Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

 Three major hotel industry associations, including the American Hotel & Lodging Association (AH&LA), Hotel Technology Next Generation (HTNG), and Hospitality Financial and Technology Professionals (HFTP) today issued the following joint statement to hotels regarding organized cyber crime attacks on credit card data. It identifies actions that hotels — and not their system vendors — need to take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached.

  • Cyber criminals are systematically attacking systems that store credit card data
  • Criminal organizations are highly structured and integrated with the world’s organized crime rings
  • Attacks on hotels are highly targeted and effective
  • Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards.
  • The most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place
  • Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

The three actions are:

  1. Eliminate EVERY default password on EVERY machine on your network — server, workstation, router, firewall, and any other device that has a password.
  2. Eliminate holes in remote access to systems inside your network
  3. Get a firewall and configure it properly. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall

For more:  http://www.hospitalitynet.org/news/154000320/4050609.html

(Visited 61 times, 1 visits today)

Comments Off on Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Training

Comments are closed.