Group items tagged

This article describes the importance of credit card security in the hospitality industry. End-to-end encryption (data field encryption) protects credit card consumers' information from hackers. In 2008, 50 percent of card hacks were targeted at hotels and restaurants, therefore, the industry is cracking down on the security of consumer data. Basically, the data encryption acts as a layer of extra security by erasing any consumer data that is left in transist after the transaction is made. The implementation of it is very important,there are still industry standards being put into place so that it can work efficiently. Visa is one of the forerunners that developed and published information on the best practices for the encryption.

Data field encryption can be the solution to protect the credit card information of the guests. Nowadays there are still problems with cardholder data in many establishments such as bars, restaurants, shopping stores, and hotels.

I think its one of the best security tools that the industry could adopt. It is such a common way for hackers to gain information and money, that it is often over looked. I for one have never given it much thought when I give my credit cards at hotels, but it will definitively be in the back of my mind from now on.

This article discusses some current trends in property management systems and how Maestro by NORTHWIND is ready to deliver. Maestro by NORTHWIND is a PMS used by many independent hotels and resorts and offers 20 integrated modules. One of the top trends for 2012 is mobile optimization for management and guests. More and more people are turning to mobile apps for personalized services, and express check-in and check-outs. Maestro Xpress Check-In App allows properties to use iPads and other tablets to do this anywhere there is WIFI. Maestro's App will also allow managers access to reports, and real-time activity from anywhere allowing managers more control over their business. Another growing trend is cloud PMS. Maestro has a cloud based system that claims it can increase productivity at the same time reducing costs. Managers can manage multiple hotels from a single location and reduce costs because they won't have to maintain an in-house PMS. There is also a steady increase in direct online booking from mobile apps and social media sites. Maestro Web Connection reduces the commissions paid to online travel agencies and 3rd parties by allowing guests to book reservations directly. Another way Maestro helps independent hotel chains is by offering them a guest loyalty system to help them offer some of the same incentive and reward programs offered by larger hotel chains.

Northwind Maestro leads the innovations of industry. Cloud system platforms are not just for the large chains. Small, independent operators also can use web-enabled platform with lower cost. Mobile is another trend of PMS innovations. Customers can check in and checkout on iPad by using Maestro Mobile Apps. In addition, direct-booking online from Mobile is the third top trend in 2012 PMS technology. Maestro's Guest Loyalty System with online capabilities is the first application to offer independents the same benefits as major chains to recognize, reward, and retain guests.

Seeing the rapid development of mobile devices and social media, hoteliers are connecting PMS with mobile devices and social media. NORTHWIND Maestro™ is a kind of software which satisfies hoteliers' current requirement. NORTHWIND Maestro™ is an Internet-based PMS. It brings plenty of benefits to hotels. To illustrate, Maestro can reduce cost, create operating efficiencies, secure cardholder information, and to have instant remote access to their property or hotel group's data. Furthermore, since more and more people are using mobile devices to book rooms, make dining reservations or some other services, Maestro also develops mobile apps. "The Maestro Mobile App enables operators to wirelessly connect to their Maestro centralized system and provides access to management reports, real-time activity and other features found in Maestro." Maestro also thinks of customer loyalty by tracking customers and establish database.

This is part 3 of a 7-part series about hotel IT security) This article discusses The Payment Card Industry Data Security Standard, or PCI DSS which is "a set of comprehensive requirements for enhancing payment account data security... which fosters a consistent and uniform set of standards among the five major credit brands (Visa, MasterCard, American Express, Discover, and JCB). It lists the 12 requirements and six goals which are mandatory for hotels as of July 2010 which include building and maintaining a secure network; protecting cardholder data; having a vulnerability management program; implementing access control measures; and regularly monitoring and testing networks. As a consumer and as a hospitality professional, it is good to know that there has been a data security standard developed, and that it is required for hotels (and other merchants) to implement and develop compliance programs at every property. Also discussed are six goals for making data security decisions, such as "If you don't need it, don't store it." Upon reading these it is refreshing to see such common sense advice and no pretentiousness in the documentation guidelines. The article finishes stating that data security should not be bothersome or inconvenient, that data security is essential in light of hotel liability consequences should a guest's payment and identification data be compromised.

This article talks about the PCI DSS which has been a mandatory standard since 2010. Every credit card processes by hotel has to conpliant with PCI DSS, or the hotel will be fined up to USD$500,000. The PCI DSS has six specific goads with 12 specific requirements. Those are: Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.

