Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Posts Tagged ‘ HTNG ’

Chartered as a working group of Hotel Technology Next Generation (HTNG), at least sixteen major hotel groups from around the world plan to work together to develop an industry security framework for handling sensitive credit card data – this includes dramatically improving the security of credit card processing by and for hotels while significantly reducing overall costs.

Following is an exclusive podcast with Douglas C. Rice, Executive Vice President and CEO, Hotel Technology Next Generation (HTNG), who discusses this new working group.

Hospital Technology Next Generation (HTNG) is an association that we’ve been working closely with.  We have been impressed with their efforts in helping hoteliers take an active stance against cyber criminals. The organization plays a major role in advocating for best payment security practices for hotels, and our own Sue Zloth, is actively involved in HTNG working groups.

Now the group has launched this comprehensive web site called “HTNG is Improving Hotel Credit Card Security” that serves as a key resource for hoteliers to learn more about protecting their customer data.  Douglas Rice, Executive Vice President and CEO, to discuss this new initiative and other key payment security trends for hoteliers in our latest podcast on the Merchant Link SecurityCents HITEC page.

What trends do you think will be featured at HITEC?  Join the conversation on our HITEC page and leave a comment.  Interested in being a guest blogger and providing our readers with your perspectives?  Send me an email.

This week, Hotel Technology Next Generation (HTNG) is gathering for its North America Members Meeting in San Diego.  Before the show kicked off, we wanted to know what to expect.  What would be the hottest topics for the show?  What payment security trends are impacting the hospitality industry?

We were fortunate enough to interview Sue Zloth, chair of the Payments and Data Security work group, and co-chair of the Software Forum for HTNG who shared her insights.

Listen to the podcast here.

Stay tuned for more exclusive podcasts on SecurityCents!

By Todd Reed

It is hard to believe the year is already ending. Recently, my colleague wrote a blog post looking back at the issues that impacted the retail industry in 2010. Many of these issues hit the vertical that I work in—hotel and lodging. Yet when I look back there are a few things in particular that were unique to hotels.

Target Practice
One could say 2010 was the year a target was placed on the back of this industry. After several notable hotel breaches, it was reported that the hotel and lodging sector of the hospitality industry was the #1 target for hackers. One of the top five Hotel Chains reported several breaches followed by one of the top ten Resort Management Companies as well as several others in between. Hotels were being targeted because of the large amount of credit card data in their systems and because a majority of them neglect to implement the most basic security precautions, making it easy for hackers to access this information through a property management system (PMS) or point-of-sale system (POS).

While the industry is working on creating standards for securing credit card data and network systems that hold sensitive consumer data, they are not yet as advanced as retail merchants. Retail has long suffered targeted attacks and is proactively seeking solutions that can protect the full cycle of a payment transaction. After this year, I expect that the hotel industry will also be proactive in its approach and seeking both tokenization and encryption solutions to protect its customers.

Creating a Standard
The industry has not stayed stagnant in the wake of attacks. In fact, several groups have come together to create standards that will help the hotel and lodging industry. In October, the Payment Card Industry Security Standards Council (PCI SSC) revised merchant requirements when accepting or transferring credit card data. Version 2.0 of the standards was mainly revisions and clarification of existing guidance. But for the first time, guidance was provided for point-to-point encryption (P2PE). Soon, guidance will also be issued for tokenization as well. Merchants will be able to turn to this guidance as they determine an appropriate solution to secure their data.

The Hotel Technology Next Generation Group (HTNG) has also been working to develop standards for merchants. The group provided a list of helpful resources for hoteliers this year, including a new Wiki with updates on working group efforts and details on products and services that have met HTNG standards.

Implementing a Solution
Hotel IT professionals are now working fast to familiarize themselves with all the basic security measures that need to be in place and are implementing new strategies. Some hotels have already taken more advanced measures to protect credit card data. Tokenization and encryption will be the key for this industry. One solution alone will not be the answer to protecting the hotel industry from attack, but a combined approach to security with advanced technologies is a necessary step in the right direction.

By: Tim Kinsella

This weekend, I’m off to New York with my team to attend the International Hotel, Motel + Restaurant Show.  As I am getting ready for the show, I wonder how much of the conversation on the show floor will be centered on payment security.   I’ve been to many shows this year, and was not surprised about the level of conversation around tokenization, encryption and other solutions to secure the payment process.  With the PCI guidance document regarding Point to Point Encryption coming out recently, I suspect I’ll find similar interest this week.

So, in light of the event and the conversations I suspect we’ll be having, I thought I’d take a few minutes to  provide a list of the top 5 web resources for insights and information on payments and transaction security for hospitality and restaurant executives.

With hackers looking to steal customer credit card data from hotels, motels and restaurants, now is the time to arm yourself with the tools and information you need to protect your enterprises.  These following resources can help you stay on top of the latest discussions and best practices:

1.      Hospital Technology Group (HTNG) Newsletters: HTNG is a global trade association that fosters the development of next-generation solutions between hoteliers and technology providers, especially in the area of transaction security.  HTNG offers two key newsletters:  “HTNG Interface” and “Outreach.”  Both newsletters provide deep content on technology,  security solutions and trends for hoteliers.  Check them both out here.

2.      Payments  Systems Network LinkedIn Group: With more than 21,000 members, this LinkedIn groups is an excellent destination to participate in industry discussions, and find out exactly what is going on in the payments industry.  Be sure to join this group here.

3.      Hotel Technology Resource: This one-stop-shop for all news and resources for hospitality technology, offers everything from tech trends to jobs to breaking industry news.  Check it out here.

4.      PCI Council Merchant Portal: Being PCI compliant is a challenge for many merchants, restaurateurs and hoteliers, so what better way to keep up-to-date than to go directly to the source.  The PCI Council has a new merchant portal where you will find what you need to know about the PCI Security Standards.  Check it out here.

5. This online media channel captures user-generated and expert-driven commentary, information, news and analysis on “what’s next” in the payments sector – to give you a flavor of what’s happening in the payments industry. I’d recommend you create a profile and start sharing your opinions.  Check it out here.

Any others that I’ve missed?  Feel free to add a comment below.  We hope everyone has a productive time at IHMRS in New York City next week!