HFTP Connect

Cloud computing, which has upended business models from music to movies to medicine, has now reached the hospitality industry in the form of hosted property management systems. These new cloud-based systems eliminate the need to purchase expensive hardware (including servers, networking equipment and data backups) and allow owners and managers to monitor their properties from any device with an Internet connection.

When hotel operators hear about this, one of their first questions is about security. How can they trust their sensitive data is secure when it’s somewhere “out there”? Read More »

As we lead up to HITEC 2013 in June, HFTP Connect will be talking to our keynote speakers about their expertise and how it relates to thehospitality industry through the Ask the Experts column.

An Expert View on the Monetary Revolution

David Wolman is a contributing editor at Wired. He has also written for such publications as the New York Times, the Wall Street Journal, Time, Outside, Newsweek, Discover, Forbes, New Scientist and Salon, and his work appeared in Best American Science Writing 2009. A former Fulbright journalism fellow in Japan and graduate of Stanford University’s journalism program, he now lives in Portland, Ore. where he received a 2011 Oregon Arts Commission Individual Artist Fellowship. David has written three books since 2005 with the latest being The End of Money, published by Da Capo Press in February 2012. Read More »

Much has been said lately about hotel room security and the technology used to keep our guests safe and secure while under our care. The topic’s been on the news, posted online, argued about in court, and in at least one case, has the potential to become a national security issue. So, as my first in a regular monthly series column, I decided to do a bit of research and find out how hotel room security compares to typical security at a guest’s home?

I went online to find out that the average time it takes to pick a home lock is between 5 and 30 seconds which I thought was pretty fast! Anyone with a credit card that will work can buy a nice set of lock picks that vary from $5 to $300 USD. Although one website insisted that I agreed not to use them in an illegal manner. Further research uncovered  something called a “bump” key that you can either make (via YouTube Video with over 2 million views) or is easily purchased online that will allegedly open about 90 percent of home locks. With statistics like this, a home lock does not seem to be very useful. Read More »

As we lead up to HITEC 2013 in June, HFTP Connect will be talking to our keynote speakers about their expertise and how it relates to the hospitality industry through the Ask the Experts column.

An Expert View on Cybersecurity and the Hospitality Industry

Theresa Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation and technology implementation. As White House Chief Information Officer from 2006 to 2008 — the first woman ever to hold that position — she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo. As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats.

Q:  How is Internet security changing?

Consumers and business professionals alike should focus on the fact that Internet security will always be changing. Every new technology that we adopt becomes tomorrow’s targets for cybercriminals. Tools to block out the bad or only let in the good traffic are not enough. Combatting Internet threats requires a comprehensive approach, some of these components include: understanding your data architecture, knowing your vendors, sharing information within your peer group about cybercrime, developing relationships with law enforcement, implementing tools, updating processes to protect your digital assets and educating employees, contractors and suppliers on what you require them to do in order to safeguard your organization. Read More »

In light of a recent article published by Forbes demonstrating a vulnerability with hotel keycard locks, it is good to remember that there are some basic precautions travelers should take to remain secure in their surroundings.

In general, hotels are very safe. But, travelers have to remember that hotels also include public places, and should act accordingly.

• There is no place in a hotel room that is a safe place to hide valuables. Always store your valuables inside an in-room safe, take them with you or lock them in the hotel’s safe.
• ALWAYS use your deadbolt and security latch when you are inside your room. Read More »

Is Disconnecting the Only Way to Stay Secure in the Social Media Age?

I came to HITEC 2012 as a guest blogger.

So, it’s a bit ironic that I’ve experienced technical difficulties tweeting and blogging about technology the last couple days.

But after hearing Tuesday’s keynote address on hacking in the hospitality industry, I’m glad I had a notepad and pen in my conference bag.

Hacking expert Josh Klein shared the top common ways hackers can access data of unsuspecting travelers and properties:

• A flash drive is the easiest way to attack an institution. Everyone uses them. Vendors distribute them. People share them.
• A pony express is a device that looks like an ordinary power supply cord. But actually it supplies the hacker with data from surrounding unsecured wireless networks.
• Smart phones have all the tools a hacker needs – camera, Internet, social media, apps and more.  And most smart phone users are not so smart in public places.
• Blending in as a guest or employee is simple. A hacker can walk in and walk out with any device or data.

From there, the hacker can easily access hotel guest’s personal data using Malware. Online data searches of public records and social media provide the necessary credential information. YouTube videos demonstrate how to physically break into rooms and how to steal property and data. Read More »

This is an excerpt of an article that was originally printed in the April/May issue of the Bottomline. It is part of a PCI Compliance series that is leading up to HITEC 2012.

The hospitality industry has been targeted by cyber criminals seeking to steal credit card information for years — primarily because of the volume of transactions and the potential ability to propagate to multiple locations within the hotel chain.

In fact, for the past three years, Trustwave has identified the hospitality industry as one of the top targets for cyber criminals in Trustwave’s annual Global Security Reports (2009 – 2011).

Unfortunately, to-date the hospitality industry as a whole has been slow to identify breaches.

In most cases, hotels are alerted after customers call to complain that their card has been used fraudulently or the credit card processing bank alerts the hotel about the potential credit card breach.

How Hotels Are Alerted to Potential Breaches

When a certain percentage of credit cards that have experienced fraudulent activity have been processed through a hotel’s payment environment, the Payment Brands (i.e., Visa Inc., MasterCard Worldwide, American Express, Discover Network and JCB) will flag the hotel as the source of a potential breach and issue a Common Point of Purchase (CPP) report.

The payment brands alert the hotel’s processing bank, which then contacts the hotel about the potential breach.

Regardless of how the breach occurred, the hotel is required to enlist a PCI Forensic Investigator (PFI) to identify the details of the breach and the necessary remediation activities.

When processing banks request an official forensic investigation, only the PFIs can conduct the investigation. Additionally, hotels can only use PFI companies that are approved by the PCI Security Standards Council.

7 Guidelines for Choosing a PFI

There are presently only 15 PFI approved companies around the world. Here are some guidelines to consider when choosing a PFI: Read More »

HFTP, the American Hotel & Lodging Association (AH&LA) and Hospitality Technology Next Generation (HTNG), issued a joint statement on actions hotel managers should take on hotel credit card security.  The statement indicates three actions that hotel managers, along with IT and finance staff, should take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached. Read More »

In January, I held a sold-out HFTP webinar on PCI compliance. Along with the “12 Commandments” of PCI compliance, I discussed myths and rumors about compliance, which I wanted to briefly share.

Myth #1 : If a PMS or POS masks (hides) all but the last four digits of a credit card number, the PMS or POS is PCI compliant. Read More »