In travel, there are still many online booking systems and channel managers using one of the following payment methods;

  1. A simple email form where the buyer sends the credit card details in an email directly or via a web form to the operator. Who then has to manually process payment using their EFTPOS as if it were an over the phone booking. This is simple to setup but is the most dangerous way to handle an online transaction. But it’s still very common.
  2. A supposedly ‘secure’ email form passes the credit card information to a supposedly ‘secure’ server generally hosted by a channel manager. The operator then needs to manually retrieve the card details from the channel manager. Again, the operator then processes the payment as if it were a phone transaction.

The problem is the consumer believes they’re making a secure online payment. They are not aware that their credit card details will be stored and accessed by anyone.

Card details stored on a server, even if only for a short time, can allow hackers to capture numerous credit cards details at once by breaking into one computer.

In both these methods, the payment doesn’t occur when the buyer enters the credit card detail, but later when the operator handles it. The buyer must wait a period of time before acceptance and confirmation of the payment.