Skip to main content

Home/ Hospitality Technology/ Group items tagged thieves

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
marvahb

Technology and Electronics Reviews - USATODAY.com - 0 views

www.usatoday.com/...102425582

pos card chip hack technology Hospitality software tech

shared by marvahb on 11 Jun 17 - No Cached
  • Unfortunately, only 44% of retail storefronts have chip card readers enabled on their POS systems,
  • While no system is 100% secure, most can be made much safer than they are. But not all retailers take the necessary steps
  • Consumers can try to protect themselves by looking for retailers that have enabled chip-based credit and debit card use on their POS terminals
  • ...1 more annotation...
  • Even so, there are still lots of these thefts, in which criminals insert malicious software into a company's point-of-sale (POS) system. The malware surreptitiously records credit and debit card information when customers swipe them through payment terminals. It later sends the card information to the thieves, who sell it on the Internet underground, known as the dark web
  • marvahb on 11 Jun 17
     
    This article is well worth the read. It informs us as to why our credit cards keep getting hacked although our favorite retail stores seems to have secure POS systems. There is actually lots of time and money that needs to be invested in order to have a secure POS. Many of these hacks keep happening because companies wait until it's too late to upgrade to chip reader POS or a higher performance security
rderonville

The Point-Of-Sale Problem - 0 views

www.darkreading.com/...1085297

Point of Sale Problem Solution Technology IT POS System Cardholder Credit Card Transactions

shared by rderonville on 11 Jun 17 - No Cached
  • To properly manage risk, start by applying the same security practices to the POS system that you use with other sensitive IT systems.
  • look for POS systems that have clear security design improvements over legacy ones.
  • Any system that's part of a payment process is a target of data thieves. Wise companies will assume that the devices, applications, and networks that house sensitive cardholder data are under siege and act accordingly.
  • rderonville on 11 Jun 17
     
    The POS is a great system that is used by many industries. It helps businesses run efficiently and transactions be done effectively. However, it comes with its problems. This article is in two parts so I will post the both on Diigo. This article states that POS systems are the most frequently used computing system and it is targeted by criminals. According to the article, "Today, attackers have only become more sophisticated, using advanced software techniques to avoid detection by antivirus. The attackers are attaching devices that are to collect information from the patrons who use the POS system. The solution to this issue from the article, is that managers apply the same security practices to the POS systems that are used for other sensitive IT systems. These systems should not be the same system used for internet browsing or email. Using a third party security is system is fine however, they should ensure that security controls are part of regular maintenance. The article states that businesses should look for POS systems that have design improvements rather than those who have been in the industry for a long time. There needs to be upgraded design, security, and software to minimize the threats that are posed on the POS system. This article highlights the issues that POS systems attract and also gives solutions. It is up to the businesses to give as much attention as possible to this system the same way they do for systems with sensitive information. Ultimately credit card transactions do hold sensitive information so the upgraded POS systems should be the number one choice for a business. Along with what is stated in the articles, this minimizes the risk of customer loss and a damaged reputation. This also helps minimize the possibility of revenue loss due to lawsuits because of breaches.
marble_bird

