Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


Data Security for the New Year – Who will be Prepared?


The irony is that many were faced with similar situations as the final hours of 2015 ticked away.

What I find even more ironic is that it does not appear the hotel industry is any better off this year to face the onslaught of data security challenges. In general, hoteliers are ill prepared to deal with such a large threat surface. Network and system hygiene has been ignored and the industry has always viewed data security as someone else’s problem (the brands) to deal with. Few have accepted the harsh reality that franchised or not, branded or independent, compliance is the sole responsibility of whoever holds the merchant account. The time for proactive security measures is here. The question for 2017 is, “Who will be prepared?”

Unfortunately, 2017 will be another year of financial losses for consumers and property owners alike. Changes implemented by banks and card brands place the brunt of financial penalties squarely on the merchant’s back – the ambiguity of who is responsible is gone.

Rather than dwell on what we didn’t do in 2016, let’s focus on what we can do to help prevent data loss or at least mitigate the financial risk to our businesses. The focus must remain on protecting our brand, our guests and our businesses in 2017.

Topping the “to do list” is the roll out of chip and pin technologies. Mandated for all merchants, the roll out has been met with serious challenges. We all know why the rollout has been delayed but the reality is hotel and food and beverage merchants are seeing an alarming rise in non-EMV chargebacks. The industry expects the incidence of fraudulent chargebacks to continue to rise as consumers know they are been given a window to cheat the system. Although EMV is not directly tied to data security best practices, it will present one of the largest sources of losses to the property aside from a data breach.

Training and awareness remains at the top of the list in 2017. However, it is not the be all and end all for PCI compliance. Stop spending every penny of your data security budget on these high priced and often ineffective training programs. A solid and basic training program much like the one offered by the PCI Council is more than sufficient if coupled with periodic reinforcement. Many hotels do not have an unlimited budget to devote to data security. The goal is to balance your dollars to best protect your business.

Stop self-assessing. For years’ hotel staff have been checking the box and attesting to PCI compliance. In a survey of hotel general managers charged with filing self-assessment questionnaires, less than 2 percent understood what they were clicking, attesting to or actually signing. Use your compliance budget effectively. Take some of that money you saved on those expensive training programs and hire a firm to evaluate your data security posture.

We don’t know where the holes are! This is the biggest gap for most merchants. They are good at running a business but they do not have the ability or technical context to identify where their properties are most vulnerable. Enlisting the help of a third-party to evaluate the data security posture of the property and to develop a sensible remediation plan is the best money a hotel can spend. Ignorance is not bliss and can cost you more in fines and penalties than you would ever spend on an assessment and remediation. If you don’t know where the holes are how can you self-assess?

Great progress has been made to tokenize cardholder data. This is a great win for the merchant and will help protect from the exfiltration of guest data should the property management system be compromised.  The problem is that far too often the point of sales systems are not included in the roll out of tokenization products. This leaves the POS exposed and vulnerable. 2016 was the year of point of sales breaches.

Point 2 Point Encryption (P2PE) seems to be golden ticket for hoteliers. Removing themselves from the data flow effectively eliminates data breach exposure and reduces the cost associated with remediation and compliance significantly. Although currently there are very few vendors with approved P2PE solutions, we expect the list to grow in 2017. Remember the safest bet is to only use P2PE solutions that have been vetted and approved by the PCI council.

The reality is 2017 will be a difficult year for hoteliers. Before we have a chance to evaluate, remediate and upgrade our properties there will be many more data security incidents. The goal is to protect your properties and your brand in the most effective way.

About The Author
David Durko
Security Validation, LLC

David Durko is the CEO and chief compliance officer for Security Validation’ Data Security Advisory Practice. Security Validation provides PCI and GDPR Assessment Services along with Virtual Data Privacy Officer services from its offices in the U.S. and U.K.

Blog post currently doesn't have any comments.
Leave comment

 Security code