Tech Talk

Recent posts

Definitely Doug 10/18/19
Posted: 12/06/2019

Sustainable Innovation
 
Sustainability can yield multiple benefits to hotels. Saving energy and water yields direct cost savings. Revenue can be generated by guests who prefer to deal with businesses that minimize their environmental impact. And many would argue that conserving scarce resources is simply the right thing to do.

Definitely Doug 12/6/19
Posted: 12/06/2019

Meetings Innovation
 
The sale and delivery of groups and meetings is perhaps the most significant and under-automated functions for many hotels. Even though groups often account for 30% to 60% of revenue, most group bookings are still handled manually for most if not all of steps, as they move from a meeting planner’s research to a confirmed booking.

The biggest enemy to any system is complexity. In a system of inputs and outputs, such as an enterprise system, more complexity means more parts are used in interaction with inputs to create the outputs. Every part that must be built and maintained costs time and money

Tracking the evolution of key performance indicators (KPIs) over time allows hoteliers to identify meaningful trends, create forecasts and budgets and assess the results of different strategies. To perform this kind of analysis, data has to be recorded within consistent time intervals and in chronological order. This is known as a time series.

Definitely Doug 11/15/19
Posted: 11/15/2019

Every time I turn around these days, I see a new vendor or product promising something called a complete Guest Experience Management, Guest Journey Management, or Guest Engagement (or some variation on those words). This week I looked at some of the emerging products claiming to be in this space, both to try to better understand it, and to see what promising ideas it may hold.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Windows XP Users Update or You Could Fail Your Next PCI Assessment

02/14/2014
by J. David Oder

Typically my messages and insights shared in Hospitality Upgrade revolve around security and ways to simplify PCI compliance. After all, I consider myself first and foremost a merchant advocate. This message is a little different; it’s more of a heads-up on a little-known PCI regulation that could cause you major problems in the near future.

On April 8, 2014, Microsoft’s extended support for Windows XP will cease. This could be a problem for many hoteliers because requirement 6.2 of the PCI Data Security Standards (PCI-DSS) tells us to “ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.” Once Microsoft ends their extended support, they’ll stop supplying security patches, which means properties still running Windows XP will be immediately out of compliance with PCI.

How Your OS Affects Compliance
The PCI Security Standards Council’s position on this subject is that if a vendor, in this case Microsoft, no longer supports a system component by issuing security patches, merchants running that component in their card data environment cannot check “In Place” on their next Self-Assessment Questionnaire. In case you weren’t aware, in order to be PCI-DSS compliant, all in-scope requirements must be checked “In Place.”

If you are running an unsupported OS, and it is accessible from the Internet, you will receive an automatic PCI failure on your next authorized scanning vendor (ASV) vulnerability scan and will immediately be deemed non-compliant with the PCI-DSS. The ASVs are required to automatically fail a scan upon detecting an unsupported OS.

What Should You Do?
If you will be affected by the Microsoft sunset event for Windows XP, then you should immediately consult with your merchant services provider (MSP) or merchant bank and your ISA or QSA so they are aware and can provide guidance. If you already have a plan to upgrade, then congrats – you’re ahead of the game. 

If you don’t have a plan or a budget allocation to upgrade to a supported OS, you have one other option – use Compensating Controls (see PCI-DSS Appendices B & C). This method is neither simple nor inexpensive, so I would certainly not recommend it, but for some it may be a necessity. Your particular situation should be discussed with your MSP/merchant bank and your ISA or QSA to determine your best course of action.

Update From IE8, While You’re at It
While we’re on the subject of updates, you should also make a point to move away from Internet Explorer 8 (IE8). Many websites have already begun to cease support for their sites on this outdated version. If you’re currently using IE8, you might have already received an annoying pop-up screen informing you of this when trying to access certain sites. Microsoft’s support of IE8 is scheduled to end when they terminate mainstream support for Windows 7 (Service Pack 1) on January 13, 2015. While extended support for IE8 will be offered, the cost for this support will be considerable and you will be missing out on new functionality, as well as the latest security enhancements.

Internet Explorer versions 9, 10, and 11 will continue to be supported by Microsoft after this date, so they are all valid alternatives (as are current versions of Firefox, Chrome, Safari, and a host of others), so  reach out to your IT department/contact for advice before updating your browser.

PCI can be a pain in the neck; we all know that. I would hate to see any of my friends in the industry lose their hard-earned (and expensive) stamp of compliance over a simple browser update. So get on it and may your updating process be a smooth and successful one.

About The Author
J. David Oder
President and CEO
Shift4 Corporation


J. David (Dave) Oder is the President/CEO of Shift4 Corporation. Dave is a hands-on manager who enjoys jumping into projects alongside his technical staff. An accomplished businessman, Dave has more than 35 years' experience in software development and accounting, spent mainly on overseeing software companies. Prior to founding Shift4, he was CEO of the Aerus Corporation, a pioneer of business accounting software, and owner of a successful consulting firm. Dave earned his Bachelor's degree in Business/Accounting and Master's degree in Computer Science as well as an MBA from University of California, Los Angeles.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code