Tech Talk

Recent posts

Definitely Doug 6/9/23: Hotels Fighting Trafficking: The Role of Technology
Posted: 06/09/2023

This week I want to address an important issue for the hospitality industry, albeit one that technologists have not historically had on their radar. They can potentially play a significant role in addressing the issue, which is human trafficking, and more specifically sex trafficking.

In my last column, I reviewed some key trends in autonomous mobile robotics for hotels, and dove into three categories of delivery robots in more detail – room delivery, food delivery, and heavy-lift robots. This week I will round out the topic with several other robot types and applications, as well as general guidance for evaluating, acquiring, and adopting mobile autonomous robotics. If you have not yet read part one, I recommend going back and doing so before continuing below, as some of the introductory material is important background to what follows.

Read More +

Best Practices for Hotel & Resort Operators in Pool Season 2023
Posted: 05/25/2023

With the arrival of warmer weather and summer fast approaching, hospitality operators are gearing up for another pool season. This year, technology is at the forefront of driving booking revenue and taking operational efficiency to the next level. Modern technology platforms (such as hospitality’s newest technology category – the Property Experience Management System or PXMS) are providing brand new capabilities that unlock new strategies and approaches to filling the pool with satisfied guests.

Read More +

The Growing Role Technology Plays in Hotels and Restaurants
Posted: 05/25/2023

In the past few years, hotels and restaurants have grown into hubs for entertainment, leisure, and human connection. In an effort to best serve their guests, operators have begun rethinking their technological investments and working to adapt to recent shifts in consumer preference and operations. To ensure that guests have the best on-site experience possible, brands are increasingly looking to new technologies to make their experiences more convenient and comfortable. Advanced property management systems (PMS) and point-of-sale (POS) systems can increase operational and staff efficiency, while also meeting changing customer expectations for a high-value but relatively low-touch experience.

This week I will return to a topic I have covered before, because it has, within the last 12 to 18 months, become one of the hottest-growth categories in hospitality technology. That topic is autonomous mobile robots – specifically, ones that can move around the facility as well as perform specific tasks. Many of these products were launched pre-Covid but were often seen at the time as more of a marketing gimmick than a legitimate operational solution.

Read More +

comment on this article

PCI-DSS Introduces QIR Requirements; Shadow Brokers, IHG and a Rise in Healthcare Breaches

04/27/2017

by David Durko

In the latest version of the PCI-DSS the Council officially introduced the QIR (qualified integrators and resellers) requirements. Although they have been communicating the requirements and publishing the list of validated companies we haven’t read or heard much more about it… until now!

Many hotels have received communications in the last two months from the card brands (ironically from Discover) enforcing the use of qualified integration companies.

So what does this mean?

If you plan to upgrade or change any payment application you must use a vendor that is currently on The PCI Council’s list of validated Qualified Integrators and Resellers. These companies have gone through the Councils Certification process and have proven themselves to understand how to implement payment solutions in a complaint manner. The point is the card brands want to avoid the days of installing systems and leaving the default credentials in place (MICROS/MICROS or SA/SA, for example).

The upside for the merchant is that there is accountability, should something go awry with the install and leads to or facilitates a compromise. The downside is an increase in costs. QIR registration is not cheap and the integrators will most likely pass the added expense along to their clients.

QSAs will now be obligated to validate that payment applications were installed by a QIR. This requirement is in effect and will most likely impact your 2018 compliance activities.

This week we saw the effect of stolen hacking tools exposed by the Shadow Brokers, InterContinental Hotels Group (IHG) released the actual number of hotels breached from 2016; Healthcare breaches jumped in March 2017, compared to January/February 2017.

Shadow Brokers, a hacking group that have a record of publishing hacking tools believed to be used by the NSA, released a trove of vulnerabilities, new tools and exploits from The Equation Group. Exploit components included ETERNALBLUE and DOUBLEPULSAR which are already found to be used in the wild by script kiddies.

It is suspected that Microsoft had a heads up prior to this release and held back on February’s Patch Tuesday to address this latest trove of exploits released. However, unpatched systems remain a serious threat to organizations, as well as unsupported versions such as Windows XP and Server 2003 that continue to remain exploitable.

The domino effect and the severity of these tools going public, intensifies and makes it possible for script kiddies to pawn thousands of computers using one of the exposed exploitable vulnerabilities such as the SMB networking one.

IHG Breach Greater than Originally Reported

At the end of 2016, news broke that a credit card breach involving IHG hotels had occurred. In February, IHG acknowledged a breach occurred between August and December 2016 and initially thought the impact was limited to about a dozen hotels. In April 2017, the number of hotels affected by the breach was updated to nearly 1,200.

Attackers are targeting the hospitality industry due to lack of security measures, making it possible to infiltrate terminal's remote access software with multiple entry points such as front desk, gift shop, bar and restaurants.

Read the full story in Krebs on Security.

Healthcare Breaches

Healthcare breaches in March 2017, jumped 155 percent compared to healthcare breaches in January/February 2017.

The largest incident reported; 697,800 patient records affecting Commonwealth Health Corporation in Kentucky on March 1, 2017. Of the incidents reported, 28 percent were the result of hacking which affected 600,279 patient records.

Healthcare breaches will continue if budgets are cut, legislation is pushed, and there is an underestimated penalty for healthcare data breaches.