Much work is needed for email authorizations to supplant old-fangled faxes as the de facto standard for virtual card authorizations. That is, if the industry cannot first dispense with both.
Conferma last month described its new encrypted email solution as a PCI-compliant “breakthrough.” The company says it is cheaper than sending faxes and approved by such banking partners as American Express and Barclaycard. Other virtual payment firms also are looking at email authorizations. There are some obvious advantages over faxes, but emailing isn’t a perfect model.
“It’s not the most elegant process but at least it’s consistent and doesn’t require hotels to get into any technical work,” said Conferma CEO Simon Barker. “They can all deal with an email.”
The Conferma Connect program also includes direct connections to some hotel groups’ property management systems and API connectivity. Properties can decide which mode suits them best. Barker said “the vast majority are embracing email.”
CSI globalVcard has been testing a secure email option for a few months. “Quite a few hotels” prefer it over faxes, said senior vice president Juliann Pless. For now it’s a back-up option. She explained that when a fax transmission fails for whatever reason, the hotel can choose to receive the authorization by email. CSI is working toward offering email as a primary transmission option for agencies and corporate clients.
Wex said it’s been sending virtual card info by email to hotels since 2007. “In our experience, many hotels still prefer fax over email for their own internal processes, which is why we provide the ability to deliver both methods at no cost to our customers,” according to Mike Reinlein, director of sales for Wex Virtual Payments in North America. “Our hope is that all hotels will eventually shift to email delivery to ease the traveler’s experience and simplify the hotel staff’s workflow, but change takes time.”
Grasp Technologies director of virtual payment solutions Michael Duffy said his company also has looked at email and may use it as “a supplement.” But encrypted emails, he said, actually may add complexity. “If starting from scratch,” according to Duffy, you’d use email over fax. Because today’s standard is faxing, “adding another communications channel into the mix may be a little better, maybe not.”
As with faxed payment authorizations, hotels need to get onboard. This means properties must determine how they’ll configure systems to accept encrypted emails and which addresses to use.
Speaking this week at Sabre’s Connect conference, Hilton Costa Mesa business travel sales manager T.J. Ransom said companies in requests for proposals should specify all that, just as they should for fax numbers.
CWT Energy, Resources & Marine works with Conferma, Sabre and a bunch of banks used by clients. Americas vice president John Vawter said that for encrypted emails, Conferma or CWT would get the proper address from the hotel. Conferma then would “ping” it. “There’s a little more validation behind the new process,” Vawter said. “From a PCI standpoint that has to happen anyway.”
Like others, Ransom can see a more integrated future. He pointed to digital check-in and digital room keys that allow guests to bypass the front desk. If payment is tied in, that would “eliminate the need for faxes and email altogether.”
Many see global distribution systems as the best bet for progress in that direction. “They will be the conduit of change, and maybe online booking tools as well,” Duffy said. “The booking channel is the means to transmit that information and keep it as seamless as possible.”
He said Graspay, a Wex partner, integrates with GDSs and online booking tools. “If the GDSs tell us there is a particular field — a place for this information — and you don’t need to send a fax, then we’ll rapidly adopt that,” Duffy said. “We don’t want to do the faxing either.”
He alluded to Choice Hotels’ faxless process that uses a specified GDS entry, calling it “an innovative approach.”
That’s a one-off solution. Pless said to achieve the ultimate goal, “a standard across GDSs” is needed. GDS operators have stated general support for such a development. Big hotel chains also prefer that approach.
“The long-term solution is machine-to-machine connectivity,” Barker said. While he agreed it’s on the GDSs to get on the same page, he also noted that not all hotel reservations use one of those systems. That means multiple, standardized solutions for the industry will be necessary.
In the meantime, most virtual card transactions are using faxes. CWT ERM now has about 30 customers using virtual payments, Vawter said. Volume amounts to 20,000 virtual card numbers a year. He said that’s “good momentum” despite the energy sector downturn.
In North America, much of the action is with hotels. Vawter said clients also use virtual payments for air travel, especially with low-cost carriers in other regions. He and a few others noted how car rental is a bit trickier, since credit card numbers aren’t needed to make a reservation.
“Some day, you will have a card number for your entire trip and maybe you’ll use Apple Pay to pay for your taxi or whatever else you are going to do,” Vawter said. “That is the eventuality of all this, to get rid of walking plastic. And at the end of your trip, you press a button to file your expense report.”
Apple global process lead for travel Stephen Olson said he’s “quite keen” on the company using virtual payment around the world for its own business travel. “We still have some gaps and currencies that you can’t do today,” he said during the Sabre event. “Once we can tie those loopholes we’ll be in good shape.”
Apple operates as an ARC-accredited Corporate Travel Department. It overcomes the issue of bad fax numbers by maintaining an internal database. Olson said that “all agents can regenerate a fax to a different number if we need to.” He also said Apple will try Sabre’s mobile solution to support virtual payments.
Additional info: Conferma said Conferma Connect “is the first PCI-compliant way to send virtual card details to suppliers without the need for a fax machine.” According to the PCI Security Standards Council, the Payment Card Industry Data Security Standard (PCI DSS) applies to one-time account numbers based on “the particular restrictions around their usage as defined by the payment brands.” Wex and CSI, for example, pointed to MasterCard information explaining that “single-use virtual cards do not require PCI DSS be applied because these cards are inactive/disabled after use.” Visa Europe has said the same. Conferma’s Barker said single-use cards using tokens can fall outside PCI DSS, but regardless of the configuration, complying with PCI standards is a best practice.