By Todd Reed


It is hard to believe the year is already ending. Recently, my colleague wrote a blog post looking back at the issues that impacted the retail industry in 2010. Many of these issues hit the vertical that I work in—hotel and lodging. Yet when I look back there are a few things in particular that were unique to hotels.

Target Practice
One could say 2010 was the year a target was placed on the back of this industry. After several notable hotel breaches, it was reported that the hotel and lodging sector of the hospitality industry was the #1 target for hackers. One of the top five Hotel Chains reported several breaches followed by one of the top ten Resort Management Companies as well as several others in between. Hotels were being targeted because of the large amount of credit card data in their systems and because a majority of them neglect to implement the most basic security precautions, making it easy for hackers to access this information through a property management system (PMS) or point-of-sale system (POS).

While the industry is working on creating standards for securing credit card data and network systems that hold sensitive consumer data, they are not yet as advanced as retail merchants. Retail has long suffered targeted attacks and is proactively seeking solutions that can protect the full cycle of a payment transaction. After this year, I expect that the hotel industry will also be proactive in its approach and seeking both tokenization and encryption solutions to protect its customers.

Creating a Standard
The industry has not stayed stagnant in the wake of attacks. In fact, several groups have come together to create standards that will help the hotel and lodging industry. In October, the Payment Card Industry Security Standards Council (PCI SSC) revised merchant requirements when accepting or transferring credit card data. Version 2.0 of the standards was mainly revisions and clarification of existing guidance. But for the first time, guidance was provided for point-to-point encryption (P2PE). Soon, guidance will also be issued for tokenization as well. Merchants will be able to turn to this guidance as they determine an appropriate solution to secure their data.

The Hotel Technology Next Generation Group (HTNG) has also been working to develop standards for merchants. The group provided a list of helpful resources for hoteliers this year, including a new Wiki with updates on working group efforts and details on products and services that have met HTNG standards.

Implementing a Solution
Hotel IT professionals are now working fast to familiarize themselves with all the basic security measures that need to be in place and are implementing new strategies. Some hotels have already taken more advanced measures to protect credit card data. Tokenization and encryption will be the key for this industry. One solution alone will not be the answer to protecting the hotel industry from attack, but a combined approach to security with advanced technologies is a necessary step in the right direction.

Write a Comment