Tech Talk

Recent posts

A groundbreaking new report by the Urban Land Institute in Washington, D.C. explores sustainability in the hospitality industry and examines ways in which hotels are incorporating eco-friendly best practices into both operations and construction. The study includes insights from leading hotel owners, developers and investors.

Every hotel owner wants to know how he can increase the traffic to the website, and at the same time, boost direct bookings. The key to accomplish both the objectives is to design a site that is accessible even to disabled people. It will not only improve the usability for all types of visitors, but it will also improve your market penetration. Designing ADA website is also very imperative to prevent legitimate complications. In addition to this, an ADA feature will aid in improving the website performance in search engines.

The underappreciated city of Minneapolis served as host for the 2019 edition of HITEC (produced by HFTP) which wrapped up its most recent four-day run on June 20, 2019. In the days and weeks leading up to the event, meeting solicitations and party invites filled my inbox at a growth rate any VC or entrepreneur would envy. As a first-timer to this international hospitality technology behemoth, it became apparent that HITEC actually begins a few weeks prior to when that first request or invitation lands in your over-stuffed inbox.

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.


Point-of-Sale System Breaches, Hackers Do Not Descriminate

“We're deeply sorry for the inconvenience and frustration this issue has caused our guests.” Those are the words prepared by the public relations staff for the 40 million Target customers impacted by the data breach announced in December 2013. Besides having their information stolen and sold on the underground market, many of those guests found themselves with banks, credit unions, and state benefit programs closing down their cards as a result of "recent fraudulent activity occurring on customer’s compromised cards.” Those cards have been or will be reissued and the customers will not be financially liable for losses but they still have had unnecessary hassle introduced into their holidays.

It has been widely speculated that the Target breach was the result of a computer virus that was introduced via a software update on every point of sale (POS) device. This is similar to what has been seen before; most recently in October 2013 where a variant of malware (malicious software or virus) assigned the moniker “Dexter” was identified as the culprit in a massive data breach affecting the South African fast-food industry. Like the Target breach, the South African breach cost local banks there tens of millions of rand (South African monetary unit) and is reported to be one of the worst breaches in that country’s history.

In both instances the culprit is reported to steal data through RAM scraping, a technique where the data is stolen from the memory inside the computer that manages real-time data keeping it accessible so that transactions can be quickly processed.

On January 19, 2014, Beth Belton of USA Today reported that the author of the virus used in the Target and Nieman Marcus attacks was likely written by a 17-year-old hacker from Russia. As first described in Hospitality Upgrade's Summer 2011 article, “Who’s That Knocking At My Computer”, the Russian cybercriminals dominate the threat landscape. Ms. Belton revealed that that the teenager identified as Sergey Taraspov sold his malware to dozens of cybercriminals for about $2,000.

With credit and debit card fraud growing more prevalent all the time (Nilson Report statistics put this type of fraud at $11.3 billion worldwide in 2012) the pressure on retailers to prevent these types of breaches will only increase.

Ensuring your organization is compliant with the Payment Card Industry (PCI) standards is an important step toward protecting yourself from these types of breaches. It is crucial however, to remember that good security will always lead to compliance, but compliance will not always lead to good security. As you review your compliance plan for PCI make sure your goal is more than just to be “minimally compliant.” The extra effort involved in implementing better security controls is well worth it when you consider the impact a breach could have on your business and more importantly your reputation.

As a result of the trends in the ways attacker breach credit card data the Payment Card Industry (PCI) has responded with improved and tougher standards. PCI Data Security Standards (DSS) 3.0, effective beginning January 2014 (although not mandatory until January 1, 2015) provides some new guidance related to Point of Sale (POS) Systems that is overdue. The new standards would have significantly lowered the risk of a breach of the type that occurred at Target and others.

The changes that impact POS systems fall into one of three categories, scoping, inspection of devices and anti-malware practices.

Historically organizations have been able to “scope out” much of their network (i.e., carve it out from being subject to the requirements of the standard) by putting their POS system on a separate network segment, i.e., implementing network segmentation. In this way, only the segment of the network on which the POS system resides is subject to the standards and the other network segments are not. The theory behind this is that vulnerabilities in the non-POS segment cannot impact the segment that contains the POS system.

PCI DSS 3.0 still allows you to use segmentation and scope out portionss of the network but now requires proof that the segmentation truly isolates the POS system from the rest of the network. The proof required is in the form of validation through testing that the segments are separate and that a vulnerability in the non-POS segment would not be able impact the segment containing the cardholder data. Typically a network penetration test is looked to provide this validation.

Another new requirement in PCI DSS 3.0 is “9.9 Protect devices that capture payment card data via direct physical interaction with the card from tampering and substitution.” This requirement, which requires periodic inspections of POS devices, is considered a best practice under the new standard until June 15, 2015 when it becomes a requirement. This standard strengthens card present transactions (like those at the Target stores) by ensuring that terminals are evaluated on a regular basis to ensure they have not been compromised.

Lastly, the new standard addresses the need for increased vigilance on systems not commonly targeted for malware attacks. While the standard specifically calls out systems such as the iSeries or AS400s, devices with Apple or Mac OS’s would also fall into this category. This recognition that malware and viruses can be created to target any and all technologies is a key improvement to the standard and injects reality for those who think it can’t happen to me, because their system is not a common target for hackers.

About The Author
Mary Siero
Innovative IT

Mary Siero is an executive level Information Technology Consultant with experience in several industries in both IT and business departments. Her diverse background has provided her with a unique perspective about IT's role and the value it can bring to the businesses it supports. Mary has over 30 years' experience in engineering and technology from industries such as Gaming and Hospitality, Healthcare, Consumer Products, Manufacturing and Education.

Blog post currently doesn't have any comments.
Leave comment

 Security code