Hotel_ITSec.pdf - 0 views

shared by marble_bird on 15 Jul 20 - No Cached
  • During the past decade, information technology (IT) has significantly changed the way the hotel industry controls and manages operations. While many technologies have been utilized, some newer technologies have emerged in the literature and in practice, and many of them impact the hotel’s security.
  • Among the results, this study identified a gap between hoteliers’ understanding of IT budget adequacy and the adequacy of installed IT security systems.
  • Advancements in technology are increasing at a remarkable rate. As technology becomes more important, organizations that do not keep up with these advancements could lose business opportunities to other competitors that do
  • ...53 more annotations...
  • The four leading technologies which have showed a high adoption rate from the industry and have received attention from academia are: self-service, wireless, green, and security technologies. The advantages of these technologies for hoteliers include enhanced customer services and operational efficiency (Doyle, 2007), decreased guest wait times, more efficient methods to settle bills (Singh & Kasavana, 2005), reduction of energy costs (Meeroff & Scarlatos, 2007), and protection of sensitive customer data and credit card numbers
  • In addition, exploring the influential factors of security system usage will provide greater depth of knowledge with respect to why some hotels have adopted more security systems than others.
  • there is still a lack of understanding of the nature of risk associated with inadequate IT security, especially among operators of hotels that do not have their own IT departments.
  • Self-service technologies are commonly defined as devices or applications which permit users to produce a service independent from the direct involvement of the service provider (Meuter, Ostrom, Roundtree, & Bitner, 2000). The use of self-service technologies in the hotel industry has grown considerably, especially in the areas of self check-in, in-room check-out, and foodservice kiosks
  • IT systems refer to general support systems such as mainframe computer, mid-range computer, and local area network.
  • Some of the most significant wireless technology applications involve the use of mobile handheld devices, such as personal digital assistants (PDA), tablet PCs, and cellular phones, or RFID (radio frequency identification). RFID utilizes computer chips and antennas, allowing the chips to wirelessly communicate with a receiver.
  • While the major usage of RFID in the hotel industry was for inventory control purposes, it also has the potential to be utilized in ways that can provide more conveniences for the guests.
  • Other possible uses include placing RFID tags on items of high value as a means of theft prevention or integrating tags into guest loyalty cards for easy identification
  • IT investment that lowers environmental impact and IT that manages the environmental impact of other systems are commonly referred to as “green technology”
  • Many hoteliers might think becoming more environmentally friendly will cost more for their hotels. However, it has been demonstrated that “going green” is not only the right thing to do for the environment but also provides tangible bottom-line benefits for hotels by reducing consumption of energy and water, as well as other related costs.
  • Some of the risk factors involved include reliability, security, and privacy issues
  • risk associated with a breach of IT systems security (e.g., network break-ins) is very high. Consequently, no sector of the business community is exempt from attacks on their IT systems, with an attack being defined as a technique used to exploit a system’s vulnerabilities.
  • Many of these attacks involve attempts by thieves to gain access to customer credit card data, and these attempts constitute a major portion of the risk inherent in IT security
  • if a system is breached and the merchant is not PCI compliant, the merchant then is responsible for all costs associated with improperly used credit card information taken from that system (Kress, 2008). These losses could bankrupt a business if the security breach goes undetected for even a short time.
  • IT security systems are those measures taken to protect the confidentiality and integrity of proprietary data.
  • two main paradigms of adoption are believed to occur: bottom-up adoption and top-down adoption.
  • Thus, it is reasonable to assume that organizational factors (e.g., financial factor, human resource) will influence the implementation stage of security systems at a hotel.
  • A hotel with sufficient IT budget will install more security systems than those with insufficient IT budget.
  • That is, if a hotel does not have its own IT department, it will have a negative influence on successfully installing or maintaining necessary security systems.
  • A hotel with its own IT department will install more security systems than those without.
  • Overall, the state of IT spending on security continues undiminished because managed security services are required for almost every application (Communications News, 2007).
  • A hotel with more technologies being utilized will install more security systems than those with fewer technologies.
  • Given the importance of security and privacy at a luxury hotel, this study expects luxury properties to have installed more security systems than other segments
  • Most hotel employees use their property management systems for hotel operations and should be able to check their e-mails.
  • To justify the low response rate, previous studies which have compared response rates of mail and e-mail for surveys were reviewed.
  • The sample obtained in this study represented the targeted sample: over 80% of the respondents were working in hotel operations. Furthermore, the purpose of this study was to explore hotel operators’ insight of technology usage, IT budget, and security measures rather than to confirm existing theories or to generalize the results.
  • The respondents were asked to select from a total of fourteen securities related systems
  • The profile of the respondents revealed that they were experienced hoteliers with more than ten years experience in the industry
  • Fifty-three percent of the respondents reported that they were with chain hotels that would be considered mid-range properties with an average of 175 rooms (median of 107). Over 80% of the respondents reported working in operations, while fewer than 4% reported working in either IT or engineering (Table 1).
  • Nearly 70% of the respondents’ properties did not have their own IT department (69.2% did not have, and 30.8% had their own IT departments, n = 234, missing data = 10).
  • Fifty-three percent of them (n = 244) thought the most important goal for hotel technology would be enhancing the customer’s experience.
  • second identified goal was utilizing technology to help generate revenue (41%)
  • differentiate properties from their competition (20%), to lower expenses (16%), and to increase security (6%).
  • Internet kiosks in the lobby represented the most frequently used self-service technology (36.5%, n = 244), followed by kiosks for airline check-in/board pass
  • With respect to security systems currently in use, antivirus security systems represented the most frequently used security system (92.2%), followed by hardware firewalls, software firewalls, physical security, and encrypted login security systems.
  • intrusion detection was the most frequently identified system (15.6%), followed by vulnerability assessment scanning (13.5%), Internet scanning (13.1%), antivirus (11.5%), digital ID server (11.5%), and nonreusable passwords (9.8%; Table 2).
  • Thus, the hypothesis was supported that there was a linear relationship between the three factors and the adequacy of security systems.
  • The positive standardized coefficient (β) of .389 indicates that there was a statistically significant (p < .001) linear relationship between IT usage (the number of wireless, self-service, and green technologies a hotel was using) and the adequacy of security systems
  • The study revealed certain things of interest, the most significant of which is the need for greater emphasis on IT security among hoteliers.
  • only about 30% of all respondents reported having their own IT departments. Since budget hotel properties are extremely unlikely to have an IT department, it is highly likely that the very large majority of IT decisions throughout the industry are being made by hotel operators for whom IT is not their primary area of concern.
  • Furthermore, the focus of hoteliers for future IT implementations is enhancing the guest experience (53%) and generating revenue (41%). Very few respondents (6%) identified increasing security as a 5-year IT goal.
  • While almost all respondents use information systems as part of their jobs, very few are trained in the development, maintenance, and secure use of these systems.
  • no correlation was found between the respondents’ perceived adequacy of their IT budgets and the adequacy of installed security systems, as adequacy of IT budget did not appear as a significant term in the regression analysis.
  • Nearly 10% of respondents do not have so much as anti-virus protection for their systems, and nearly half do not even take simple physical precautions to protect their IT systems.
  • we note that no correlation exists between the respondents’ perceived adequacy of their IT budgets and the number of installed IT security systems, as the number of installed systems was not a significant factor in the regression analysis.
  • the large majority of respondent properties do not have their own IT departments. Second, the people making IT decisions generally do not have IT backgrounds or training. Third, the large majority of respondent properties have little more than firewalls or antivirus software to protect their proprietary data, and these systems alone are not adequate to meet PCI standards, as they do not take steps to encrypt and protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test their networks, and maintain an information security policy as required by the Security Standards Council.
  • it is reasonable to conclude that the respondents did not have an adequate understanding of the nature of the IT security hazards facing them for the average property does not have installed systems adequate to meet PCI standards, yet they reported having adequate budgets.
  • In order to adequately protect proprietary data, one must have an understanding of network security, which is an understanding apart from software functionality.
  • Properties with their own IT departments, however, reported that they had a higher number of installed IS security systems than did those properties without their own IT departments.
  • roperties without their own IT departments, in particular, have a less adequate understanding of their IT security needs than may be necessary.
  • This study found hoteliers’ lack of attention to security provision, training in IT, and PCI compliance can place hoteliers at great risk. For example, the cost of a single incident at a noncompliant property could result in the loss of the entire business.
  • It will be useful to examine the reasons why luxury properties are more likely to employ adequate security measures to determine whether this greater use is attributable to better understanding of security issues or some other factor.
  • The study was limited by the nature of online surveys; the response rate was quite low. Future studies could test the proposed research model via paper-based mail surveys to increase a response rate.
  • marble_bird on 15 Jul 20
     
