Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


SNEAK PREVIEW: WTF! (Why They're Freaking!)


(by Marion Roger; from Hospitality Upgrade’s Summer/HITEC 2016 Issue)
On March 7, 2016, the U.S. Federal Trade Commission (FTC) issued orders to nine companies requiring them to provide the agency with information on how they conduct assessments of companies to measure their compliance with the Payment Card Industry Data Security Standards (PCI DSS).The accompanying Order to File a Special Report compelled these entities to report on their policies, practices, budgets and handling of potential conflicts of interest between the PCI assessments and other services the companies might provide their clients (i.e., auditing and consulting).

David Lincicum, an FTC attorney in the division of privacy and identity protection, is the lead attorney on the study and is also managing this review. "We go into this looking to get information, to get some details about what the interactions look like," he said, and added that there wasn't any specific incident that prompted the probe. "It's become clearer and clearer that PCI is playing a major role (in payments today),” he said. “We want to look all of the ecosystems of the assessment, who has a role in it, the general effectiveness of the assessments. We will see what we will see."

The firms in question had 45 days to comply. That period has come and gone and officially there has been no news about the status of this investigation. The full story about the investigation appears in the Summer/HITEC issue of Hospitality Upgrade (June 2016), but there are some tidbits worth adding to the story that were not known at press time.

According to several attorneys contacted for the story, while the FTC does not have "authority to enforce compliance with PCI DSS, a private-sector standard established and enforced by industry participants, the FTC does have broad authority under Section 6(b) to issue orders inquiring as to the organization, business, conduct, practices, management, and relation to other corporations, partnerships, and individuals (of the entities to whom the inquiry is addressed).” The Commission’s 6(b) authority also enables it to conduct wide-ranging studies that do not have a specific law enforcement purpose. 

In the initial order, companies were required to provide copies of audits where the client was found to be out of compliance. There has been much discussion about whether counsel for the firms can push back on providing confidential information that could be harmful to their clients. Whether the pushback has taken place is unknown but sources point to a lot of legal maneuvering that will stall the investigation.

It turns out that the FTC probe will be examining, among other things, potentially excessive charges, inconsistency in enforcement, card brand influence and rampant conflicts of interest. That conflict-of-interest issue is all about the ability of qualified security assessors (QSA) to also sell to clients the software/hardware/services that they recommend as PCI-compliant. That is a very real and very unmistakable conflict of interest.

Another note: The FTC plans to explore the relationship between being declared PCI-compliant and the number of subsequent data breaches. A very old problem with PCI has been the card brand tendency to employ revisionist history to data breaches. No compliant merchant has ever been breached, they say, because when a compliant merchant has been breached, the assessment is re-evaluated and invariably removed. It's a classic 1984 theory. PCI works, so if any PCI-compliant merchant is breached, they couldn't have really been compliant. The problem there goes beyond it being a self-fulfilling prophecy. It stems from the flawed assumption that PCI compliance somehow equals that mythical perfect security – one that can't ever be defeated by a bad guy. 

"Just because there was a breach doesn't mean that there was unreasonable security or a PCI violation," Lincicum said. And that is the crux of the investigation. The FTC is ultimately looking into whether merchants and consumers are all lulled into a false sense of security because a merchant is "compliant."  If merchants are led to believe they are doing everything right and then are still breached, is there something wrong with the attribution of the label? Does that then make the entire process a deceptive practice? If both the merchant and the consumer are potentially deceived into believing things are okay when it is known that things are not, how fair is it to make a merchant pay for the full compliance approval process? If the entities know that the compliance label is actually useless, is it abusing its market position for profit?  

The FTC is getting into this deeply and it is a story to watch closely as the year progresses.

Addendum: The spotlight just got a lot hotter! This week the National Retail Federation announced that it has asked the Federal Trade Commission to conduct an investigation into the PCI council and standards saying "the group’s controversial practices raise antitrust concerns."  In a 19-page white paper submitted to the FTC, NRF said the card companies use their market power to “unfairly leverage their brands and proprietary technology through webs of closely controlled interdependent bodies and compliance regimes” including the council. While portrayed as voluntary, the Payment Card Industry Data Security Standard requirements set by the council are “forced upon businesses that cannot refuse to accept credit and debit cards.”

According to the NRF, the "council’s practices raise antitrust concerns” for a number of reasons, including “general antitrust dangers when competitors collaborate on setting market standards” and “more targeted concerns insofar as they allow the networks to leverage their proprietary technology.”

Translation? The FTC is going to be REALLY looking at the PCI council with even more focus than when the story was initially covered for the HITEC issue. Watch this space (and read the story in the June 2016 issue)!
About The Author
Marion Roger
VP Business Development
Hospitality E Resources

Marion Roger, vice president of Hospitality E Resources (HER Consulting), is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a speciality focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

Blog post currently doesn't have any comments.
Leave comment

 Security code