This article discusses the importance of restaurants protecting their systems and data from a security breach. This is a major issue for the food and beverage industry. According to a data security research and investigation firm, "the food and beverage industry accounted for 57% of all data breaches it investigated last year." This finding was a 44% increase from the previous year. Author Barbara King notes important risk management measures for owners and managers. Using strong passwords and non-identifying network web names are simple preventative measures. A few more include firewalls and installation of antivirus software. These must be kept updated to be effective, though.  Another preventative measure she discusses is logging all remote access and utilizing two forms of user verification for access points which are considered higher risk. Still other measures include segmenting the network cardholder data environment so it will not be a target. Finally, one of the most important security measures is complying with PCI DSS. This is essential for protecting payment data from customers and securing networks. This standard also gives important guidelines for proper handling of such data. In the end, these are all things we must do to keep and protect a loyal customer base.

Hotel Concepts, a leading global provider of property management/CRS technology solutions, announces that they have become one of the first property management system (PMS) vendors to achieve Cardholder Information Security Program (CISP) validation, following the recommendations of the Payment Application Best Practices (PABP) program. By following PABP, Hotel Concepts PMS is capable of delivering secure payment applications, minimizing the potential for security breaches that could lead to compromises of credit card information and preventing damaging fraud.

In recent news, Arby's acknowledge a data breach within its restaurants. "Arby's said the breach involved malware placed on payment systems inside Arby's corporate stores, and that Arby's franchised restaurant locations were not impacted." Once figured out the company hired security experts to solve the problem. The initial sign of breach came from a service organization that serves more than 800 credit unions called PSCU. An alert was sent to all cardholders that a fast food chain had been compromised, but no specifics were mentioned. This article points out that, "point of sale malware has driven most of the major retail industry credit card breaches over the past two years." Monitoring your credit/debit card transactions is the best way to be safe in this situation- as long as you report the fraudulent charges you aren't liable. While IT has many positives for any organization, it's not risk adverse. Once a system is hacked all information of company and past users is up for grabs, and credit card companies are forced to take the blow.

The article discusses five issues that hotel operations are facing, and how to decrease these issues in regards to data thieves. The first security issue discussed is "Remote Access", the article states "Many hotel operators and franchisors use remote management applications (RMAs)". This enable easy access to manage multiple locations downloads; conduct sales polls, and other systems within multiple companies. A advices to remote control issues are to change vendor default settings, in which you can create unique user IDs and complex passwords. Another advice is to "Configure the RMA", in which users are only allowed to connect to known MAC/IP. I personally don't think that creating a unique ID or account password may solve this issue, but allowing connection capability to a set IP/MAC is a wise intake. Although being able to just connect to a set MAC, will cause a limit on where and when you connect. The second security issue is "Network Security", many transaction volumes are being exposed, brand recognition as well; and that attract hackers. In order to reduce this problem, it is suggested that companies need to install and maintain a fire wall at all time. I agree with this other suggestion which is to Use outside resources to help identify new security vulnerabilities. This is great, because a company will be able to receive an outside outlook in regards to security. The last three issues that are on this list are: Password Management, Wireless Security, and Incident Response Plan. Overall it's evident that any system that has a password requirement is causing a major attraction towards security thieves. The suggestions within this article are great, but from my observation; many companies will have to put in time to track and monitor their systems. Systems can't allow to be left open without monitoring, and the internet is a lead way to all this, so any system that requires the internet must be monitored, and protected.

Technology enables service. That's the idea, anyway. In the hotel industry, thousands of companies worldwide provide hundreds of software applications to help hotels and hotel companies manage operations to provide better guest service. However, the hospitality industry continues to find itself targeted for damaging data compromise events by hackers. There are some good ways to decrease the attack of hackers. For example, Remote Access, many hotel operators and franchisors use remote management applications (RMAs).  Their ease of use in managing multiple locations makes them ideally suited to disseminate business downloads, conduct sales polls or survey inventory. RMAs are often packaged from vendors with default or blank passwords. Creating unique user IDs and complex passwords can reduce the risk of data compromise and help facilitate compliance with the Payment Card Industry Data Security Standards (PCI DSS). Another example is about Network Security, transaction volume, brand recognition and the potential for sensitive data retention are all factors that make hotels (particularly franchise networks) juicy targets for hackers seeking to exploit insecure networks via the Internet. The hotel can install and maintain a firewall at all times.  Disabling a firewall can put a business at heightened risk of Internet attacks and potential system compromise.

This article talks about the importance of the pay at the table technology due to cardholder data and new methods of payment such as Apple Pay where you pay via your smartphone. This article also addresses the positives of having an at the table pay system. Some of the benefits are higher table turnover and higher customer satisfaction. I like how the article mentions that the servers need to be trained to use the system but also inform the customers as to why this method of payment is being used- to keep their data secure.

Criminals compromised a third-party point of sale (POS) vendor's data system and utilized the vendor's assistance tools to gain remote access-and the ability to deploy malware-to some Huddle House corporate and franchisee POS systems," Huddle House said in a security alert listed on its front page.

Huddle House said the malware deployed on its POS system was designed to collect data such as cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.

Recently Huddle House's POS system was hacked by someone and it revealed thousands of customers debit and/or credit cards information. Hackers were able to take advantage of the software in the POS system by adding malware to different corporate and franchisee locations. Huddle House released a statement to customers to be aware of their credit card/debit accounts to make sure there's no suspicious activity. It's too early to tell if this security breach will affect pre-existing and new customers. Huddle House will need to implement a security software patch, or consider changing its POS systems.

The POS is a great system that is used by many industries. It helps businesses run efficiently and transactions be done effectively. However, it comes with its problems. This article is in two parts so I will post the both on Diigo. This article states that POS systems are the most frequently used computing system and it is targeted by criminals. According to the article, "Today, attackers have only become more sophisticated, using advanced software techniques to avoid detection by antivirus. The attackers are attaching devices that are to collect information from the patrons who use the POS system. The solution to this issue from the article, is that managers apply the same security practices to the POS systems that are used for other sensitive IT systems. These systems should not be the same system used for internet browsing or email. Using a third party security is system is fine however, they should ensure that security controls are part of regular maintenance. The article states that businesses should look for POS systems that have design improvements rather than those who have been in the industry for a long time. There needs to be upgraded design, security, and software to minimize the threats that are posed on the POS system. This article highlights the issues that POS systems attract and also gives solutions. It is up to the businesses to give as much attention as possible to this system the same way they do for systems with sensitive information. Ultimately credit card transactions do hold sensitive information so the upgraded POS systems should be the number one choice for a business. Along with what is stated in the articles, this minimizes the risk of customer loss and a damaged reputation. This also helps minimize the possibility of revenue loss due to lawsuits because of breaches.

Hotels have to comply with Payment Card Industry Data Security Standards, which are constantly updated since technology is developing. Also, 'the hotel industry has unique vulnerabilities to credit card theft', since the cards should be available over the long period of time, and to different 3rd parties as well. The new technology will encrypt credit card information at the point-of-swipe, and the number never gets to any other place in the hotel or other business. The other issue is payments on mobile devices. Where it is advised to encrypt information prior to using the device, and avoid "bring you own device policy'.

This article introduces the Secure Payments Framework in Hotel Technology Next Generation (HTNG) Conference. The Framework applies mobile payment and cloud computing technology to reduce the cost and complexity of satisfying the Payment Card Industry Data Security Standards. The credit card security is a big challenge for all hotels, especially for the small hotels, lacking expertise and budget to protect customers' card information. There are many advantages of the new card framework. Firstly, the new Framework can encrypt the credit card information at the point-of-swipe. In this way, the card number can't be stolen by other systems. Secondly, it is scalable for different sizes of hotel. Thirdly, new guidance is made for accepting payments on mobile devices. Before processing payment, the merchant need encrypt cardholder, to make sure more security. What is more, new policy on cloud computing. The cloud service provider and its clients are both responsible for the security of cloud data. The policy also need merchants to evaluate competing cloud services and carefully pay procedures.

This article is about the Maestro Property Management Suite which allows properties to optimize their revenue by having access to centralized control and innovative capabilities. this system enables a property to lower costs; permitting guests to  have real-time direct booking for not only rooms but also, other services such as amenities, dining, and such. Maestro offers secure and accesible system which seems to be allowing companies, such as The Snow King Resort, to increase revenue and improve the services offered to guests and groups. 

For that e-tourism technology, the greatest benefit for them is it can cut down the third party dependency, which can reduce a lot of cost (third-party fee, advertising cost, etc) and attract more kinds of customers.  It can offer direct booking, and the data could be collected real time. Especially it would connect to PMS, and when at night do the night audit, the process is simple but it can save a lot of time and maximize offline revenue. An it can easily for owners to see what the profit margin and other marketing analysis. 

The article I read was called, "Restaurants, Beware: Hackers Want Your Customer Data." In the article it talked about how cyber criminals want credit card information from people so that they can make money off of them. Criminals find new ways everyday to breach systems and steal information from guests staying at hotels or eating in restaurants. It states that many restaurants and franchise businesses use unsecure and public WiFi networks are connected to the point of sale system. "Franchise businesses are particularly at risk primarily because franchises tend to have the same POS system duplicated at all locations." A lot of times businesses don't have trained security on staff, they just assume that their IT person will be talking care of the security. According to the article the best detection systems are neither the technology nor the security but it's the employees who work there. The employees can tell when something has changed in the system and as soon as they realize that, they need to report it to their manager. I never even considered people breaking into the systems and stealing credit card information but it does happen and it's important to know what to do in these kinds of situations.

This article in USATODAY published in 2011 talks about the cost benefit analysis of RFID tags and hotel linens. Hotels are using this technology to keep an accurate count of all their linens: bathrobes, bed sheets, towels, bathmats, pool towels, etc. The benefit of having an accurate count is especially significant today with the rising price of oil which in turn raises everything including cotton. By investing an additional dollar per towel the Hotel can cut down on labor costs and improve housekeeping productivity. The initial investment is high which is why many hotels cannot afford the technology. I would recommend that high-end luxury hotels invest in the RFID tags however because of the higher prices of luxury linens. By preventing asset pilfering the Hotel will retain their initial investment in linens.

I saw that and I enjoyed your cruise ship article very much. However I am glad that cruise ships are still making RFID wrist bands optional because of privacy concerns, the last thing you want to worry about while on vacation.

In my opinion it's an ideal solution but a bit impratical. Is it worth spending that one extra dollar on all the linens in a hotel just to prevent 5% to 20% known loss? Intention of cutting losses might end with increasing cost. Don't forget the tracking RFID also requires maintenance, which also costs extra.

This article deals with the theft that happens on a daily basis in the hospitality field. It happens when credit cards are used to pay for something, like a reservation, and thieves want the information, so they can use your credit card number for whatever intentions they may have. As the article states, "our data is under attack". I can relate to those people that have had credit card numbers stolen, because it has happened to my husband and me, and it is a horrible feeling trying to get your life back on track and recover your money.  I think it would be a great idea, with some research, to get the point to point encryption technology in a field where credit cards are used so often, not only to cover the business (hotel), but also to protect the guest, so they feel at easy when they travel on vacation or business.  The overall point of this technology is to encrypt the information as close to the point of entry, i.e. the swiping of the credit card, as possible. This would in turn "significantly reduce a merchant's card data environment", as the program would encrypt the information so that hackers cannot access the customer's information. As I mentioned earlier, questions should be asked before buying this technology, as there is always something new on the market that may be better. Credit cards are not always swiped, but can also be manually placed in the system, so you want to make sure, that both transactions are protected. Overall, the establishment should always be concerned about the customer and their safety, whether physical or mental and always be prepared for the worse.

Great article! Personally after being a victim of credit card fraud, I'm very apprehensive of where I shop, who handles my card and how long it takes them to return it. I recently cancelled a large purchased after the cashier insisted on rubbing my card number on the reciept after the transactions had be approved. In my mind, I was thinking "If I let you do that, then I've open the door for anyone to charge thousand of dollars. I don't think so." As a manager, who hands credit card numbers for manual input, I'm very cautious of them and want to insure that they don't get into the wrong hand. Aftern each transactions is approved, that number is shredded and the credit card machine is batched out. Companies don't realize how important it is to PCI compliant. The risk in exposing sensitive information of our clients and customers can cost thousand of dolllars in fines and fee, in addition to the lost of that customer/client.

Marilyn, Great Article...as a Front Desk Manager, it is my responsibility to randomly check our computers to ensure employees are not placing USB driver to collect data from our system. Our company has taking this a step further by putting metal locked case around the PC to avoid possible fraudulent activity. If we have to open a PC, we must log it to show proof why a PC became unlock. Companies should adopt similar procedures to protect the consumers/guests. Nelson

Summary of the article Contactless payment is a new technology being used in the UK. Compare to the previous quarter, in the last month of 2011, cardholders using this system to pay for food has been increased. The contactless system allow customers to make a payment over 15 Europe dollar by scanning their credit card over the machine, it can reduce waiting time, especially in some popular branches. Although this machine has been available in the UK for 2 years, Visa card still limits its acceptance level to prevent those who may become a every-day habit. However, according to Mark Austin, he believes, especially in London, the Olympics could bring more people in using contactless payment as long as they get a chance to use it once, they will know how the convenience is. Based on the Visa card research, experts believe that contactless payment technology will become wildly used in the coming year than cash. For example, more and more retailers such as Subway, Burger King offer this system currently and Starbucks will offer the service soon.