    This article covers a study performed on various hotels to determine management's level of IT knowledge and security implementations in relation to the hotel's IT security budget. The article discusses four types of technology impacting the hotel industry and how management responses to trending technology can affect a business, particularly in terms of a data breach and overall security. The study finds that an alarming percentage of hotel managers are not adequately informed on the risks and procedures of IT management and security, and many do not have proper IT security measures in place despite having an appropriate budget.
yijingyang

Another POS breach at White Lodging - will EMV save the day? | PhocusWire - 0 views

www.phocuswire.com/-Lodging-will-EMV-save-the-day

POS breach security

shared by yijingyang on 23 Jun 20 - No Cached
  • White Lodging has been hit by another POS breach which has affected travelers who made purchases at its restaurant and bar operations within 10 hotels.
  • The company is clearly trying to reduce its continued vulnerability,
  • we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services. These security measures were unable to stop the current malware occurrence on point of sale systems at food and beverage outlets in 10 hotels that we manage.  We continue to remain committed to investing in the measures necessary to protect the personal information entrusted to us by our valuable guests. 
  • ...8 more annotations...
  • The vulnerability remained even after hiring a third-party security firm, which is something of concern to any hotel brands seeking to deploy additional security measures and analysis by third parties.
  • The thieves pretty much had everything they needed to make fraudulent purchases off guests' cards, and were able to access this for over 7 months.
  • EMV is the technology that is supposed to make credit card fraud more difficult.
  • But the Washington Post did some research that shows a rapid recent increase in fraud across the European continent.
  • White Lodging has been transitioning its POS to tokenization, which replaces sensitive information such as the card number with a non-meaningful token for transmission.
  • Even so, tokenization is an effective means of protecting sensitive transaction data.
  • The key to successfully managing the risks is to regularly monitor systems for any breaches and updating to the latest software.
  • Beyond that, insurance is available to protect against costs for data breaches — a solid measure of last resort that reduces the financial burden of a data intrusion.
  • yijingyang on 23 Jun 20
     
    POS breach at White Lodging, huge important personal information was stolen and was able to access for over 7 months. White Lodging hire third party security firm to protect customers.The key to managing the risks are keeping monitoring systems and updating software. Besides, insurance is available to protect against costs for data breaches.
anonymous

