Tech Talk

Recent posts

People today expect to be connected always and everywhere; sometimes it’s hard to believe that there was a world before smartphones and Wi-Fi. In the time since Wi-Fi became ubiquitous in hotels, apartments, and public spaces, it has fueled the evolution of connectivity in a lot of ways. Just like Maslow’s hierarchy of needs, the most basic needs start at the bottom, and you can’t get to the next level without a strong foundation. 

By now, everyone is aware that hotel giant Marriott International announced on Friday a massive data breach that goes back more than four years and may have affected up to 500 million customers worldwide. 

After two years of preparation, the FlyZoo Hotel — a futuristic property that uses interactive technologies to do everything from greet guests to deliver room service — is ready for business. 

Mobile technology is fast becoming central to the entire travel experience. Consumers are increasingly using their smartphones to research trips, book accommodation, check in at the airport, and access their hotel room. But one of the next big roles mobile has to play in the travel process is mobile payment. The idea of an entirely cashless society might still seem some way off, but mobile payment is gaining popularity. As it becomes more widely used, its fast and frictionless nature will bring benefits before, during and after a trip. 

Digital marketing, also known as internet marketing, plays a significant role to boost hotel website traffic and online bookings. Recently, many big announcements were made in the digital industry, for example when Facebook introduced a new video format for marketers, or when Google announced a board core algorithm. If you are a new hotelier and want to stay ahead in the industry, then you should know what’s going on in the hotel digital marketing industry. 
 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Windows XP Users Update or You Could Fail Your Next PCI Assessment

02/14/2014

Typically my messages and insights shared in Hospitality Upgrade revolve around security and ways to simplify PCI compliance. After all, I consider myself first and foremost a merchant advocate. This message is a little different; it’s more of a heads-up on a little-known PCI regulation that could cause you major problems in the near future.

On April 8, 2014, Microsoft’s extended support for Windows XP will cease. This could be a problem for many hoteliers because requirement 6.2 of the PCI Data Security Standards (PCI-DSS) tells us to “ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.” Once Microsoft ends their extended support, they’ll stop supplying security patches, which means properties still running Windows XP will be immediately out of compliance with PCI.

How Your OS Affects Compliance
The PCI Security Standards Council’s position on this subject is that if a vendor, in this case Microsoft, no longer supports a system component by issuing security patches, merchants running that component in their card data environment cannot check “In Place” on their next Self-Assessment Questionnaire. In case you weren’t aware, in order to be PCI-DSS compliant, all in-scope requirements must be checked “In Place.”

If you are running an unsupported OS, and it is accessible from the Internet, you will receive an automatic PCI failure on your next authorized scanning vendor (ASV) vulnerability scan and will immediately be deemed non-compliant with the PCI-DSS. The ASVs are required to automatically fail a scan upon detecting an unsupported OS.

What Should You Do?
If you will be affected by the Microsoft sunset event for Windows XP, then you should immediately consult with your merchant services provider (MSP) or merchant bank and your ISA or QSA so they are aware and can provide guidance. If you already have a plan to upgrade, then congrats – you’re ahead of the game. 

If you don’t have a plan or a budget allocation to upgrade to a supported OS, you have one other option – use Compensating Controls (see PCI-DSS Appendices B & C). This method is neither simple nor inexpensive, so I would certainly not recommend it, but for some it may be a necessity. Your particular situation should be discussed with your MSP/merchant bank and your ISA or QSA to determine your best course of action.

Update From IE8, While You’re at It
While we’re on the subject of updates, you should also make a point to move away from Internet Explorer 8 (IE8). Many websites have already begun to cease support for their sites on this outdated version. If you’re currently using IE8, you might have already received an annoying pop-up screen informing you of this when trying to access certain sites. Microsoft’s support of IE8 is scheduled to end when they terminate mainstream support for Windows 7 (Service Pack 1) on January 13, 2015. While extended support for IE8 will be offered, the cost for this support will be considerable and you will be missing out on new functionality, as well as the latest security enhancements.

Internet Explorer versions 9, 10, and 11 will continue to be supported by Microsoft after this date, so they are all valid alternatives (as are current versions of Firefox, Chrome, Safari, and a host of others), so  reach out to your IT department/contact for advice before updating your browser.

PCI can be a pain in the neck; we all know that. I would hate to see any of my friends in the industry lose their hard-earned (and expensive) stamp of compliance over a simple browser update. So get on it and may your updating process be a smooth and successful one.

About The Author
J. David Oder
President and CEO
Shift4 Corporation


J. David (Dave) Oder is the President/CEO of Shift4 Corporation. Dave is a hands-on manager who enjoys jumping into projects alongside his technical staff. An accomplished businessman, Dave has more than 35 years' experience in software development and accounting, spent mainly on overseeing software companies. Prior to founding Shift4, he was CEO of the Aerus Corporation, a pioneer of business accounting software, and owner of a successful consulting firm. Dave earned his Bachelor's degree in Business/Accounting and Master's degree in Computer Science as well as an MBA from University of California, Los Angeles.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code