9 MPOS Best Practices For Travel Industry Businesses

How travel companies can accept payments via mobile device - securely


mPOS devices are a compelling alternative for hospitality and travel businesses to accept payments due to the convenience it offers:

Restaurants can cut back on the time their guests wait to pay, hotels can offer mobile payment options at the concierge for guests interested in reserving a tour or service, and tour guides can upsell additional tours on subsequent days, closing the deal when the guests are most receptive. mPOS terminals in transportation vehicles increase the travellers’ convenience, and chances of using the service again, or of recommending the service to a friend

This list can go on and on.

However, hospitality providers and tourism operators need to be aware of the security measures that should be taken when integrating mPOS solutions in order to ensure they are protected from fraud and misuse.

Proper implementation of these nine best practices provides the security necessary to enjoy all of mPOS solution benefits, with minimal risk.

1. mPOS users must be PCI certified

Any entity that accepts credit cards must uphold the PCI regulations relevant to its volume of business, with the highest level being PCI DSS level 1. PCI DSS level 1 requires more stringent compliance and auditing compared to lower PCI levels. Choose to use a PSP (Payment Service Provider) who is PCI DSS level 1 certified, thereby enjoying the maximum level of security, as well as additional fraud management, such as updated black list analysis and fraud detection algorithm implementation with defined rules, which identify security breaches.

2. Only use apps from trusted sources, like a well-known PCI certified PSP

When installing a mobile payment app on your mPOS device, make sure that it comes from a well-trusted source. Make sure all your previously installed apps are from trusted sources, deleting and wiping all unapproved apps. Restrict the use of unapproved third-party app stores, and periodically check your device to ensure that any new app is from a safe source.

3. Update to the latest version of your operating system

One of the ways to maintain the highest level of security is to keep your device up-to-date, by regularly updating the operating system, such as iOS or Android when the packs are available. If your device becomes obsolete, and no new updates are available, consider updating the devices used.

4. Update your apps as new releases become available

Make sure your apps are up-to-date, by installing updates as they become available, as well. This ensures that you are protected by the latest security measures the app provider has implemented.

5. Make sure your mobile device is not 'rooted' or 'jailbroken'

mPOS payment terminals require little upfront investment in expensive equipment. All that is needed is a smartphone or tablet. However, it is crucial to ensure that these devices have not undergone jailbreaking (iPhone) or rooting (Android) – a common practice to bypass certain manufacturing restrictions.

These restrictions are one of the methods which ensure that only approved apps are installed on the device. The majority of security breaches happen on devices which have been rooted or jailbroken. As many people know how to root or jailbreak a device, it is preferable to routinely check your mPOS devices to make sure they have not been compromised. Set up a periodic reminder to check your devices and follow through on this reminder.

6. Install an anti-malware/anti-virus app

Install an updated, certified and trusted antivirus and anti-malware app or software from an authentic vendor. This will ensure that your mPOS devices are constantly monitored for fraud, and you will be updated instantly in case anything suspicious happens, so you can take action.

7. Do not store sensitive data on your mPOS device

Any data stored on a device is at risk of being compromised. Ensure that your mobile payment app employs encryption of sensitive data and that all data is passed on, and then deleted from the device. Store only the minimum customer data necessary for your records.

8. Create a strong password to lock your mobile device

Your mPOS device is not always in a secure location, as it may leave the premise when on a tour with guests, or be used throughout the hotel or restaurant. Thus, it is imperative to deny access to unauthorized users.

Create a strong password, and keep your device locked. Some modern devices can be locked with fingerprint recognition, so consider implementing this form of authorization on all mPOS devices, thereby ensuring that only your authorized personnel can access and operate them. Also, make sure to define retry and timeout standards, so that an unlocked device is not left open and vulnerable by mistake.

9. Train your staff about proper security measures when accepting payments via mobile device

Most importantly, convey to your employees the importance of security for the business’ reputation. Train your employees on the security standards you have adopted, and on the best practices specified above. Identify security breaches, and perform updated training when these occur. Conduct periodic training, especially for those members of your staff who physically use the mPOS devices to accept payments.

Accepting payments via mPOS can significantly help your hospitality or tourism business grow thanks to its abilities to improve the customer experience and enable you to upsell products and services. Get optimal results from your mPOS payments by implementing the above best practices in your security protocol.


Eran Feinstein is the founder of Direct Pay Online, a global e-commerce and online payments solutions provider for the travel and related industries. With over 14 years of experience leading technology, sales, marketing and operation teams, Eran is an authority in the East African e-commerce and payments arena. He's also an avid marathon runner.


Read next:

Connectivity, Collaboration, Consolidation: What’s In Store For The Telecoms Sector This Year?