Reply to post: Re: Card numbers

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years

Anonymous Coward
Anonymous Coward

Re: Card numbers

"Just like the APIs that most card processors provide, and have done for years?"

There's a little bit more to it than that. Fine if you are just creating an e-commerce website but dealing with a full fat property management system that is interlinked with multiple third party system, then the payment service provider is just a small chink in the chain. There are multiple factors involved with running full tokenisation, including the requirement for a hotel's special allowance to do long term deposits, card authorisations and end-of-day re-authorisations (once again across multiple systems from different suppliers).

SO the API that allowed it for Opera (which Marriott uses AFAIK) has only become properly available in proper way since the Oracle Payment Interface and API became available to use this year. Even then it only works with a PSP and that supports it, and they in turn have to support your PED and both of them have to support your Acquirer, which also have to support your bank. If you have legacy suppliers it gets a bit harder.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon