Category Archives: Crime

How to Ramp Up Employee Cybersecurity Training

employee

In 2015, the hotel industry suffered unprecedented cyberattacks. In one month alone, Hyatt Hotels Corporation, Starwood Hotels & Resorts Worldwide and Hilton Worldwide Holdings all fell prey to savvy cyber thievery.

Hyatt confirmed hackers used malware to collect cardholder names, card numbers, expiration dates and verification codes from at least 250 hotels globally. Just a few days after the company announced its planned merger with Marriott International, Starwood Hotels also stated malware had been used to steal credit and debit card data that was found on point-of-sale cash registers.

Hilton also began investigating credit card breaches at several of its properties, including its Hilton, Embassy Suites, DoubleTree, Hampton Inn and Suites, and Waldorf Astoria Hotels & Resorts brands. Hilton confirmed the breach and, much like Hyatt and Starwood, cited unauthorized malware that targeted payment card information in point-of-sale systems as the cause of the breach. Additional hotels targeted by hackers in 2015 included The Trump Hotel Collection, Mandarin Oriental and White Lodging Services Corporation.

To help prevent breaches, management should take steps to clearly define employee policies and procedures, which include:

Create protocols for access and transfer of sensitive information

Once a hotel has its IT network secure, only certain individuals should have access to the data. Further, user activity should be monitored using insider threat detection solutions that notify management of suspicious activities, both externally and internally. This includes monitoring applications for phones or computers that have access to sensitive data.

Hoteliers should tighten all network security. Simple ways to help accomplish that include:

  • ensure logins expire after short periods of inactivity;
  • require strong passwords that are never written down in public or unsecured locations; and
  • scan devices for malware every time they are plugged in.

Confirm that off-site technology is secure

Data housed off-site should be routinely backed up, and hoteliers should ensure that Web application firewalls are cloud-based solutions that are secure and encrypted. Hoteliers also should use top-notch anti-malware software and update it routinely.

Securing paper files that might include personal information

Employee files are a major target area for data breaches by way of paper files. They are typically easy to access (particularly in smaller hotels) and provide a significant source of data for a low-tech inside job.

Employee files also might include medical information protected by HIPAA. According to the Department of Health and Human Services, hacking has been involved in the HIPAA breaches of nearly 3 million patient records since 2009. Employees across all industries, including hospitality, should be aware that this highly sensitive information needs to be protected.

For more: http://bit.ly/1mHKrMn

Comments Off on How to Ramp Up Employee Cybersecurity Training

Filed under Crime, Employee Practices, Hotel Employees, Hotel Industry, Management And Ownership, Risk Management, Training

Enhancing Check-in and Loyalty with ID Verification Solutions

Loyalty

There’s no weariness quite like the fatigue and impatience that sets in at the end of a long day of travel. You’ve made it through security gauntlets, cramped seats, noisy kids, and traffic to arrive at your destination. What’s next, a long line of your fellow crabby travelers, or a quick trip straight to your comfy room and minibar? As an hotelier, you know which of these customer experiences translates into greater loyalty, advocacy, and revenue.

 

When it comes to business and personal travel, customer expectations have always been high; customers increasingly expect more convenience, personalization, and flexibility from hospitality brands. Online booking options, mobile technology, and social media reviews have made the market intensely competitive. Customer loyalty is a key driver for revenue growth and competitive advantage. In fact, a recent Forrester study commissioned by Sabre Hospitality found that a 1-point score increase on their Customer Experience Index provides $6.52 in annual incremental revenue per customer—a significant cumulative impact, especially for larger brands.

The same study found that two-thirds of leisure travelers and more than half of business travelers claim they are not loyal to any hotel brand. The study’s findings point to intelligent applications of technology and data as primary avenues for improving customer experience and loyalty, with an emphasis on integrated enterprise solutions. Feel-good experiences engender loyalty more surely than cost or convenience, and loyalty translates directly to good news for the bottom line. How can we begin to incorporate technology that leaves customers raving about their experience and returning for more the next time they travel?

