Tech Talk

Recent posts

With the news cycle laser-focused on the looming threat of a COVID-19 second wave happening in nearly every territory, it is up to each and every hotel to ensure we are all fully compliant with virus safety guidelines in order to restore group booking confidence. And the only way to ensure compliance with these safety guidelines is through contactless and compliance technologies to give guests a strong guarantee of proper sanitization as well as peace of mind.

A great deal has been written over the years about the viability of moving a hotel’s property-management system (PMS) to the cloud to take advantage of the latest technologies, but hoteliers need to realize that it’s not the only viable option. All platforms have advantages, including self-hosted, private cloud and on-premise solutions that leverage the latest mobile, contact free and web-based technologies. Independent operators can still enhance the digital guest experience, support personalized and mobile check-in, deploy contact free technologies, and secure hotel/guest data even if their PMS does not reside in the cloud. It should not be a question of “Cloud or On Premise?” but rather “Does the PMS solve your business objectives in both technology and service?”

Much has been written in the mainstream hospitality press about the challenges COVID-19 has presented to the industry. Hotels are in more pain than at any time in our memories. Because of the extensive media coverage, I won’t dwell on this topic further in what is primarily a technology column. But it’s the background for this week’s column, and so merits acknowledgement.

Are You All In?
Posted: 07/27/2020

Imagine everyone in your organization engaged, aligned, and performing to their potential. Imagine everyone playing “All In.”

Great organizations have synergy. Their culture allows them to play to a rhythm at a different tempo than the average organization. How do you get that at your organization?

Many front-line hospitality workers rely on tips for a significant part of their paychecks. If not for tips, many hotel associates who serve as waitstaff, bartenders, housekeepers, bell staff, concierges and pool attendants would soon be looking for other jobs. This is a regional issue: in most of Asia and Europe, staff get higher base pay, and tips are either not expected at all, or are truly discretionary. But in the U.S., Canada, Britain and other countries, tips are an important reality, and one that’s not likely to change anytime soon.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

New POS Threat - Onsite Assessment vs. Check the Box

08/09/2016
by David Durko

Last week a new hacking device that threatens many POS and door lock systems circulated like wildfire. We have been fielding a large number of calls from clients and prospects asking questions about the story and the risks to their properties.

The reality is if this tool becomes generally available the threat landscape will expand significantly for hoteliers. The tone of our calls was somber since this is yet another risk our clients have to face. It also shines on the painfully slow rollout of EMV across all of the name brands (mag stripe vs. chip and pin).

The bright spot that came from our calls was a general agreement that having a data security firm perform an on-site assessment that includes interviewing, training and raising the overall awareness of the staff makes the property a little more secure. Certainly much more secure than a property that simply performs a “check-the-box” exercise. It also put a spotlight on the PCI controls that are often missed by hotels. Logging firewall activities, logging of OS and applications, file integrity monitoring, pentesting, vulnerability management and more.

If this hacking tool makes its way into the wild it will be difficult to prevent an attack.  But assessment, awareness and management of cardholder systems could help mitigate the risks.  At the end of the day an onsite assessment trumps “check the box.”      

Data theft is a constant concern for hotels, but a new tool developed by a security researcher may raise the alarm on physical security in hospitality. Weston Hecker, a security researcher with Internet security company Rapid7, modified existing technology to create a device capable of reading and duplicating hotel keycards, and is even capable of guessing every room’s key across a property.  The device was designed by altering the MagSpoof tool developed last year by hacker Samy Kamkar. At the time of its development, MagSpoof was able to wirelessly read magstripes off of cards used for door entry or payment transactions by producing a magnetic field similar to a mag stripe when swiped, storing card data for later use.

Hacker’s modification only adds $6 worth of hardware to the MagSpoof, and allows a hacker to take the information from any key, which includes encoded information regarding guestroom numbers and checkout dates, and then guesses the correct information to create a copy. The device can then run through every possible combination of these details before letting the user into a room.  While hotel door locks continue their shift to radio frequency identification and Bluetooth technology and away from magstripes, it remains to be seen how this device would be used to access rooms under these circumstances. However, not all hotels have fully upgraded past magstripes, making them more vulnerable than ever to entry. At the same time, while credit card companies are shifting to chipped cards and card readers, magstripes still remain a popular option for travelers meaning point-of-sale systems could become a larger target. Hacker’s tool can inject keystrokes into a PoS system with a magstripe reader simply by being placed near it, forcing the reader to accept data as long as it remains within a few inches.

About The Author
David Durko
CEO
Security Validation


David Durko is the CEO of Security Validation a leading managed data security and privacy firm servicing the hospitality industry.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code