Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Archive for June, 2010

Hotels Remain Primary Target for Hackers


By Sue Zloth

Hackers are now stealing credit card data from hotels more often than any other industry. With nearly 38% of data-breach investigations in 2009 originating from hotels, the industry must come together and develop standards, beyond PCI, to ensure credit card processing is secure.

In fact, just last week during HITEC, which is one of the largest lodging conferences, discussion around security was buzzing on the show floor.

While we were talking about the importance of security, Destination Hotels and Resort was reporting that it had suffered from a credit card fraud scheme which impacted 21 of its hotels across the United States. Data from more than 700 guests across the country was involved.

According to a statement, Destination said it uncovered malicious software in its credit card processing system, inserted from a remote source. Investigators believe the breach was isolated to locations where credit cards were physically swiped.

Hotels Moving Data Off-Site

Attacks such as these are exactly why so many hotel and lodging chains are working hard to get out of the credit card business. PCI is just not enough. It is simple – having credit card data on-site is enticing to hackers. A layered approach to security including tokenization and encryption which allows for credit card data to be removed from the site gives hoteliers the peace of mind that customers’ information is secure.

That is why some of the world’s largest hotel chains are turning to vendors to get them out of the credit card business. Tokenization is one of the solutions that is currently in use. By tokenizing credit card data, sensitive credit card information is removed from the merchant’s site and onto a PCI DSS certified network. If you remove the data, you can remove the risk.

Is moving data off-site the answer for the hotel industry? Join the discussion and post your comments below.

While at HITEC this week, one thing is resoundingly clear, there is a tremendous amount of buzz about security. The industry needs stronger security in place for payment processing to avoid being caught in the headlines of the major news outlets as the latest victims of a breach.

This is why we are very excited about our ability to now offer the first encryption solution for the hospitality industry. Merchant Link has strengthened transaction security with the combination of end-to-end-encryption and tokenization. For the first time, the hospitality industry will benefit from one solution that secures both data-in-flight and data-at-rest.

Current solutions that use software to intercept transaction data leave a vulnerability that hackers can exploit. Even a nanosecond of vulnerability opens the door to attacks. By protecting credit card data from the point of swipe throughout the entire transaction life-cycle, even this nanosecond of vulnerability is closed. Further, both end-to-end encryption and tokenization are expected to be key solutions highlighted in the October 2010 release of the next PCI DSS standard.

In addition, here are some key points as to why we are excited about this announcement:

• ENCRYPTING WITHIN THE MSR / DECRYPTING OUTSIDE YOUR IT ENVIRONMENT: The new solution encrypts the sensitive credit card information within the actual magnetic stripe reader (MSR) right at the point of swipe, traveling encrypted all the way through the hotel or merchant’s IT environment. The decryption occurs within Merchant Link’s hosted payment gateway outside the merchant’s environment thus reducing the risk of compromised data.

• COMBINING E2EE WITH NEXT GENERATION TOKENIZATION: Layering tokenization with end-to-end encryption greatly improves data security. The new solution works in concert with Merchant Link’s TransactionVault tokenization offering, which has evolved to meet the hotel industry’s unique needs. “TransactionVault Keys” distinguish themselves from other token solutions by remaining associated with the card so they can be tracked for all guest transactions, customer analytics, and marketing purposes. The most widely adopted tokenization solution on the market, TransactionVault is in use at more than 15,000 restaurants, hotels and retail establishments.

• FLEXIBILITY: The solution is designed to integrate with any encrypting device, offering merchant’s flexibility in their hardware solutions. Further, as Merchant Link’s Payment Gateway connects to all major credit card processors, our customers have the freedom to choose the processor that best fits their business.

In addition, Merchant Link is hosting a break out session today that provides a complete overview of this groundbreaking security solution.

Leave a comment if you missed the session and want more details!

Our team at the 2010 HITEC Conference in Orlando, FL

ORLANDO, Fla., June 15 /PRNewswire/ — HITEC Booth #515 — InterContinental Hotels Group (IHG), whose brands include Holiday Inn, Holiday Inn Express, Crowne Plaza,  Candlewood Suites, Staybridge Suites, InterContinental Hotels & Resorts and Hotel Indigo, has signed a master agreement with credit card gateway and payments security provider Merchant Link.