One of the big pain points for customers—the dreaded check-in process—presents a huge opportunity for hotels that extends well past what happens at the front desk. Solutions for scanning and verifying IDs and passports, including mobile scanning and self-service kiosks, are transforming the check-in process and providing a key link between customers and data-driven, integrated hospitality platforms. With mobile scanning, check-in can begin anywhere (even remotely) and be completed in less time with fewer errors. Advanced scanning solutions quickly and accurately read all data off drivers’ licenses, passports, and other official identity cards, automatically populate data records and store a digital replica of the ID for regulatory and security purposes.

Once a guest’s ID data has been scanned into records, it can then be cross-checked with other databases (DMV, credit bureaus, etc.) to verify the customer’s identity. The data can also be connected with the hotel’s enterprise systems for security, billing, and customer service management, as well as personalization and loyalty programs. The ability to quickly and accurately gather this data at the point of entry eases and enriches all the subsequent processes and interactions that rely on such data. These days, customers expect that you have their information and will use it to provide them with a more polished and personal experience. The information scanned at check-in can also be used for seamless sign-up to loyalty programs. Hotels and casinos have found that insights and information gleaned from this data allow them to tailor rewards to guests’ preferences and analyze guest spending patterns in response to various promotions.

A recent Software Advice study of hotel guest preferences found that 60 percent of respondents would be more likely to choose a hotel that allows check-in and keyless entry via smartphone, and 37 percent are more likely to choose a hotel with lobby technology such as self-service kiosks. This follows the general preference of Millennials for automated customer service options. It’s also reassuringly good news for hotels striving to deliver better customer service while controlling staffing costs. Front desk agents can spend more time on personal greetings, solving exceptions, and addressing complaints when they are freed from manual data entry tasks. A serene, smoothly run lobby makes for a more welcoming space than one crammed with guests waiting to check-in.

For more: http://bit.ly/1QcmxGI

Comments Off on Enhancing Check-in and Loyalty with ID Verification Solutions

Filed under Crime, Guest Issues, Hotel Industry, Management And Ownership, Risk Management, Theft, Training

Embassy Suites Let Attacker Into Woman’s Room

Embassy

A New Jersey woman who was sexually assaulted while staying at the Embassy Suites in downtown Des Moines has filed a lawsuit claiming staff members unwittingly let her attacker into her seventh-floor room.

Cheri Marchionda is suing both Embassy Suites and Hilton Worldwide, as well as Atrium Finance III, the company that owns the Des Moines hotel.

She was staying at the East Village hotel during a business trip when she awoke sometime after midnight on April 11, 2014, to find Christopher Edward LaPointe standing at the foot of her bed and touching her leg.

LaPointe, 31, a New York resident also staying at the hotel, is now serving a 20-year prison sentence at the Iowa Medical and Classification Center after pleading guilty to burglary and sexual abuse charges in December 2014.

In a federal lawsuit on track to go to trial in Des Moines, lawyers from a Pennsylvania firm representing Marchionda wrote that a manager, a desk clerk and a maintenance man all helped LaPointe get into the woman’s room without asking Marchionda whether he had permission to be there.

Though the Des Moines Register does not typically identify sexual assault victims in criminal cases, it does publish plaintiffs’ names in reporting on civil lawsuits. Reached by phone Wednesday, Marchionda’s lawyers said she did not currently want to speak publicly about the case.

“Each defendant owed a special duty of care to her, including a duty to provide for and assure her safety and security while at the hotel,” attorneys Paul Brandes and Michael Hanamirian wrote in the lawsuit. “To not expose her to burglary, assaults or attacks by others … and to not assist others in burglarizing, assaulting or attacking her.”

The negligence lawsuit was filed in a New Jersey federal court district in June, but was moved Tuesday to Iowa after lawyers couldn’t agree on a settlement during nonbinding mediation earlier in December. None of the defendants have filed an answer in court to the lawsuit, though a motion to dismiss over jurisdictional issues was denied by a judge.

The general manager at the Des Moines hotel did not immediately return a reporter’s phone call this week. Maggie Giddens, a public relations director for the hotel chain, said the company could not publicly comment because of the ongoing litigation.

The claims in Marchionda’s lawsuit are similar to those from another that Los Angeles attorney Gloria Allred filed against Embassy Suites and its parent company, Hilton Worldwide, on behalf of a woman who was sexually assaulted while staying at one of their hotels in North Charleston, S.C.

For more: http://dmreg.co/1njFwCb

Comments Off on Embassy Suites Let Attacker Into Woman’s Room

Filed under Crime, Guest Issues, Hotel Industry, Liability, Management And Ownership

Hospitality Industry Security Update: “Developing a Cyberbreach Strategy”

RM_10.15_cyber_strategy-630x420

Throughout the business world, breaches have become a constant reminder of the critical need to assess and take action on cyberrisk. But they can also make addressing the issue seem like an ever more daunting task, leading many to either put off substantive measures or blindly buy the latest insurance or software to “take care” of the problem and move on.

“The biggest mistake companies make in the breach recovery process is just not being aware of the risk in the first place,” said John Mullen, managing partner at Lewis Brisbois Bisgaard & Smith LLP and chair of the firm’s data privacy and network security practice. “You would be amazed—I do up to 100 presentations a year, and at 80% of them, people still look at me like it’s the first time they have heard about it, and I have been doing this for over a decade. The people in the know are in the know, but there is an amazing amount of people who have no clue.”

There are countless ways a cyberbreach can unfold, and countless ways response can go wrong, but laying the strongest possible foundation ahead of time ultimately makes the difference between successful response and absolute disaster for a company that gets hacked or otherwise compromised. According to Mullen, a breach coach who reports that his firm sees a new breach case every business day of the year, “If you don’t do all of the prep stuff, you’ll never get response right.”

For more: http://bit.ly/1GycVMP

Comments Off on Hospitality Industry Security Update: “Developing a Cyberbreach Strategy”

Filed under Crime, Hotel Industry, Management And Ownership, Risk Management, Technology

Hospitality Industry Technology Update: “Are You Ready For EMV Card Adoption?”

Current standard-issue American credit cards store personal information in a magnetic stripe on the back of the card. EMV cards, however, store information on a secure computer emv cardschip,which generates a one-time-use security code for every transaction, making counterfeiting virtually impossible, according to the EMV Migration Forum, a consortium of industry players that support EMV chip implementation across the United States. 

Credit card security is a topic top of mind for any business that processes consumer payment data, and this October the stakes for U.S. businesses—including hotels—to comply with the latest wave of payment security will get higher.

It’s all part of a continuing wave for the United States to widely adopt EMV chip credit cards, which reduce counterfeiting and card fraud, but which require hardware and software upgrades on the part of the party processing the payment.

Beginning in October, new compliance language will shift the burden of liability for some types of fraudulent credit card transactions away from banks and ultimately on to merchants. Hoteliers who know these new liability burdens and are actively implementing technology upgrades to read these new cards will come out ahead, legal and technology sources said.

Knowing the reasons behind the change and the implications of noncompliance will help hoteliers make a seamless transition, sources said.

For more: http://bit.ly/1NavP2i

Comments Off on Hospitality Industry Technology Update: “Are You Ready For EMV Card Adoption?”

Filed under Crime, Hotel Industry, Management And Ownership, Risk Management, Technology

Hospitality Industry Legal Update: “Northwest Dallas Hotel is ‘hub for drug use, prostitution and violent crime,’ Says City Hall”

The city of Dallas has had enough, and late Thursday filed suit against the owners of the motel that looks decent enough on the outside but is anything but on the inside, according to the City Attorney’s Office. The city wants the court to order the owners to clean it up immediately or face thousand-dollar-a-day penalties until the laundry list of problems are remedied.

