Tech Talk

Recent posts

As somebody who’s helped to grow a company from 13 people to nearly a thousand, I know very well the excitement that comes with having a mindset focused entirely on growth. Every newly acquired customer, every new office and every milestone means the gap between you and your nearest competitor is that much bigger and that much harder to overtake.

As the travel industry begins to rally, technology companies are taking steps to help their customers get back to business. Strategies run the gamut from complimentary webinars and virtual learning events to special promotions and discounts, all designed to enable hotels and other hospitality venues to reopen confidently and economically amid the COVID-19 pandemic.

Room Service and the New Normal - Food always has been, and always will be, a major part of the travel experience. But in a post-pandemic world, change is inevitable. Crowded restaurants and menus which have been handled many times may well (even temporarily) be avoided by wary travelers.

Over the past few years, there has been much media hype around the concept of a voice-controlled hotel room. It’s not hard to see why: voice assistant devices such as Amazon Echo and Google Home achieved remarkable penetration in the consumer market in just a few years. Statista reports that about 157 million smart speakers were installed in U.S. households as of December 2019, an astonishing 1.22 devices per household. I haven’t found hard numbers on penetration in hotels, but based on the companies in the market and what I know of their size and success, it’s still very low, probably still under 1% of US hotel rooms. Is that about to change? Should it?

As we examine and develop new strategies for the changes that we can expect to see in the hospitality industry post-crisis, we are also starting to envision the world beyond the pandemic and to the new normal of radically shifted travel consumer expectations and preferences. The probability of guest technology expectations worldwide significantly changing becomes high as guests prefer a more touchless and fully mobile-enabled hospitality experience post-COVID-19. The future of hospitality has always been mobile–but COVID-19 will accelerate this trend from a nice-to-have to a must-have for hoteliers.

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


SNEAK PREVIEW: WTF! (Why They're Freaking!)

by Marion Roger

(by Marion Roger; from Hospitality Upgrade’s Summer/HITEC 2016 Issue)
On March 7, 2016, the U.S. Federal Trade Commission (FTC) issued orders to nine companies requiring them to provide the agency with information on how they conduct assessments of companies to measure their compliance with the Payment Card Industry Data Security Standards (PCI DSS).The accompanying Order to File a Special Report compelled these entities to report on their policies, practices, budgets and handling of potential conflicts of interest between the PCI assessments and other services the companies might provide their clients (i.e., auditing and consulting).

David Lincicum, an FTC attorney in the division of privacy and identity protection, is the lead attorney on the study and is also managing this review. "We go into this looking to get information, to get some details about what the interactions look like," he said, and added that there wasn't any specific incident that prompted the probe. "It's become clearer and clearer that PCI is playing a major role (in payments today),” he said. “We want to look all of the ecosystems of the assessment, who has a role in it, the general effectiveness of the assessments. We will see what we will see."

The firms in question had 45 days to comply. That period has come and gone and officially there has been no news about the status of this investigation. The full story about the investigation appears in the Summer/HITEC issue of Hospitality Upgrade (June 2016), but there are some tidbits worth adding to the story that were not known at press time.

According to several attorneys contacted for the story, while the FTC does not have "authority to enforce compliance with PCI DSS, a private-sector standard established and enforced by industry participants, the FTC does have broad authority under Section 6(b) to issue orders inquiring as to the organization, business, conduct, practices, management, and relation to other corporations, partnerships, and individuals (of the entities to whom the inquiry is addressed).” The Commission’s 6(b) authority also enables it to conduct wide-ranging studies that do not have a specific law enforcement purpose. 

In the initial order, companies were required to provide copies of audits where the client was found to be out of compliance. There has been much discussion about whether counsel for the firms can push back on providing confidential information that could be harmful to their clients. Whether the pushback has taken place is unknown but sources point to a lot of legal maneuvering that will stall the investigation.

It turns out that the FTC probe will be examining, among other things, potentially excessive charges, inconsistency in enforcement, card brand influence and rampant conflicts of interest. That conflict-of-interest issue is all about the ability of qualified security assessors (QSA) to also sell to clients the software/hardware/services that they recommend as PCI-compliant. That is a very real and very unmistakable conflict of interest.

Another note: The FTC plans to explore the relationship between being declared PCI-compliant and the number of subsequent data breaches. A very old problem with PCI has been the card brand tendency to employ revisionist history to data breaches. No compliant merchant has ever been breached, they say, because when a compliant merchant has been breached, the assessment is re-evaluated and invariably removed. It's a classic 1984 theory. PCI works, so if any PCI-compliant merchant is breached, they couldn't have really been compliant. The problem there goes beyond it being a self-fulfilling prophecy. It stems from the flawed assumption that PCI compliance somehow equals that mythical perfect security – one that can't ever be defeated by a bad guy. 

"Just because there was a breach doesn't mean that there was unreasonable security or a PCI violation," Lincicum said. And that is the crux of the investigation. The FTC is ultimately looking into whether merchants and consumers are all lulled into a false sense of security because a merchant is "compliant."  If merchants are led to believe they are doing everything right and then are still breached, is there something wrong with the attribution of the label? Does that then make the entire process a deceptive practice? If both the merchant and the consumer are potentially deceived into believing things are okay when it is known that things are not, how fair is it to make a merchant pay for the full compliance approval process? If the entities know that the compliance label is actually useless, is it abusing its market position for profit?  

The FTC is getting into this deeply and it is a story to watch closely as the year progresses.

Addendum: The spotlight just got a lot hotter! This week the National Retail Federation announced that it has asked the Federal Trade Commission to conduct an investigation into the PCI council and standards saying "the group’s controversial practices raise antitrust concerns."  In a 19-page white paper submitted to the FTC, NRF said the card companies use their market power to “unfairly leverage their brands and proprietary technology through webs of closely controlled interdependent bodies and compliance regimes” including the council. While portrayed as voluntary, the Payment Card Industry Data Security Standard requirements set by the council are “forced upon businesses that cannot refuse to accept credit and debit cards.”

According to the NRF, the "council’s practices raise antitrust concerns” for a number of reasons, including “general antitrust dangers when competitors collaborate on setting market standards” and “more targeted concerns insofar as they allow the networks to leverage their proprietary technology.”

Translation? The FTC is going to be REALLY looking at the PCI council with even more focus than when the story was initially covered for the HITEC issue. Watch this space (and read the story in the June 2016 issue)!
About The Author
Marion Roger
HRH Services LLC

Marion Roger is a specialist in the hospitality supply chain landscape who has led an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a specialty focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

Blog post currently doesn't have any comments.
Leave comment

 Security code