Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
 
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
 
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

New POS Threat - Onsite Assessment vs. Check the Box

08/09/2016

Last week a new hacking device that threatens many POS and door lock systems circulated like wildfire. We have been fielding a large number of calls from clients and prospects asking questions about the story and the risks to their properties.

The reality is if this tool becomes generally available the threat landscape will expand significantly for hoteliers. The tone of our calls was somber since this is yet another risk our clients have to face. It also shines on the painfully slow rollout of EMV across all of the name brands (mag stripe vs. chip and pin).

The bright spot that came from our calls was a general agreement that having a data security firm perform an on-site assessment that includes interviewing, training and raising the overall awareness of the staff makes the property a little more secure. Certainly much more secure than a property that simply performs a “check-the-box” exercise. It also put a spotlight on the PCI controls that are often missed by hotels. Logging firewall activities, logging of OS and applications, file integrity monitoring, pentesting, vulnerability management and more.

If this hacking tool makes its way into the wild it will be difficult to prevent an attack.  But assessment, awareness and management of cardholder systems could help mitigate the risks.  At the end of the day an onsite assessment trumps “check the box.”      

Data theft is a constant concern for hotels, but a new tool developed by a security researcher may raise the alarm on physical security in hospitality. Weston Hecker, a security researcher with Internet security company Rapid7, modified existing technology to create a device capable of reading and duplicating hotel keycards, and is even capable of guessing every room’s key across a property.  The device was designed by altering the MagSpoof tool developed last year by hacker Samy Kamkar. At the time of its development, MagSpoof was able to wirelessly read magstripes off of cards used for door entry or payment transactions by producing a magnetic field similar to a mag stripe when swiped, storing card data for later use.

Hacker’s modification only adds $6 worth of hardware to the MagSpoof, and allows a hacker to take the information from any key, which includes encoded information regarding guestroom numbers and checkout dates, and then guesses the correct information to create a copy. The device can then run through every possible combination of these details before letting the user into a room.  While hotel door locks continue their shift to radio frequency identification and Bluetooth technology and away from magstripes, it remains to be seen how this device would be used to access rooms under these circumstances. However, not all hotels have fully upgraded past magstripes, making them more vulnerable than ever to entry. At the same time, while credit card companies are shifting to chipped cards and card readers, magstripes still remain a popular option for travelers meaning point-of-sale systems could become a larger target. Hacker’s tool can inject keystrokes into a PoS system with a magstripe reader simply by being placed near it, forcing the reader to accept data as long as it remains within a few inches.

About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code