Key Considerations for Restaurants to Keep in Mind When Selecting a Digital “Vaccine Passport”

As of mid-October, more than 6.7 billion COVID-19 vaccine doses have been administered across the globe, meaning more than 47% percent of the world’s population have received at least one dose. As vaccination rates are increasing, this signals a promising return to normal and a boost in travel. It’s no secret the hospitality industry has been anticipating a travel boom for the remainder of the year and with the Delta Variant emerging, vaccination requirements are becoming more widespread across the industry as the world bands together to stamp out COVID-19.

Vaccine verification is a key component of a successful and prosperous return for the hospitality industry. As we continue to see a rise in sophisticated fake COVID-19 vaccination cards and certificates on the Dark Web, people need to do more than show paper documentation to prove vaccination status. For example, the European Union’s Digital COVID Certificate allows EU citizens to easily verify their vaccination status and use a QR code to travel. We’ve also seen organizations like the International Civil Aviation Organization (ICAO), a United Nations agency, pave the way for the international community with a standardized Visible Digital Seal (VDS). This vaccine verification solution not only uses tokens and Public Key Infrastructure (PKI) to digitally sign the data within the VDS, but is also setting a global standard.

State of U.S. Vaccine Verification

While a global COVID-19 vaccine passport like the ICAO’s may be a possibility in the future, the U.S. travel and hospitality industry will have to launch their own vaccine verification solutions with each state having a different approach to vaccine passports. A number of U.S. states like Florida and Texas have banned digital vaccine passports while others have issued their own, like New York’s State Excelsior Pass Wallet.

How to Identify the Best Vaccine Verification Technology

When selecting a solution, it’s extremely important to identify a solution provider that promises trusted, legitimate vaccine verification technology. These vaccine passports will keep your guests’ personal information safe and not risk their privacy and your security. Here are a few tips to identify the best vaccine verification technology for your guests.

1. Ensure the solution provider is privacy and security-minded

Before diving deep into the vaccine passport capabilities, do in-depth research on the solution provider’s privacy and security standards. The goal is to determine whether the company is privacy-minded and carefully handles and secures, but does not keep, guests’ data.

The first place to go is the solution provider’s website and locate the privacy policy. There are three key phrases you should look for when evaluating a solution provider:

1. The company securely stores only the necessary consumer data,
2. The company will not sell personal information to third parties, and
3. The company requires explicit consent from the consumer to share their vaccination status with an organization.

Even better, partner with companies with missions that are privacy-driven and put consumers in the driver’s seat in sharing their data.

Additionally, always review the company’s security standards and team to determine its reputation. Data that needs to be stored to enable seamless vaccine verification must be stored at rest and in transit using end-to-end encryption. Any personal, identifiable information (PII) should also be anonymized so if breached, the data is ultimately useless to the hacker. Also, it’s important to confirm the solution provider uses mutual authentication and Public Key Infrastructure (PKI). PKI technologies enable more robust data protection capabilities and secure authentication. Organizations with certifications is another way to assess if they have high security standards, like a Privacy Shield program certification and Certification Institute for Research Quality certifications.

If a company is rooted in privacy and security and aligns with these standards, then you can trust your guests’ data will be kept safe from potential threats – including the company itself.

2. To combat Dark Web fraud, select a solution that uses identity verification

A trusted vaccine passport solution also must verify the individual who is presenting the vaccine card or certificate is legitimate through document authentication, as well as take into consideration when and where they were vaccinated. In recent months, there has been an abundance of reports showing fake vaccine cards are being increasingly sold on the Dark Web. The market for these forged documents is booming, with fake vaccine cards selling for anywhere from $50 to upwards of $150 directly to individuals for personal use or to be sold at gathering places like bars.

The authentication process for vaccine cards is evolving and the increase in fake vaccine cards is driving the need for better solutions, such as a digital vaccine passport database, that can scan a vaccine card and check for any signs of forgery against vaccine records within a master database. The key is that these vaccine passports must be tied to a verified identity. Solutions can use methods like authenticating a government-issued ID presented by the holder of the vaccine card, and even layer on biometrics like facial recognition for easy re-use in the future.

Identity verification is a necessary component of any trusted digital vaccine verification solution in order to prevent identity and document fraud.

3. Vaccine passports should enhance access for guests

If a vaccine passport is associated with your guests’ identity, then it is vital the vaccine passport requires your guests to set up multi-factor authentication as well. While the solution provider’s security standards should help to determine whether the provider safely handles sensitive data, it should also empower users to securely store their data on their phone or other device. By requiring two or more verification factors to gain access to the app, multi-factor authentication is the best first line of defense against hackers.

Even better, multi-factor authentication has been made convenient so your guests can quickly access their vaccine passports. Solutions that require a biometric check, like a selfie, after entering one’s password are very secure and verify an individual’s identity in-app in seconds.

Identify a solution that also allows the guest to have control in a user-friendly environment by offering keyless entry in-app as well. Guests can then download a token, like a QR code, to gain access to all types of services and entertainment while staying safe including remote check-in, check-out, access to amenities and loyalty programs and more.

89% of travelers consider safety and security their first concern when traveling. Establishments that recognize this have a better chance of filling their rooms with satisfied clients. While standards emerge within the hospitality industry and the future is still full of many unknowns, following best practices as these standards materialize will improve overall guest satisfaction and keep us all safer.

Steve Maloney is Executive Vice President and Chief Revenue Officer at Acuant. Acuant’s Trusted Identity Platform provides AI-powered identity verification, regulatory compliance (AML/KYC) and digital identity solutions that deliver unparalleled accuracy and efficiency. Maloney joined Acuant in May 2016 with the acquisition of AssureTec. Previously, he was Co-founder, Director and President of SolutionPoint International, a diversified security and risk management company, and Chairman of Design2Launch, a pioneer in digital workflow software that was sold to Eastman Kodak Company (NYSE:EK). As EVP Chief Revenue Officer, a leader in explosive detection services, he was at one of the first companies to receive Safety Act certification by DHS. Earlier he co-founded and was CEO of i3 Mobile, a leader in wireless information leading the company to a successful IPO (NASDAQ:IIM). He graduated from Fordham, has an M.B.A. and holds or has held TS clearance.