Thieves Won't Wait. Neither Should You. | hospitalityupgrade.com - 3 views
-
data is under attack
- ...11 more annotations...
-
What this tells us is hotels and restaurants need to do more to protect sensitive payment data and be proactive in keeping up with the hackers and thieves. We also need to pay particular attention to properly securing data as it moves through the merchant IT environment.
-
P2PE places “data in motion” in a wrapper that can only be decrypted by an endpoint that has the requisite key.
-
The goal of point-to-point encryption technologies is to encrypt as close to the point of entry as possible and guard against thieves who attempt to install sniffing/hacking software on a merchant’s network.
-
P2PE solutions can significantly reduce a merchant’s card data environment, mitigate potential breaches and simplify PCI DSS validation efforts.”
-
You should also understand the types of cards and transactions that can be encrypted. Does the solution encrypt both swiped cards and manually entered cards? Does it encrypt online transactions, as well as on-site or card-present transactions? Is the solution tamper resistant and, what happens if an attempted breach occurs? Where is the HSM (hardware security module) located? Even if data were to be intercepted, is it rendered unusable to cyber thieves?
-
A hosted solution will shift much of the burden of responsibility to the third-party provider and free you from having decrypted data in your environment.
-
Keep in mind, there is no single silver bullet when it comes to payment security. Even with EMV, stolen cardholder data could be used for a fraudulent online transaction. Merchants should implement a variety of technologies and techniques as part of a multi-layered approach to security that ultimately includes EMV to protect against counterfeit card fraud, tokenization to protect data at rest, and P2PE to protect data in-flight.
-
Thieves won’t wait for a unified approach and specification, and are looking to access your valuable data now. By taking a proactive approach to security that includes point-to-point encryption, asking the right questions, choosing trusted partners and keeping yourself updated, you can protect your customers’ data and your reputation.
-
This article deals with the theft that happens on a daily basis in the hospitality field. It happens when credit cards are used to pay for something, like a reservation, and thieves want the information, so they can use your credit card number for whatever intentions they may have. As the article states, "our data is under attack". I can relate to those people that have had credit card numbers stolen, because it has happened to my husband and me, and it is a horrible feeling trying to get your life back on track and recover your money. I think it would be a great idea, with some research, to get the point to point encryption technology in a field where credit cards are used so often, not only to cover the business (hotel), but also to protect the guest, so they feel at easy when they travel on vacation or business. The overall point of this technology is to encrypt the information as close to the point of entry, i.e. the swiping of the credit card, as possible. This would in turn "significantly reduce a merchant's card data environment", as the program would encrypt the information so that hackers cannot access the customer's information. As I mentioned earlier, questions should be asked before buying this technology, as there is always something new on the market that may be better. Credit cards are not always swiped, but can also be manually placed in the system, so you want to make sure, that both transactions are protected. Overall, the establishment should always be concerned about the customer and their safety, whether physical or mental and always be prepared for the worse.
- ...1 more comment...
-
Marilyn, This is a great article and I wish this type of technology was everywhere because like yourself I have credit card numbers stolen before and it is a long process to end that. Working in the hospitality industry we would need to make sure that it is everywhere that a credit card is entered whether that being swiped in house, typed in the system manually, or even processed via the internet. In the hospitality industry we should be very aware of our guests safety and like you mention it is not only just physical safety that is a concern it is the mental state as well making sure the guests credit cards are safe and do not have a chance of being stolen by a hacker. This is a great article, keep up the good work!
-
Great article! Personally after being a victim of credit card fraud, I'm very apprehensive of where I shop, who handles my card and how long it takes them to return it. I recently cancelled a large purchased after the cashier insisted on rubbing my card number on the reciept after the transactions had be approved. In my mind, I was thinking "If I let you do that, then I've open the door for anyone to charge thousand of dollars. I don't think so." As a manager, who hands credit card numbers for manual input, I'm very cautious of them and want to insure that they don't get into the wrong hand. Aftern each transactions is approved, that number is shredded and the credit card machine is batched out. Companies don't realize how important it is to PCI compliant. The risk in exposing sensitive information of our clients and customers can cost thousand of dolllars in fines and fee, in addition to the lost of that customer/client.
-
Marilyn, Great Article...as a Front Desk Manager, it is my responsibility to randomly check our computers to ensure employees are not placing USB driver to collect data from our system. Our company has taking this a step further by putting metal locked case around the PC to avoid possible fraudulent activity. If we have to open a PC, we must log it to show proof why a PC became unlock. Companies should adopt similar procedures to protect the consumers/guests. Nelson