Cybersecurity: A Hospitality Industry Reality - AETHOS Consulting Group - 0 views

www.aethoscg.com/...a-hospitality-industry-reality

franchise

shared by anonymous on 01 Oct 20 - No Cached
  • Cyber thieves are crafty and persistent in finding ways to breach security to gain access to personal information. The hospitality industry, hoteliers, restaurants and other such businesses that rely on the use of personal information to provide service to their customers are particularly at risk.
  • Initial steps in the risk-management process Hospitality companies should first focus on developing a robust internal risk-management program, including the establishment of strong policies and procedures; training and insurance can reduce the chances of a data breach and mitigate the damages if a breach occurs.
  • In general, an organization should review the following areas to begin developing a well-rounded risk-management program: Corporate security policy Asset classification and control Personnel security Computer-network and management protocols for vulnerability System access controls Privacy and regulatory compliance
  • ...10 more annotations...
  • Then, ask yourself, “What does our company have in place to mitigate our exposures?”
  • Do we have an effective privacy policy?
  • Do we have an effective privacy-breach response plan?
  • Do we continuously test our disaster-response and business-continuity plans?
  • Franchise concerns
  • Franchise agreements should address several important data-security concerns, cyber-insurance, breach notification and PCI (payment card industry) compliance.
  • Franchise agreements should require franchisees to purchase a specified amount of cyber insurance coverage in the event of a data breach.
  • In addition, the franchisee should be required to promptly notify the franchisor of all breaches in security and immediately notify the franchisor of all breaches of sensitive information.
  • The franchisor may also want to consider being notified of any impermissible uses or disclosures
  • Cyber attack realities The ramifications of a cyber breach could be both financially and operationally catastrophic to any hospitality company. Losses could include costs associated with litigation expenses and fines as well as defense. The cost of business interruption and loss of income could be debilitating.
  • anonymous on 01 Oct 20
     
    This is an article providing a very high-level introduction to the potential risks faced by the hotel industry from cybersecurity. It outlines some initial steps that hotel companies might consider in their risk-management process and also gives some very specific examples of risk related to franchise contracts.
shineal

Data privacy matters in the hotel industry - Insights - 0 views

insights.ehotelier.com/...-matters-in-the-hotel-industry

data privacy Technology hotel software solution

shared by shineal on 21 Feb 23 - No Cached
  • Data privacy matters in the hotel industryDr Michael Toedt Posted on 3 March 2022
  • Data privacy matters – period. As companies (including hotel chains) collect more and more personal data from consumers for marketing and research purposes, consumers are becoming increasingly concerned with data privacy and data protection. They want control over their data and they want to know exactly how it will be used. With legislative changes giving consumers more rights over their personal information, hoteliers need to both know the law and understand why data privacy is so important to hotel guests.
  • Good data privacy builds trust and loyalty
  • ...9 more annotations...
  • “Commitment to data protection” drives brand loyalty for 31% of consumers, a figure that increases to 40% for “Trustworthiness”[1].This backs up the findings from a 2018 survey by Salesforce, which found that consumers are more likely to stay loyal to a company, spend more money and recommend its services if they felt they could trust the organization with their data
  • Data breaches cause serious financial and reputational losses
  • Every type of organization could suffer a data breach if adequate data protection controls and systems aren’t in place.
  • Hotels concerned about their ability to adequately protect guests’ personal data should take immediate steps to address this. A common problem is the existence of multiple guest profiles across different platforms within the hotel tech stack, such as the PMS, CRM, RMS, POS, website, etc. Where these are not fully integrated, data has to be updated manually, which carries significant risks.
  • Key legislation explained
  • There are strict rules around how data can be obtained, stored, managed, and used.
  • Achieving data privacy compliance
  • large amount of valuable data held by hotel groups makes them a prime target for hackers and cyber thieves.
  • From compliance and reputational viewpoint, these functionalities are truly invaluable to hoteliers. However, IT can only do so much. Other key considerations for hoteliers include creating robust data privacy policies, providing clear guest communications, and training staff on data privacy processes. Taking a 360-degree approach is the best way for hotels to protect themselves and their guests from data breaches and the associated risks.
  • shineal on 21 Feb 23
     
    This article by Michael Toedt on "Data privacy matters in the hotel industry" speaks on the approaches that can be taken to protect guests' data and their privacy since these practices increase guests' trust and loyalty to companies. Accordingly, it is vital for hotels to securely store guests' information. Thankfully, CDM systems make it much simpler for hotel staff to manage data-related requests from clients, such as updating personal details. They also enable one-click deletions, preventing data disputes.
‹ Previous 21 - 26 of 26
Showing 20 items per page