Last year a law suit was filed against Wyndham Worldwide because the company did not protect their customer credit card data efficiently on their PMS. The company caused over $10 million in fraudulent losses. In this case, Wyndham had be allegedly using weak login credentials in their property management systems. This is the key vector for data breaches. "According to the FTC, Wyndham Worldwide had many points of weakness in their security chain including; storing credit card information in plain text, storing sensitive security codes (aka CVV/CVS/CVC data), not using firewalls, not enforcing strong passwords, not using updated operating systems, and not having adequate logging.'

This article talks about how there is a serious concern in the hotel industry when it comes to credit card and identity theft. They talk about how all the major brands in the hotel industry were all victims of highly publicized, major breaches in the last year alone. Also, including airline and banks, hotels maintain a wealthy amount of database of personal and financial data. For example, with new technology systems being created, POS systems are a weak security point for many networks because they are constantly in use and are not always updated or even protected from vulnerabilities. The article talks about personal details for hotel guests are frequently stored in a variety of locations including restaurants, facilities, and government buildings, so hackers have a greater possibility to access your personal information. The bigger hotels are in more danger because of the volume of guests that come in and out of the location. Smaller hotels should be concerned not just about their security but also by ransomware, an increasingly favorable tactic to extort hoteliers by hackers who encrypt the hotels data making it inaccessible until ransom is paid for. I believe hotels need a toolbelt of various securtiy technologies that can be used to prevent future malicious attacks. I think by managing and implementing a firewall is essential which helps get rid of dangerous traffic from coming onto the network and preventing sensitive data from being hacked.

MOD 10: This article discusses the main tactics of cyber hackers that target hotels. Point of sale (POS) systems are easy targets for hackers due to their constant use during operation hours and because of that their security measures aren't always up to date. Hotels have large data banks since they're storing consumer profile information such as home addresses, phone numbers and credit card numbers. There's a large risk when it comes to security breaches within franchises because they have access to their parent company's regional, national and global systems. If their systems are hacked and breached, then that puts the whole system of the brand at risk. Security breaches within a system can also damage a brands reputation with the public. According to the article, "Recent major breaches at Fortune 500 companies and household names across the retail, restaurant and hotel sectors demonstrate that anti-virus, anti-malware and firewalls alone are not enough to secure businesses from the ever-evolving threat landscape." Smaller properties are even at a greater risk because not only do they have to monitor their compliance with PCI but also monitoring their security systems for their database and PMS system. Some of the recommended software's that should be used by hotels looking to be proactive with their company's cyber security is File Integrity Monitoring(FIM), Unified Threat Management(UTM), and Security Information and Event Management(SIEM).

This article explores the different tactics hotels should use after a cyber attack. The article mentions several different type of attacks such as Phishing when hackers trick customers into giving up their login credentials. Ransomware, when hackers encrypt data making it unusable and inaccessible for the hotel. Not one solution but rather companies should be equipped with a series of technologies from firewalls to file monitoring programs. Some of these technologies, like SIEM requires an intelligent IT team to have the capabilities of analyzing and monitoring the reports produced. This may be more difficult for smaller businesses to implement and maintain.

The article describes the main cyber threats that the hospitality companies face. Over past few years, nearly every major hotel group has been attacked. The same is true for the F&B industry. One of the reasons for that is that the hospitality companies are the ones that process credit card information more than in any other industries. Moreover, hotels and restaurants have many access points for the malware: from wifi networks to POS's. The attackers may also use the third party suppliers (for example, OTA's) to access the hotels' systems. Verizon 2017 Security Payment Report states that less than a half of all hospitality businesses have full credit card payment security compliance. The main type of the attack is POS intrusion. Denial-of-Service Attacks constitute about 20% of the total number. Although they are not so dangerous in terms of sensitive information, they can disturb the company's operations causing significant losses as well. Thus, the hotels and restaurants need to invest in early detection protection provided by the effective firewalls and antiviruses. However, it is also very important to understand that no technology may ever fully substitute the security culture of the company's employees. Many attacks are conducted due to the personal weaknesses of the associates answering the calls, for example. So, in my opinion, in addition to the cyber security systems, there should be appropriate personnel training as well as well elaborated procedure protocols.