Group items tagged

four types of key card systems: holecards, bar code cards, magnetic strip key cards and radio frequency identification (RFID) cards

Holecards are the earliest type of key card systems

An individual key card is programmed by a computer with a unique electronic signature.

If stolen, magnetic strip cards and RFID cards can have the signatures changed, adding security protection from theft.

Key card systems operate on the relationship between a plastic card and electronic access control locks

Bar code cards were the next innovation in key card technology.

The technology used by this type of card includes microchips and radio technology, so it is considered the most difficult to forge and provides the highest level of security.

Sornes devised a system that would punch a series of 32 holes into a plastic card. The card would correspond to a lock and would open a door when it was inserted into a slot in the door.

his key card type lost popularity when magnetic strips became more readily available,

because bar codes could be forged and the electronic reader easily fooled.

Magnetic strip key card systems are widely used in the hotel industry and in workplace security. This card looks like a credit card with a thin metallic strip on the back.

This type of card is much more difficult to forge than holecards and bar codes, providing an added layer of security.

RFID key card systems are a more recent form of technology than holecards, bar code cards or magnetic strip cards. RFID cards have a radio sensor chip embedded inside the card.

When brought into close proximity of a correspondingly programmed reader, the door unlocks.

an individual bar code is created to correspond with a particular lock and is printed on a card.

The technology used by this type of card includes microchips and radio technology, so it is considered the most difficult to forge and provides the highest level of security.

In 1975, inventor Tor Sornes devised a system that would punch a series of 32 holes into a plastic card. The card would correspond to a lock and would open a door when it was inserted into a slot in the door.

success stealing data “in transit” (62.5 percent) versus stored data (28 percent)

What this tells us is hotels and restaurants need to do more to protect sensitive payment data and be proactive in keeping up with the hackers and thieves. We also need to pay particular attention to properly securing data as it moves through the merchant IT environment.

Point-to-point encryption (P2PE) is a technology

has only recently gained momentum in the hospitality sector.

P2PE places “data in motion” in a wrapper that can only be decrypted by an endpoint that has the requisite key.

The goal of point-to-point encryption technologies is to encrypt as close to the point of entry as possible and guard against thieves who attempt to install sniffing/hacking software on a merchant’s network.

P2PE solutions can significantly reduce a merchant’s card data environment, mitigate potential breaches and simplify PCI DSS validation efforts.”

You should also understand the types of cards and transactions that can be encrypted. Does the solution encrypt both swiped cards and manually entered cards? Does it encrypt online transactions, as well as on-site or card-present transactions? Is the solution tamper resistant and, what happens if an attempted breach occurs? Where is the HSM (hardware security module) located? Even if data were to be intercepted, is it rendered unusable to cyber thieves?

A hosted solution will shift much of the burden of responsibility to the third-party provider and free you from having decrypted data in your environment.

Keep in mind, there is no single silver bullet when it comes to payment security. Even with EMV, stolen cardholder data could be used for a fraudulent online transaction. Merchants should implement a variety of technologies and techniques as part of a multi-layered approach to security that ultimately includes EMV to protect against counterfeit card fraud, tokenization to protect data at rest, and P2PE to protect data in-flight.

Thieves won’t wait for a unified approach and specification, and are looking to access your valuable data now. By taking a proactive approach to security that includes point-to-point encryption, asking the right questions, choosing trusted partners and keeping yourself updated, you can protect your customers’ data and your reputation.

If you have a chip in your card, the POS system is going to prompt you to put your card in the [chip] slot," Mulpuru said. That becomes a problem with products like Stratos, which do not contain chips. That means you'll still need to carry around a backup card.

By October 2015, merchants that haven't upgraded their terminals to accept the new cards will be the ones liable for fraud, not the credit card companies. The result: we'll start to see many more EMV-ready point-of-sale (POS) systems.

What's more, Stratos, Coin and their rivals don't directly store credit or debit card information unencrypted -- and only transmit sensitive data from your smartphone. That makes devices inherently more secure than the standard magnetic stripe credit card. There are also options to deactivate the card if it loses communication with your phone

five of the biggest data security concerns in the hospitality industry and highlights some best practices for protecting hospitality data.

Data Security Concerns in Hospitality

complex ownership structures

From the perspective of cybercriminals, hospitality appears to offer an ideal target vector for conducting crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII).

challenge to maintain teams of well-trained staff.

t was reported in 2017 that out of 21 of the most high-profile hotel company data breaches that have occurred since 2010, 20 of them were a result of malware affecting POS systems.

can go unnoticed for months.

