Tech Talk

Recent posts

Definitely Doug 6/9/23: Hotels Fighting Trafficking: The Role of Technology
Posted: 06/09/2023

This week I want to address an important issue for the hospitality industry, albeit one that technologists have not historically had on their radar. They can potentially play a significant role in addressing the issue, which is human trafficking, and more specifically sex trafficking.

In my last column, I reviewed some key trends in autonomous mobile robotics for hotels, and dove into three categories of delivery robots in more detail – room delivery, food delivery, and heavy-lift robots. This week I will round out the topic with several other robot types and applications, as well as general guidance for evaluating, acquiring, and adopting mobile autonomous robotics. If you have not yet read part one, I recommend going back and doing so before continuing below, as some of the introductory material is important background to what follows.

Read More +

Best Practices for Hotel & Resort Operators in Pool Season 2023
Posted: 05/25/2023

With the arrival of warmer weather and summer fast approaching, hospitality operators are gearing up for another pool season. This year, technology is at the forefront of driving booking revenue and taking operational efficiency to the next level. Modern technology platforms (such as hospitality’s newest technology category – the Property Experience Management System or PXMS) are providing brand new capabilities that unlock new strategies and approaches to filling the pool with satisfied guests.

Read More +

The Growing Role Technology Plays in Hotels and Restaurants
Posted: 05/25/2023

In the past few years, hotels and restaurants have grown into hubs for entertainment, leisure, and human connection. In an effort to best serve their guests, operators have begun rethinking their technological investments and working to adapt to recent shifts in consumer preference and operations. To ensure that guests have the best on-site experience possible, brands are increasingly looking to new technologies to make their experiences more convenient and comfortable. Advanced property management systems (PMS) and point-of-sale (POS) systems can increase operational and staff efficiency, while also meeting changing customer expectations for a high-value but relatively low-touch experience.

This week I will return to a topic I have covered before, because it has, within the last 12 to 18 months, become one of the hottest-growth categories in hospitality technology. That topic is autonomous mobile robots – specifically, ones that can move around the facility as well as perform specific tasks. Many of these products were launched pre-Covid but were often seen at the time as more of a marketing gimmick than a legitimate operational solution.

Read More +

comment on this article

End of Year Review: Data Breaches

12/17/2015

by Marion Roger

The numbers are in... this year (2015) the total number of data breaches reached 732, surpassing last year's total of 726 for the same time period, according to the San Diego-based Identity Theft Resource Center. It is reporting more than 176 million records were exposed this year so far. When you think that we still have two weeks to go before 2016, the trend does not augur well.

Some breaches have taken place in the hospitality and online travel space...the ones we hear about anyway.

One that may have flown under the radar is the breach at Sabre; the company acknowledged in early August that hackers had breached its GDS. Bloomberg, citing anonymous federal investigators, reported that the breach was part of the same set of Chinese-linked attacks that struck insurance carrier Anthem in February and the U.S. government's Office of Personnel Management in June. The breach, Sabre said, involved servers managed by a third party. In its only public statement on the incident, the company also said it was not aware that any sensitive data had been compromised but was continuing to investigate.

In November, Starwood Hotels & Resorts Worldwide warned that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale cash registers at some of the company's hotels in North America. The disclosure makes Starwood just the latest in a recent string of hotel chains to acknowledge credit card breach investigations, and came just days after the company announced its acquisition by Marriott International.

Several other major hotel brands experienced a malware-driven credit card data breach. In October 2015, The Trump Hotel Collection confirmed a report about a possible card breach at the luxury hotel chain. (For more information on this case, please click here. And since misery loves company: both Mandarin Oriental and Hilton made the headlines as well.

Hilton is worth a deeper dive. A security flaw in Hilton's website allowed an attacker to access any Hilton HHonors account simply by knowing or guessing the account number. In this case, the vulnerability was particularly dangerous because Hilton didn't require logged-in users to re-enter their current passwords before choosing new ones. At that point, an attacker could do anything a legitimate account holder could do, including changing the account password, viewing past and upcoming reservations, accessing the account holder's personal information, and redeeming HHonors points for travel, hotel reservations or cash. Granted, this is not like a credit card number breach, where the numbers can be used for purchases; rather, it's the account number and login that are being sold, which can then be translated into goods via online purchases. This created a lucrative opportunity for hackers, as they could now sell account access with greater appeal.

Whatever one takes away from this recap, one thing stood out: 2015 cemented the transition from stealing just card data to gaining access to credentials. At some point we will see that the end game of any hack is to gain the ability to “steal things” digitally, and often the “thing” is the ability to become someone else, whether to gain benefits by cloning an identity or to become someone via their credentials – someone who can modify payroll, someone who can access a financial account and move funds, or someone who can convert data into merchandise that is sellable on the black market (think HiltonHonors breach).

And, since POS systems seem quite often to be the easy way in, and simultaneously third parties are opening doors (think Target and Sabre), the position PCI DSS 3.1 takes on shared responsibility just drives home the attention one should give to protecting all points of entry including those you don't actually manage but can be the way in for those with malintent.

Te praesta capacem ad provocationem!

About The Author

Marion Roger
President
HRH Services LLC

Marion Roger is a specialist in the hospitality supply chain landscape who has led an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a specialty focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.