Tech Talk

Recent posts

We’re hardly out of the woods with COVID-19, and that means many properties will have to make do with a customer base mostly derived from local leisure, staycations and workcations from drive-to markets. With fewer overall guests, outside of cost savings efforts we must simultaneously look at maximizing the revenue per available guest (RevPAG), and there’s no better way to go about this than by sharpening your use of the PMS.

This is the last issue of Siegel Sez before this year’s CYBER HITEC event. HITEC is an event I have not missed in 30 years, and historically it has always been a great place to find innovation.

Toxicity Kills
Posted: 10/07/2020

It doesn’t matter if it is toxins in your physical environment or toxins in your mental environment. This stuff kills! 

It’s said that when someone’s mindset shifts, everything around them can change at the same time, and in our current setting, the importance of being in the right headspace, both personally and as an organization, can’t be discussed enough.

In my last installment, I introduced four areas of hospitality technology that I believe have been significantly changed by COVID-19. I covered contactless technologies in depth in that first article. This week I will turn to the other three areas: social distancing; health and sanitation; and communications.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Windows XP Users Update or You Could Fail Your Next PCI Assessment

02/14/2014
by J. David Oder

Typically my messages and insights shared in Hospitality Upgrade revolve around security and ways to simplify PCI compliance. After all, I consider myself first and foremost a merchant advocate. This message is a little different; it’s more of a heads-up on a little-known PCI regulation that could cause you major problems in the near future.

On April 8, 2014, Microsoft’s extended support for Windows XP will cease. This could be a problem for many hoteliers because requirement 6.2 of the PCI Data Security Standards (PCI-DSS) tells us to “ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.” Once Microsoft ends their extended support, they’ll stop supplying security patches, which means properties still running Windows XP will be immediately out of compliance with PCI.

How Your OS Affects Compliance
The PCI Security Standards Council’s position on this subject is that if a vendor, in this case Microsoft, no longer supports a system component by issuing security patches, merchants running that component in their card data environment cannot check “In Place” on their next Self-Assessment Questionnaire. In case you weren’t aware, in order to be PCI-DSS compliant, all in-scope requirements must be checked “In Place.”

If you are running an unsupported OS, and it is accessible from the Internet, you will receive an automatic PCI failure on your next authorized scanning vendor (ASV) vulnerability scan and will immediately be deemed non-compliant with the PCI-DSS. The ASVs are required to automatically fail a scan upon detecting an unsupported OS.

What Should You Do?
If you will be affected by the Microsoft sunset event for Windows XP, then you should immediately consult with your merchant services provider (MSP) or merchant bank and your ISA or QSA so they are aware and can provide guidance. If you already have a plan to upgrade, then congrats – you’re ahead of the game. 

If you don’t have a plan or a budget allocation to upgrade to a supported OS, you have one other option – use Compensating Controls (see PCI-DSS Appendices B & C). This method is neither simple nor inexpensive, so I would certainly not recommend it, but for some it may be a necessity. Your particular situation should be discussed with your MSP/merchant bank and your ISA or QSA to determine your best course of action.

Update From IE8, While You’re at It
While we’re on the subject of updates, you should also make a point to move away from Internet Explorer 8 (IE8). Many websites have already begun to cease support for their sites on this outdated version. If you’re currently using IE8, you might have already received an annoying pop-up screen informing you of this when trying to access certain sites. Microsoft’s support of IE8 is scheduled to end when they terminate mainstream support for Windows 7 (Service Pack 1) on January 13, 2015. While extended support for IE8 will be offered, the cost for this support will be considerable and you will be missing out on new functionality, as well as the latest security enhancements.

Internet Explorer versions 9, 10, and 11 will continue to be supported by Microsoft after this date, so they are all valid alternatives (as are current versions of Firefox, Chrome, Safari, and a host of others), so  reach out to your IT department/contact for advice before updating your browser.

PCI can be a pain in the neck; we all know that. I would hate to see any of my friends in the industry lose their hard-earned (and expensive) stamp of compliance over a simple browser update. So get on it and may your updating process be a smooth and successful one.

About The Author
J. David Oder
President and CEO
Shift4 Corporation


J. David (Dave) Oder is the President/CEO of Shift4 Corporation. Dave is a hands-on manager who enjoys jumping into projects alongside his technical staff. An accomplished businessman, Dave has more than 35 years' experience in software development and accounting, spent mainly on overseeing software companies. Prior to founding Shift4, he was CEO of the Aerus Corporation, a pioneer of business accounting software, and owner of a successful consulting firm. Dave earned his Bachelor's degree in Business/Accounting and Master's degree in Computer Science as well as an MBA from University of California, Los Angeles.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code