High Staff Turnover

In the U.K., for example, the job turnover rate in hospitality is as high as 90 percent.

Reliance on Paying By Card

t involves employees selling data to third parties without the knowledge of the organization that employs them.

Insider Threats

Compliance

According to our research, almost 70 percent of fraud victims noted their most recent fraudulent charge within hours of its occurrence. Today, most banks and credit card companies have systems that can detect suspicious charges and alert account holders of potential fraud before transactions are processed. Around 61 percent of credit and debit card holders in our study had enabled email or text alerts from their card servicers that would help them act quickly on fraud attempts. These individuals were more likely to block transactions before money was taken from their accounts.

"I think that you will begin to see more hotels going to RFID and smartphone entry before using biosystem recognition," says Wolfe. "These systems are expensive, and there are many consumers who just don't want this information stored somewhere -- for a variety of reasons."

Systems that track the other qualities that make each human unique are in development as well.

Yet more card-free security systems are on the way.

Many industry watchers are keeping an eye on Houston's largest hotel, the vast 1,200-room Hilton Americas–Houston. The hotel has a facial recognition system that can identify and track guests, employees, and even suitcases. With 700 employees and an annual $16 million payroll, the system offers benefits such as employee time-theft monitoring and prevention for the hotel. But travelers aren't that concerned about employees taking an extra cigarette break. What it means for you is that the system includes alerts if unwanted people are on the property and a response time of mere seconds if there's an incident. Customer service is heightened as well: Returning guests will be recognized and greeted by name. And with 1,200 rooms worth of luggage in transit, the system makes it a lot easier to find lost or misdirected bags.

not everyone wants to be on-camera, all the time. With concerns about "snooping" and a Truman Show-like lack of privacy, might guests feel that systems such as this are too intrusive in our hotels? "

Technology is opening new doors to hotel safety, and the way we navigate hotels is set to change in the blink of an eye. Or the swipe of a cellphone. Or the print of a finger. With futuristic systems like scent and iris scanners and digital facial-recognition, hotel security is being taken to the next level. #plain_module { width: 590px; height:170px; border: none; float:left; margin:0px; font-size:12px;} #plain_module img {border:none; width: 13px; height:14; border: 0px; margin:0px; } #plain_module .mini_main { margin: 0px; padding:0px; width:585px; height:220px; repeat scroll 0 0} #plain_module .mini_item_header {padding:10px 0px; margin: 0px 0px; font-size:16px; color: #555555; border-bottom:1px dotted #CCCCCC;} #plain_module .mini_item {padding:5px 0px; margin: 0px 0px;} #plain_module a { color: #49A3CA; text-decoration:none; } #plain_module a:hover { color: #F98419; text-decoration:underline;} span.gray {color:#949494;} .mini_main li{list-style-type: none;background-image: url(http://www.aolcdn.com/travel/bullet);background-repeat: no-repeat;background-position: 0 1px;padding-left: 10px;} Those plastic key cards that once seemed so innovative will soon go the way of the actual key. The new thing is contact-less Smartcards and RFID (Radio Frequency Identification) cards that need just be waved to allow room access. Much like the cruise world's one card system, these cards may soon make hotel stays easier by allowing guests to pay for services, as well as to check-in and check-out, through a single device. Travelers may even be able to save preferences on the cards, from pillow type to floor choice. RFID cards are already in use at New York's Plaza Hotel, and Starwood Hotels are considering introducing them into their hip Aloft and Element properties. But travelers worried they will constantly have to traipse back to reception every time they lose their card need not despair. Security systems in some hotels do away with cards altogether. "In addition to Radio Frequency Identification, there are also systems that use a smartphone, such as an iPhone," says Frank Wolfe, CEO of Hospitality Financial and Technology Professionals. "When a guest checks into a hotel and provides their phone number, they get an encrypted sound code via text message." You can then play back the code to unlock your room door.

Systems that track the other qualities that make each human unique are in development as well. Movement-activated video-capture systems were showcased in New Zealand in September 2010. Researchers are at work on devices capable of recognizing an individual's gait or walk and even their DNA. Frank Wolfe says, "If you want to go 'way out there', there are some systems being explored that can allegedly sniff someone, and also systems that can recognize the pattern of blood veins on a human being which are apparently unique to the individual," says Wolfe. Quite common in Japan, vascular-recognition systems such as this are still "several years off," according to Wolfe. "I think that you will begin to see more hotels going to RFID and smartphone entry before using biosystem recognition," says Wolfe. "These systems are expensive, and there are many consumers who just don't want this information stored somewhere -- for a variety of reasons."

