Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


PCI-DSS Introduces QIR Requirements; Shadow Brokers, IHG and a Rise in Healthcare Breaches


In the latest version of the PCI-DSS the Council officially introduced the QIR (qualified integrators and resellers) requirements. Although they have been communicating the requirements and publishing the list of validated companies we haven’t read or heard much more about it… until now!

Many hotels have received communications in the last two months from the card brands (ironically from Discover) enforcing the use of qualified integration companies.

So what does this mean?

If you plan to upgrade or change any payment application you must use a vendor that is currently on The PCI Council’s list of validated Qualified Integrators and Resellers. These companies have gone through the Councils Certification process and have proven themselves to understand how to implement payment solutions in a complaint manner. The point is the card brands want to avoid the days of installing systems and leaving the default credentials in place (MICROS/MICROS or SA/SA, for example).

The upside for the merchant is that there is accountability, should something go awry with the install and leads to or facilitates a compromise. The downside is an increase in costs. QIR registration is not cheap and the integrators will most likely pass the added expense along to their clients.

QSAs will now be obligated to validate that payment applications were installed by a QIR. This requirement is in effect and will most likely impact your 2018 compliance activities.

This week we saw the effect of stolen hacking tools exposed by the Shadow Brokers, InterContinental Hotels Group (IHG) released the actual number of hotels breached from 2016; Healthcare breaches jumped in March 2017, compared to January/February 2017.

Shadow Brokers, a hacking group that have a record of publishing hacking tools believed to be used by the NSA, released a trove of vulnerabilities, new tools and exploits from The Equation Group. Exploit components included ETERNALBLUE and DOUBLEPULSAR which are already found to be used in the wild by script kiddies.

It is suspected that Microsoft had a heads up prior to this release and held back on February’s Patch Tuesday to address this latest trove of exploits released. However, unpatched systems remain a serious threat to organizations, as well as unsupported versions such as Windows XP and Server 2003 that continue to remain exploitable.

The domino effect and the severity of these tools going public, intensifies and makes it possible for script kiddies to pawn thousands of computers using one of the exposed exploitable vulnerabilities such as the SMB networking one.

IHG Breach Greater than Originally Reported

At the end of 2016, news broke that a credit card breach involving IHG hotels had occurred. In February, IHG acknowledged a breach occurred between August and December 2016 and initially thought the impact was limited to about a dozen hotels. In April 2017, the number of hotels affected by the breach was updated to nearly 1,200.

Attackers are targeting the hospitality industry due to lack of security measures, making it possible to infiltrate terminal's remote access software with multiple entry points such as front desk, gift shop, bar and restaurants.

Read the full story in Krebs on Security.

Healthcare Breaches

Healthcare breaches in March 2017, jumped 155 percent compared to healthcare breaches in January/February 2017.

The largest incident reported; 697,800 patient records affecting Commonwealth Health Corporation in Kentucky on March 1, 2017. Of the incidents reported, 28 percent were the result of hacking which affected 600,279 patient records.

Healthcare breaches will continue if budgets are cut, legislation is pushed, and there is an underestimated penalty for healthcare data breaches.

About The Author
David Durko
Security Validation, LLC

David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

Blog post currently doesn't have any comments.
Leave comment

 Security code