Group items tagged

The PCI Security Standards Council published the PCI Mobile Payment Acceptance Security Guidelines for Merchants and End-Users on February 19, 2013. "The PCI Security Standards Council's mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc." The guidelines educates merchants on risks that they must be aware of in order to protect their customers' data when they are using mobile devices for payments, such as smart phones and tablets. As more merchants turn to handheld devices for payment options, they must consider new security risks. With these new guidelines and procedures, merchants will learn what is needed to isolate and prevent card data from exposure to the public. 

This is part 3 of a 7-part series about hotel IT security) This article discusses The Payment Card Industry Data Security Standard, or PCI DSS which is "a set of comprehensive requirements for enhancing payment account data security... which fosters a consistent and uniform set of standards among the five major credit brands (Visa, MasterCard, American Express, Discover, and JCB). It lists the 12 requirements and six goals which are mandatory for hotels as of July 2010 which include building and maintaining a secure network; protecting cardholder data; having a vulnerability management program; implementing access control measures; and regularly monitoring and testing networks. As a consumer and as a hospitality professional, it is good to know that there has been a data security standard developed, and that it is required for hotels (and other merchants) to implement and develop compliance programs at every property. Also discussed are six goals for making data security decisions, such as "If you don't need it, don't store it." Upon reading these it is refreshing to see such common sense advice and no pretentiousness in the documentation guidelines. The article finishes stating that data security should not be bothersome or inconvenient, that data security is essential in light of hotel liability consequences should a guest's payment and identification data be compromised.

This article talks about the PCI DSS which has been a mandatory standard since 2010. Every credit card processes by hotel has to conpliant with PCI DSS, or the hotel will be fined up to USD$500,000. The PCI DSS has six specific goads with 12 specific requirements. Those are: Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy.

PCI Compliance for HOTELS: What you need to know (PCI-DSS)

Thanks for the summary. It's comforting to know that countries in Europe are getting on board with being PCI compliant, one less thing to worry about when using credit cards internationally for booking, shopping or entertainment.

This article highlights several important security issues in the hospitality industry, followed by the practice of protecting data from loss. The data structure of the hotel industry is complex, customers mainly use bank cards to pay, and the staff turnover rate is high. There are certain internal threats. In order to solve these problems and avoid data loss, it is not enough to strengthen network security. It is also important that employees are trained and familiar with and comply with relevant regulations.

Hospitality offers an ideal target vector for conducting Cyber crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII). Restaurants, hotels, and other companies in the hospitality sector often have complex ownership structures with an individual owner or group of owners, and a management company that acts as the operator. Each of these groups may use different computer systems to store information, and the information can also frequently move across those systems.

In this article, we learn about the top five data security risks as well as best practices to help prevent data breaches. According to the article, the hospitality industry is a prime target since it stores a vast amount of sensitive guest information like names, phone numbers, addresses, and credit card numbers. Some of the five risks included complex ownership structures, reliance on paying by card, and insider threats to name a few. In order to avoid these threats, the article suggest that companies become PCI compliant, use cybersecurity measures like firewalls, and know where exactly their data is stored.

This article goes in to detail that attackers have targeted information that is acquired on websites such as credit card and other personal information. This writing does tell how PCI and Retail and Hospitality ISAC joined forces to help prevent such attacks from happening on these websites. Now PCI and ISAC are the standard when it comes to protecting information. These attacks are easily undetectable by these websites because they are only skimming for the information. this article does give tips for prevention and detection. PCI is the industry standard and by them teaming with ISAC it will make these websites and your information more safe.

PCI compliance is a crucial and necessary set of guidelines that all hotels must follow. The Payment Card Industry Security Standard was created in 2006 and outlines rules regarding accepting, storing, and/or processing card information. These rules were put into place to protect consumers sensitive information. For example, in 2014 Marriott hotels was attacked and 300 million guests information was compromised. This attack led to new regulations being put into place, the Payment Services Directive 2 (PSD2). These regulations take into account international customers and enhanced guidelines for sensitive data.

Even though this article is from 2019 it is still extremely relevant today. POS systems are found in most hospitality outlets and the chances for a security breach are high. I have often thought when I had my credit card to a waiter and they are gone for 10 minutes are they copying the number, is it being added to a database that can then be hacked? The importance of having the proper securities in place, the proper malware and security software is really important. Having had a catering company for 20 years I had to do PCI compliance tests every 6 months and for years I just handed it over to my IT to do the test. He would suggest things to make us safer and since it usually cost money I would shake it off. It wasnt until the credit card processing company i was using had a security breach that I realized how important these PCI rules were. It is something going forward I will always pay attention to!

This article explains that PCI is a bunch of regulates intended to keep credit card information safe. The regulations span from only using certified terminals to each individual should have their own login credentials. Using PCI helps not only gain trust with your customers but your reputation with business partners.

The article (and the video on top) mainly discuss now hospitality industry is facing certain key challenges cush as personally identifiable information(PII), intellectual property, mobile security, application development and PCI compliance. And Fishnetsecurity offer a series of solutions. For example, for PII challengers, they can analyze how data enters, exits and is utilized and by that develop a data flow diagram and data analysis & lige cycle sevices.

This article is an case study on how one restaurant group could use cloud computing to improve their business. By not only securing the companies information by the customers as well. Reviewing the key points of sales interactions between customers and the restaurant, like the POS, Tableside payments, reservations and management assistants.