Jason was able to penetrate through to the data network by using a combination of techniques he calls VoIP Hopping. This type of VLAN hopping attack is just one of the attack vectors being used by attackers today

As traditional voice and data networks converge, more avenues of attack open up

A regular PC should never have access to the Voice VLAN

Defense methodologies are in their infancy and are sure to improve in the near future

protect against VoIP attacks Ostrom recommends putting a firewall between the Voice and Data VLANs. By putting the Voice VLAN on a separate DMZ of a firewall, many current attacks can be thwarted. It is important to lock down the firewall so that only protocols used by IP Telephony are allowed to flow

Intrusion Prevention System (IPS

VoIP Hopper is available at http://voiphopper.sourceforge.net.

It’s a rather slow conversion over to EMV. But it’s definitely coming.” View the discussion thread. Subscribe Subscribe to QSR Renew Update Address eLetters Advertising Contact &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Articles Food &amp; BeverageMenu Innovations Marc Halperin: Resident F&amp;B Expert Food Safety Health Ingredients &amp; Dayparts ExpansionQSR 50 Franchising Growth Fast Casual George Green: Fast-Casual Expert Emerging Concepts TechnologyOrdering Social Media Promotions Sustainability Denise Lee Yohn: QSR’s Marketing Guru OperationsExecutive Insights Competition In the Store Consumer Trends Charitable Giving Outside Insights Women in Foodservice Human Resources Alan Philips: Trends to Watch Research QSR 50 OneSource Drive-Thru Study Growth 40 Smart Chain Franchise Opportunities Find a Supplier Find a Job Restaurant Management Events NRA Show <a h

The benefits or Visa’s 3-D Secure™ are clearly seen: high level of security for consumers, a significantly lower chance of chargeback and credit card fraud, and overall confidence in CNP transactions.

As for MasterCard’s SecureCode™ is resembles Visa’s 3-D Secure™. MasterCard credit card holders register at MasterCard’s SecureCode™ website and asked to provide a personal secure code, which will then be asked for when purchasing online.

he benefits for e-Commerce merchants using Visa’ 3-D Secure™ and MasterCard’ SecureCode™ technologies are:

The benefits for consumers who make purchases at e-Commerce online stores bearing the 3-D Secure™ or SecureCode™ logos, thus using 3-D Secure™ or SecureCode™ for safe processing are:

3-D Secure™ and SecureCode™ will definitely improve the world of e-Commerce and CNP online shopping.

A related threat is that of “skimmers,” or devices that catch credit card numbers when consumers use them for payment. The problem primarily is contained to the restaurant industry, but Callaghan is concerned it could spread to hotels.

Ironically, one of the main reasons terrorism tops the list is because it has become less of an issue in recent years, sources said.

“The greatest business risk, as I see it … is insurance fraud. And it’s the most expensive,” he said.

The hot-button issue within the realm of hotel-information technology is mobile and cloud technology.

“Liability” as a general label refers to hoteliers being held liable for the acts, which are often criminal, of third parties, the AH&amp;LA’s Callaghan said.

“Security” still is something of a taboo in the global hotel industry, said Paul Moxness VP for corporate safety and security at The Rezidor Hotel Group, a Brussels-based hotel management company, with more than 400 hotels and nearly 90,000 rooms in its portfolio.

3. Longer or no security audit cycles

APTS are considered the most dangerous type of cyber-attack as they simply bypass the defenses that are in place.

Cyber-crime shows up on the security radar as the second highest risk the hotel industry is exposed to.

The gap between the low number of qualified security auditors worldwide and new hotels built is getting bigger and bigger.

Nearly 1.26 million hotels worldwide are dealing with all sorts of safety &amp; security issues.

4. Physical crime will remain an issue for hotels

Physical crime ranges from professional burglaries using nifty social engineering techniques to temporary drug laps in hotel rooms.

Holdups at night involving firearms have increased since hotels are easily accessible and less protected compared to other industries operating at night.

5. Loss of competitive advantage after a major security incident

The recovery costs after a security incident, including the attention of the media, are often much higher than the investment in security and risk management.

Reputation is a vital yet fragile advantage that requires its very own security plan in a strong competitive market where guests nowadays love to make their booking decisions with the help of online travel review sites such as Tripadvisor &amp; Co.