Tablet Hotels
About the Company
Tablet Hotels is the official hotel-selection of the Michelin Guide, celebrated for giving its users the ability to quickly and easily book the world’s most exciting hotels. As a next-generation booking platform for luxury and boutique hotels, Tablet works closely with online travel agencies and channel managers to make reservations and exchange cardholder data.
Product Used: Universal Tokens
Get rid of sensitive data
In order to reduce risk and simplify compliance, Tablet wanted to find a way to remove cardholder data from its environment, but it still needed to be able to easily and securely transmit that data to channel managers, Online Travel Agencies (OTAs), and PSPs without bringing it back into their internal systems.
“That was the killer point: How do we get customer credit cards out of our networks?” Tablet Hotels Head of Engineering Henry Mendez Jr. said.
To solve this problem, IXOPAY captured and tokenized incoming cardholder data before it entered Tablet’s systems and then securely transmitted that data to Tablet’s ecosystem of third-party partners, enabling the hotel curator to operate securely without incurring unnecessary risk or cost.
Reduce risk, keep flexibility
As a result of working with IXOPAY, Tablet instantly reduced its PCI footprint while enabling the flexibility it needed to preserve its existing operations – saving tens of thousands in development costs and virtually eliminating the potential impact of a breach. Additionally, it simplified the typically painstaking process of PCI assessments.
“We haven’t been dinged for any security risks through our credit card handling process,” Mendez said. “All of our OTAs require an attestation of PCI compliance, and with IXOPAY, it’s never been questioned.”
How it works
Tablet collects credit card numbers via its desktop or mobile checkout page, where the PANs are captured and tokenized by IXOPAY. Then IXOPAY exchanges the card data for nonsensitive placeholder tokens that Tablet can securely store and share. When Tablet needs to transmit data, it returns the token to IXOPAY, and then IXOPAY sends the sensitive data to the desired endpoint.
“The IXOPAY platform fit our problem perfectly. It’s been beneficial for reducing risk and showing our parent company, Michelin, that security is one of our top priorities, and then it also has the backend flexibility we need to transfer data to our partners without bringing PCI into our networks. It was essentially a no-brainer.”