In early December, two men were shot and another man was injured (after he jumped out a window to escape being shot) at the Orange Extended Stay Motel on Finnell Street in Northwest Dallas, near Northwest Highway and N. Stemmons Freeway. Several residents told our Naheed Rajwani at the time they feel unsafe at the Orange and that, perhaps, it was time to move away from the crime-ridden (and poorly reviewed) hotel. Said one woman, “I’m scared, and I don’t want to end up losing my life being in this area.”

She had good reason to be concerned: On May 30, someone was shot to death at the hotel.

The city of Dallas has had enough, and late Thursday filed suit against the owners of the motel that looks decent enough on the outside but is anything but on the inside, according to the City Attorney’s Office. The city wants the court to order the owners — Carrollton-based Dynasty Hotel Group — to clean it up immediately or face thousand-dollar-a-day penalties until the laundry list of problems are remedied.

“The relatively well kept facade of this business belies the abhorrent physical conditions, habitual drug offenses, and violent crime that have pervaded its interior and for which the property has become known,” says the suit, signed by Assistant City Attorney Melissa Miles.

For more: http://bit.ly/1KkzKtx

Comments Off on Hospitality Industry Legal Update: “Northwest Dallas Hotel is ‘hub for drug use, prostitution and violent crime,’ Says City Hall”

Filed under Crime, Hotel Industry, Maintenance, Management And Ownership

Hospitality Industry Legal Update: “Are You Breaking the Law by Recording Calls?”

“Regardless of the content of the call, hoteliers should be ensuring that they are using automatic disclosures—in order to obtain consumer consenthotel-phone—if using an automatic recording system. If an operator becomes the target of one of these consumer privacy class actions, taking an aggressive approach and attacking these claims as incongruent with the legislative purpose and intent behind the respective statute is a recommended.”

In the past few years, class action plaintiffs have recovered billions of dollars in punitive damages by exploiting strict liability laws that punish businesses for failing to properly notify customers when a phone call is being recorded.

Under the Federal Telephone Consumer Protection Act and similar state statutes, businesses including hotels are prohibited from using certain tactics when telemarketing or making calls to solicit potential guests or customers. Hotels and other businesses are precluded from making calls or using any kind of prerecorded message, unless the caller has obtained a recipient’s prior express consent in writing or electronically.

Additionally, hoteliers are prohibited from making calls to residences before 8 a.m. and after 9 p.m., and a future hotel guest calling to confirm a reservation also must be notified if the call is recorded. Hence, under these laws, if a hotel receptionist in Montana receives a call from a California resident to confirm a reservation but never notifies the recipient that the call is being recorded, it could result in damages ranging from $500 to $5,000 per call under federal and state laws.

This seemingly innocuous business practice of recording customer service calls without providing some variation of the oft-heard disclosure, “This call may be monitored or recorded for quality assurance purposes” has the potential to financially cripple a business.

For more: http://bit.ly/1CBRlu6

Comments Off on Hospitality Industry Legal Update: “Are You Breaking the Law by Recording Calls?”

Filed under Crime, Employee Practices, Guest Issues, Hotel Employees, Hotel Industry, Liability, Management And Ownership, Technology, Training

Hospitality Industry Legal Update: “Patel v L.A. and What it Means for Hotel Operators”

“It was being used to circumvent case law and proper court procedure to obtain privacy information,1436387202_JULY ALB Patel v LA sidebar pic” Seiders said. “The police were using these local laws to avoid having to go through judicial review. I think that’s where it became abusive.

More than a decade ago, a group of hotel owners sued Los Angeles. Now their actions have caused reverberations in hotels throughout the country.