The contract endorses Merchant Link as an approved provider for IHG’s franchisees in the United States, covering more than 3,000 hotel properties, and encouraging franchisees to evaluate Merchant Link products and services, which are designed to deliver security, assist with PCI compliance and provide faster, more accurate payments.

“In our search for a new payments gateway provider to introduce to our franchisees, IHG established a number of key criteria,” said Tammy England, director of treasury for the IHG Americas region.  ”We wanted to point our franchisees toward a hosted, gateway solution which would be easily upgradable and would not require the adoption of extra hardware or software.  We sought competitive pricing, wanting to help our franchisees eliminate pass-through fees by third-party processors.  And, we insisted on a high level of responsive service.”

England added that having met these stringent criteria, Merchant Link also distinguished itself with its long-standing relationship with property management system (PMS) and point of sale (POS) system MICROS, the primary property management system software provider to IHG hotel franchisees.

“Competition, guest expectations, and increasingly sophisticated and determined identity thieves are all out there — and, no doubt, contributed to IHG’s evaluation of new gateway solution providers,” said Merchant Link Chief Technology Officer Dan Lane.  ”We are pleased and honored that IHG has selected Merchant Link as an approved provider for its franchisees.  We look forward to a long and productive relationship with those franchisees throughout the Americas region.”

About InterContinental Hotels Group

InterContinental Hotels Group (IHG) (LON: IHG, NYSE: IHG (ADRs)) is the world’s largest hotel group by number of rooms. IHG owns, manages, leases or franchises, through various subsidiaries, over 4,300 hotels and almost 630,000 guest rooms in nearly 100 countries and territories around the world. The Group owns a portfolio of well recognised and respected hotel brands including InterContinental® Hotels & Resorts, Hotel Indigo®, Crowne Plaza® Hotels & Resorts, Holiday Inn® Hotels and Resorts, Holiday Inn Express®, Staybridge Suites® and Candlewood Suites®, and also manages the world’s largest hotel loyalty programme, Priority Club® Rewards with 44 million members worldwide.

IHG has nearly 1,600 hotels in its development pipeline.  InterContinental Hotels Group PLC is the Group’s parent company and is registered in England and Wales.

IHG offers information and online reservations for all its hotel brands at www.ihg.com and information for the Priority Club Rewards programme at www.priorityclub.com. For the latest news from IHG, visit our online Press Office at www.ihg.com/media

About Merchant Link

Merchant Link is a leading payments gateway company, providing PCI compliance, secure solutions, data transport services and comprehensive technology to merchants, software providers and credit card processors. Its premier product, TransactionVault, features the next generation of tokenization by replacing each card number with unique keys. Merchant Link currently supports more than 120,000 hotels, restaurants, ballparks, and other venues, and maintains connectivity to the major US payment card processors. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link handles more than 2 billion transactions for some of the world’s best-known merchants. Further information is available at www.merchantlink.com.

by Tim Kinsella

In today’s cyber-insecure world, merchants are continually under attack from nefarious hackers bent on stealing their customers’ credit card data.  In addition, with the ongoing challenge of meeting PCI Compliance requirements, many merchants can feel like they are in the credit card business – as opposed to being in the business of selling the products and services that fuel their bottom-lines and livelihoods.

Welcome to SecurityCents written by our experts at Merchant Link.  We’ve designed this site to be the premier destination for all things related to transaction security for merchants.  On an ongoing basis, we will be covering topics that aim to help merchants better protect their customer data and meet PCI requirements.

From key insights into encryption and tokenization technologies to case studies of actual merchants taking grand security steps, as well as videos and podcasts that aim to education merchants on how best to secure their transactions, we will cover a wide range of valuable topics.

So, our goal is to get merchants out of the credit card business and SecurityCents will help them reach this milestone.  In addition, we hope to make this a community where merchants can share their thoughts, ideas and best practices.   So, please feel free to share your story and let’s collectively make SecurityCents a successful resource for all merchants.