Against the rising tide of data breaches, corporate travel
managers are seeking ways to help protect the personal and financial
information of their companies' travelers moving forward.
A recently disclosed data breach that exposed the
information of up to 500
million Starwood guests was just the latest in a spate of announcements of similar hacks
that have hit major hotel brands over the past several years. Given the
ubiquity of a major hotel brand like Starwood, which Marriott acquired in
September 2016, it's "nearly impossible" for corporates to stop
partnering with such a brand, noted one travel and payment manager for a Fortune
500 company who preferred to remain anonymous. Furthermore, cutting ties with
one brand doesn't eliminate the risk another hotel partner might suffer its own
breach.
With breaches essentially unavoidable, companies could push
hotels to commit to more specific remediation when they do occur. The travel
manager with whom BTN spoke said their firm currently only uses general
liability language in its contracts with suppliers. However, in the wake of the
Starwood breach, it "would certainly consider" adding specific
covenants around card and passport replacement requirements on behalf of employees
whose data may have been exposed.
Meanwhile, the continued threat of breaches could boost the
growing interest in virtual cards in the corporate travel sector. Security is a
major selling point of virtual cards, which are used only once, meaning card numbers
are subsequently useless, even if they fall into the hands of hackers.
Bill Amaral, business partnership and travel manager for the
state of California, said protecting state employees against data breaches was
a major factor in his push to transition the state's travel payment process to
an almost entirely virtual card-based model, beginning in 2014. "The risk
of having credit card info [on file] at every single hotel site definitely
caused a concern for us and our travelers," Amaral said. "When we
went out and did the training for the virtual card program, security was the
single most asked about question" by travelers. The Home Depot had suffered
a major breach around that time, which had increased awareness of the issue
among employees, he added.
And with the next breach likely not far off, the benefits of
virtual cards will become only more apparent, according to Amaral. "The
more these breaches happen, the more [virtual cards] are going to be part of
the conversation" for corporate travel managers, he predicted.