The U.S. Supreme Court ruled June 22 in City of Los Angeles v. Patel that the police practice of asking for a hotel’s guest registry without a warrant is unconstitutional.

“It’s certainly providing privacy protection and extending it to companies, both to the company owner and the guests that are there. It’s certainly a win for the hotels,” Attorney Dana Kravetz said.

“This is going to have widespread impact – and already has had widespread impact – on a host of cities and really the industry at large. It’s a powerful decision. It really sets it out pretty clearly as to what the police can or cannot do.”

This ruling goes beyond Los Angeles as so many other U.S. cities have similar ordinances, said Kravetz, managing partner of Michelman & Robinson and chair of the law firm’s hospitality group.

“It’s really a great day for the hotel industry,” said Frank Weiser, the attorney for the group of hotel owners (Patel). “It’s a great day for businesses throughout America.”

For more: http://bit.ly/1L35AJP

Comments Off on Hospitality Industry Legal Update: “Patel v L.A. and What it Means for Hotel Operators”

Filed under Crime, Guest Issues, Hotel Employees, Hotel Industry, Management And Ownership

Hospitality Industry Management Update: “Protect Your Property from Common Industry Scams”

To prevent any type of scam, Bragiel suggests that hoteliers establish reliable contacts within banks, businesses, and the hotel’s credit card processor. That way, if questions of authenticity arise,Scam the front desk staff can turn to trusted sources. “When in doubt, we always encourage our members to check with the folks they have relationships with,” says Bragiel

It could be disguised as a typical guest interaction: Someone checks in under a corporate account that does not require a credit card, only for management to later realize the guest was not an employee of the company. Or, it could be someone whose credit card fails to go through, so he or she provides the clerk with a false authorization code. Both of these scenarios are common lodging industry scams, pulled by con artists who exploit front desk protocols to get a free stay, and oftentimes managers don’t even know what happened until the guest is long gone.

Fraud is a growing issue in the United States, with retailers losing $32 million in 2014 to credit card scamming, up from $23 million in 2013, according to a recent Business Insider report. For hoteliers to avoid becoming a victim of one of these cons, it is important that they not only recognize the signs of common industry scams but also learn how to be proactive in protecting a property from vulnerability.

For more: http://bit.ly/1GKYRTh

Comments Off on Hospitality Industry Management Update: “Protect Your Property from Common Industry Scams”

Filed under Crime, Hotel Employees, Hotel Industry, Management And Ownership, Training

Hospitality Industry Risk Update: “Is Your Hotel Properly Collecting and Preserving Incident Related Evidence ?”

Videos can make or break a case. For example, in one case, video footage clearly showed that the plaintiff initiated the fist fight that was at the heart of his lawsuit.collecting evidence The video would have absolved the hotel from all liability, but the hotel failed to properly preserve this key piece of evidence.As a result, the case had to be settled instead of vigorously defended. Further, as digital surveillance systems continue to become the industry standard, judges have been less forgiving when it comes to claims that the pertinent footage was either lost or never preserved.

By the time a case reaches an attorney’s desk, all too often pertinent evidence either has been lost — or was never collected in the first place. California’s statute of limitations for a personal lawsuit is two years; consequently, an attorney’s first involvement in an incident on your property usually happens more than two years after the incident has occurred. If your hotel or resort has not properly gathered and preserved evidence, it becomes very challenging to recreate what transpired. Hence, it is imperative that; your hotel have formal written evidence retention policies; that first responders and security teams are properly trained on how to gather the evidence; and that hotel staff take steps to ensure that this evidence is preserved. Failing to collect and preserve evidence can turn a defensible case into a major settlement.

For more: http://bit.ly/1FPnjkz

Comments Off on Hospitality Industry Risk Update: “Is Your Hotel Properly Collecting and Preserving Incident Related Evidence ?”

Filed under Crime, Employee Practices, Hotel Employees, Hotel Industry, Insurance, Management And Ownership, Risk Management, Training