you may want to consider looking for a package that supports a more robust payment integration.
PCI Compliance: Even if you don't plan on using a payment gateway, you should ensure that your booking page is PCI Compliant, which means that your site is scanned for vulnerabilities and checked to ensure that known security issues are addressed in a timely manner. If you plan on integrating a payment gateway, you will be required to be PCI compliant before your gateway is activated. If you use your own website and booking page, then you will be responsible for PCI compliance. If you use a hosted tour operator software, then chances are that the software will go through its own PCI compliance. If you use a web-based tour/activity booking system that is PCI compliant, it can save you about $500 per year in compliance scanning costs. If the tour operator software you are using is not PCI compliant, you may want to consider switching to a booking system that is PCI compliant.
Questions to ask your developer or web booking software vendor:
Is the booking process secured with a high encryption secure certificate (256 bit or higher)?
Are you directly integrated with payment gateways or do you only support hosted payment pages?
Is the system PCI compliant?
If your current booking form or web booking software vendor answers "No" to any of these questions, you should consider rectifying the situation by securing your booking form or switching to a more secure platform.
About the Author
Stephen Joyce is CEO of Rezgo.com, a cloud based software as a service reservation platform designed for tour & activity providers. Mr. Joyce has been a technology consultant since 1995 and has extensive experience with developing websites for the travel & tourism industry. For more information about Rezgo.com or to sign-up, please visit http://www.rezgo.com.
This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.
沒有留言:
張貼留言