Tech Talk

Recent posts

People today expect to be connected always and everywhere; sometimes it’s hard to believe that there was a world before smartphones and Wi-Fi. In the time since Wi-Fi became ubiquitous in hotels, apartments, and public spaces, it has fueled the evolution of connectivity in a lot of ways. Just like Maslow’s hierarchy of needs, the most basic needs start at the bottom, and you can’t get to the next level without a strong foundation. 

By now, everyone is aware that hotel giant Marriott International announced on Friday a massive data breach that goes back more than four years and may have affected up to 500 million customers worldwide. 

After two years of preparation, the FlyZoo Hotel — a futuristic property that uses interactive technologies to do everything from greet guests to deliver room service — is ready for business. 

Mobile technology is fast becoming central to the entire travel experience. Consumers are increasingly using their smartphones to research trips, book accommodation, check in at the airport, and access their hotel room. But one of the next big roles mobile has to play in the travel process is mobile payment. The idea of an entirely cashless society might still seem some way off, but mobile payment is gaining popularity. As it becomes more widely used, its fast and frictionless nature will bring benefits before, during and after a trip. 

Digital marketing, also known as internet marketing, plays a significant role to boost hotel website traffic and online bookings. Recently, many big announcements were made in the digital industry, for example when Facebook introduced a new video format for marketers, or when Google announced a board core algorithm. If you are a new hotelier and want to stay ahead in the industry, then you should know what’s going on in the hotel digital marketing industry. 
 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Key Takeaways From the 2015 Verizon PCI Compliance Report

03/30/2015

Verizon released the Verizon 2015 PCI Compliance Report on March 12. The 84-page report contains an overview of how ‘compliant’ companies are and the findings compare prior years’ results to current.

Hospitality Upgrade was invited to interview an author of the report. We asked regular contributor Marion Roger, VP Business Development, Hospitality Evolution Resources, to conduct an interview with Franklin Tallah, lead for hospitality for Verizon.

Note: About 20 percent of the companies covered by Verizon’s report were defined as “hospitality” (grouping hotels, online travel companies, airlines and restaurants.)

To help our readers cut to the chase, Roger asked Tallah, to share what he thought were the most important takeaways for our readers. Tallah’s responses are below:

1. During interim investigation assessments, only 12 percent of all the companies included in the study were compliant at the testing phase, meaning 88 percent were non-compliant at testing. Tallah indicated that the “least prepared industry” was the hospitality segment.  Only four percent of hospitality entities were compliant at interim testing level.  He went on to add that restaurants and travel companies (OTAs and airlines, technically part of the hospitality segment studied) actually fared better than hotels. Thus, given the three groups COMBINED scored an average of only four percent passing, one could deduce that hotels were even LESS than four percent compliant at the interim stage.  

He then expanded his comments to note the report found the hospitality industry as the sector that needs a longer remediation period, sharing they often struggled between the interim findings and fixing issues before the final stages. He attributed that in part to the hub and spoke structure of head offices and the portfolio of properties.

Roger asked if he was surprised that despite the increasing maturity of the standard and organizations’ understanding of it, attaining compliance remains far from easy. Tallah opined that although we operate in such a rapidly evolving threat landscape, the 12 requirements are a good starting point and yet so many are not even passing more than a few.

In particular, Tallah noted that of the 12 requirements, that hospitality companies typically passed only two of them in the interim stage: Requirement #1- having a firewall, and Requirement #12 – Maintaining security policies (an infosec environment.)   Of the other requirements (Principles 2 through 11 inclusive) the hospitality industry as a whole failed.

[For those needing a quick “cheat sheet”, the 12 PCI DSS requirements include maintaining firewalls, securing configurations, protecting stored data, protecting data in transit, maintaining antivirus software, maintaining secure systems, restricting access, authenticating access, controlling physical access, logging and monitoring, testing security systems and maintaining security policies.]

2. Of all the data breaches Verizon’s forensics team investigated over the last 10 years, not a single company was found to be compliant with all 12 PCI requirements at the time of the breach. That said, compliance is up on the whole. Between 2013 and 2014, compliance across the entire population studied, rose in every area except testing security systems.

Of the 12 PCI compliance requirements No. 11, Testing Security Systems, was the only requirement that experienced drop off; dropping from 40 percent to 33 percent compliance.

Tallah pointed out that while testing was a challenge for everyone, the 2014 report also uncovered that the hospitality” sector is the one that struggles the most with the internal vulnerability scan phase of testing. This test is monitored as a pass/fail, and the hospitality industry as a whole failed this phase.

3. He wrapped up with some interesting correlation findings related to the principles. The first finding is that on average, breached organizations were 36 percent less likely to be compliant with a given requirement. In particular 45 percent of the breached companies were not compliant on patch management and development security.

Tallah remarked that sadly the study illustrated one can see a clear correlation between those companies that are not fully PCI compliant and the level of risk they face.

There are a variety of angles to take on the report and a lot of detailed data to sift through.  Depending on the sector and role the reader, interpretation leads to either very positive or quite negative news. 

Delve into the report and grasp that as mentioned earlier, only 20 percent of businesses passed their most recent PCI compliance assessments. But remember: while this is better than the 10 percent compliance rate cited in the 2014 report, it’s important to note that of all the breaches reported by Verizon last year, “not a single company has been found to be compliant at the time of the breach,” underscoring the importance of PCI DSS compliance.

Clearly PCI compliance is only a single element of a much broader security and risk management portfolio. As Forrester Research highlighted on March 3 of this year: “If regulations are the beginning and end of your security strategy, you need to rethink your strategy. Compliance-based strategies have narrow controls that are of limited use to the entire enterprise.”

Click here to view the full report.

About The Author
Marion Roger
VP Business Development
Hospitality E Resources


Marion Roger, vice president of Hospitality E Resources (HER Consulting), is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a speciality focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code