This article prvoides four truths that any property considering switching to a web-based cloud PMS system should consider. The first truth, integration is complex, delves into ensuring that one checks if the things supported within the new PMS satisfy the needs the property has. Secondly, training is necessary. Any switch to a new system requires extensive training so that the staff does not flounder. The third truth, data does not take care of itself, is reminding hoteliers that it is still their responsibility to protect their consumers' data and remain PCI compliant. Lastly, cloud-based tech does not solve everything. Hoteliers should be sure they know what they are getting and if it is necessary for their property. The president and co-owner of Maestro PMS, a web-based cloud PMS system wrote this article which is fascinating.

PCI compliance, what is it, how to make sure you are compliant, why do we care?

From lodging to foodservice, the point of service is the premiere place for customers to get their first - and hopefully not last - impression of an establishment. Streamlining and fine-tuning the service that occurs at the POS is of utmost important and operators are always seeking out the latest technologies to make this possible. The move to mobile payment is always top-of-mind as well, but lingering confusion and trepidation still remains for many customers. Owners and operators must seek out ways to implement the technology without intimidating customers. Last month's POS headlines proved this as stories ranged from a study tracking the public perception of mobile payment to improving drive-thru functionality and reducing maintenance costs with cloud-based systems. Study Shows Interest and Confusion Over Mobile Payments At Mobile World Congress, MasterCard in partnership with Prime Research, has released the first global Mobile Payments Social Media Study tracking 85,000 related social media comments across Twitter, Facebook, Online Blogs and Forums from around the world. The study shows a high volume of conversation and consumer interest in adopting mobile payments but cites security, customer support and confusion over the array of options available today as barriers to entry. Taco Bell Streamlines Drive-Thru Experience Across Franchises Desert de Oro Foods' Taco Bell locations had a range of drive-thru communications systems that were deployed over the last five years. However, restaurants were experiencing poor sound quality due to a limited range of wireless capabilities with the current systems. Poor audio quality led to increased wait times for customers as a result of miscommunications and mistakes. In addition, Desert de Oro Foods knew it needed to move to a digital system as the analog bandwidth of its current systems would be ruled out by the FCC at the end of 2012. Panasonic's Attune® drive-thru communications system offered the o

This article discusses the importance of a hotel being up to date with their PMS system and all the features a PMS system could have. The article states that cloud-based PMSs accessible to hotel staff via Internet through a phone, table or laptop is essential for the future of PMS and will enable the staff to stay up to date in real time. Additionally, a PMS system that is PCI compliant is necessary to protect guest personal information and will allow the hotel to provide better guest services and satisfaction. Another feature listed was to ensure the PMS is integrated with third-party systems such as two-way OTA interfaces and credit card processing platforms. This will help eliminate human error and lessen workload so employees can concentrate on delivering the best guest experience. Also mentioned was the fact that a cloud-based PMS offers security updates that will always be compliant to the latest standards of cyber security. With staff scheduling and revenue management capabilities, PMSs are a much more integral and important part of hotels success than ever before. It is imperative for a hotel to be up to date with their PMS so they don't fall behind their competition.

In modern restaurants, it is necessary to use technology to manage restaurant revenue. With issues such as network security becoming increasingly prominent, it is also necessary to establish a sgood electronic operating system.

This article goes over four ways that the point of sale systems can help elevate restaurant fraud. The first is to restrict remote access. It is only necessary to allow a limited number of known IP addresses access. Remote connectivity should only be enabled during hours of business and when updates are needed for the system. Using firewalls is highly recommended as another added layer of protection. Keep Wi-Fi and security cameras separate, if they are also connected. Next is to upgrade to EMV, which is chip technology is undoubtedly the most significant way to reduce fraud and criminality. All of the security in the world is essentially rendered useless if POS devices have not been upgraded to support EMV payments. A business also must have a secure network, which includes having firewalls because they are of the utmost importance in a proper security plan. To secure the system, firewalls must be activated, and the number of IP addresses for outbound firewalls must be limited. Lastly, the company must adhere to PCI compliance. Complying with PCI standards provides another layer of security. The Payment Card Industry (PCI) Standards call for merchants that accept, store, process, and transmit card information to do so within a safe environment.

This article covers a study performed on various hotels to determine management's level of IT knowledge and security implementations in relation to the hotel's IT security budget. The article discusses four types of technology impacting the hotel industry and how management responses to trending technology can affect a business, particularly in terms of a data breach and overall security. The study finds that an alarming percentage of hotel managers are not adequately informed on the risks and procedures of IT management and security, and many do not have proper IT security measures in place despite having an appropriate budget.

This article outlines some of the main cyber attacks on the Hospitality industry. It exposes the threats due to the wealth of data stored in PMS, POS and CRM and suggests steps to take to protect against malware and randsomeware. The article further highlights the necessity for antivirus software on all devices.

The article describes the five most common cybersecurity risks for hotel brands such as ransomware, remote hacking and DDoS attacks. The operational elements of each risk have also been discussed. It also covers best practices that hotels and other hospitality organizations can adopt to curb breaches.

Northwind launched its Maestro iPad Xpress Check-In App at HITEC 2012. The system offers personalized mobile check in and check out with remote access. The system is able to perform all the functions of a wired terminal anywhere a wireless signal can be found. It offers personalized up sell and room changes as well as credit card payments which are PCI compliant. The app can also check in large groups who are attending a conference or a tour group.

the new standard for credit card cecurity is published fpr the restauran to use. it is a good news for customers, who are consume in the restaurant with the credit card, and can be keep safe and secret about the card using.