Tech Talk

Recent posts

Definitely Doug 10/18/19
Posted: 12/06/2019

Sustainable Innovation
 
Sustainability can yield multiple benefits to hotels. Saving energy and water yields direct cost savings. Revenue can be generated by guests who prefer to deal with businesses that minimize their environmental impact. And many would argue that conserving scarce resources is simply the right thing to do.

Definitely Doug 12/6/19
Posted: 12/06/2019

Meetings Innovation
 
The sale and delivery of groups and meetings is perhaps the most significant and under-automated functions for many hotels. Even though groups often account for 30% to 60% of revenue, most group bookings are still handled manually for most if not all of steps, as they move from a meeting planner’s research to a confirmed booking.

The biggest enemy to any system is complexity. In a system of inputs and outputs, such as an enterprise system, more complexity means more parts are used in interaction with inputs to create the outputs. Every part that must be built and maintained costs time and money

Tracking the evolution of key performance indicators (KPIs) over time allows hoteliers to identify meaningful trends, create forecasts and budgets and assess the results of different strategies. To perform this kind of analysis, data has to be recorded within consistent time intervals and in chronological order. This is known as a time series.

Definitely Doug 11/15/19
Posted: 11/15/2019

Every time I turn around these days, I see a new vendor or product promising something called a complete Guest Experience Management, Guest Journey Management, or Guest Engagement (or some variation on those words). This week I looked at some of the emerging products claiming to be in this space, both to try to better understand it, and to see what promising ideas it may hold.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

New POS Threat - Onsite Assessment vs. Check the Box

08/09/2016
by David Durko

Last week a new hacking device that threatens many POS and door lock systems circulated like wildfire. We have been fielding a large number of calls from clients and prospects asking questions about the story and the risks to their properties.

The reality is if this tool becomes generally available the threat landscape will expand significantly for hoteliers. The tone of our calls was somber since this is yet another risk our clients have to face. It also shines on the painfully slow rollout of EMV across all of the name brands (mag stripe vs. chip and pin).

The bright spot that came from our calls was a general agreement that having a data security firm perform an on-site assessment that includes interviewing, training and raising the overall awareness of the staff makes the property a little more secure. Certainly much more secure than a property that simply performs a “check-the-box” exercise. It also put a spotlight on the PCI controls that are often missed by hotels. Logging firewall activities, logging of OS and applications, file integrity monitoring, pentesting, vulnerability management and more.

If this hacking tool makes its way into the wild it will be difficult to prevent an attack.  But assessment, awareness and management of cardholder systems could help mitigate the risks.  At the end of the day an onsite assessment trumps “check the box.”      

Data theft is a constant concern for hotels, but a new tool developed by a security researcher may raise the alarm on physical security in hospitality. Weston Hecker, a security researcher with Internet security company Rapid7, modified existing technology to create a device capable of reading and duplicating hotel keycards, and is even capable of guessing every room’s key across a property.  The device was designed by altering the MagSpoof tool developed last year by hacker Samy Kamkar. At the time of its development, MagSpoof was able to wirelessly read magstripes off of cards used for door entry or payment transactions by producing a magnetic field similar to a mag stripe when swiped, storing card data for later use.

Hacker’s modification only adds $6 worth of hardware to the MagSpoof, and allows a hacker to take the information from any key, which includes encoded information regarding guestroom numbers and checkout dates, and then guesses the correct information to create a copy. The device can then run through every possible combination of these details before letting the user into a room.  While hotel door locks continue their shift to radio frequency identification and Bluetooth technology and away from magstripes, it remains to be seen how this device would be used to access rooms under these circumstances. However, not all hotels have fully upgraded past magstripes, making them more vulnerable than ever to entry. At the same time, while credit card companies are shifting to chipped cards and card readers, magstripes still remain a popular option for travelers meaning point-of-sale systems could become a larger target. Hacker’s tool can inject keystrokes into a PoS system with a magstripe reader simply by being placed near it, forcing the reader to accept data as long as it remains within a few inches.

About The Author
David Durko
CEO
Security Validation, LLC


David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code