Tag Archives: Security

by | September 9, 2010 · 3:46 am

Hospitality Industry Information Security: The Key To Cyber-Security Is Adopting Encryption AND Tokenization, But Payment Processors Must Adopt Standards First

“Encryption is a process that jumbles personal data into unreadable letters and numbers every time a credit card is swiped….

…Any info about that credit card going forward … none of the credit card information is stored, it’s the token that is stored.”

“Encryption fundamentally is a math algorithm, but it’s a very complicated math algorithm,” Roman said during a recent telephone interview. The information can only be deciphered with a key.

“When an encrypted signal is sent to the intended party, the intended party’s encryption has a key to decrypt and read the message and display it on the screen in readable alpha numerics,” Roman said. “It’s built into the receiving end of each encryption software.”

Encryption jumbles information as it’s transmitted from one system to the other, but it doesn’t necessarily account for data that’s being stored. That’s where tokenization comes in, said Chainrai Waney, an IT consultant who’s worked in data center operations for more than 25 years.

When that card is swiped there’s some sort of a front-end application that generates a token (a line of random numbers) that has nothing to do with that credit card number,” he said. “Any info about that credit card going forward … none of the credit card information is stored, it’s the token that is stored.”
 
A token is a globally unique identifier, generated randomly, and it only has meaning to the sender who provides it and to the processing center that’s purchased it, Roman said.

Noble has yet to adopt tokenization, Garrido said. The company is waiting for payment processors to make the next move.

“They’ve talked about being able to take the data out of the property,” he said. In other words, the processing companies would store the data and send a token back to vendors. No definitive solution has yet been approved, however.   ‘

For more:  http://www.hospitalitynet.org/external/4048209.html

Comments Off on Hospitality Industry Information Security: The Key To Cyber-Security Is Adopting Encryption AND Tokenization, But Payment Processors Must Adopt Standards First

Filed under Crime, Insurance, Liability, Risk Management, Theft, Training

Tagged as , , ,

by | June 23, 2010 · 7:03 am

Hotel Security Risk Prevention: San Diego Police Initiate Pilot Program Linking Hotel Security And Surveillance Cameras To Police Squad Cars

“…If hotel staff call the police, an officer in a squad car can click the hotel location on a Google map, and immediately see live video from the hotel’s security cameras. Police say this will allow them to see crimes in progress, to see suspects and see which way they’re going when they flee…”

San Diego police have begun a pilot program that gives officers access to security camera video inside their squad cars. Officers see it as the way of the future.

The program is a partnership between San Diego Police Department and the Hotel Indigo, located downtown. If hotel staff call the police, an officer in a squad car can click the hotel location on a Google map, and immediately see live video from the hotel’s security cameras. Police say this will allow them to see crimes in progress, to see suspects and see which way they’re going when they flee. The privacy of hotel patrons was a concern. But Mayor Jerry Sanders said cameras are already a fact of life.

For more:   http://www.kpbs.org/news/2010/jun/02/police-create-web-link-security-cameras/

Comments Off on Hotel Security Risk Prevention: San Diego Police Initiate Pilot Program Linking Hotel Security And Surveillance Cameras To Police Squad Cars

Filed under Crime, Injuries, Liability, Risk Management, Theft

Tagged as , , , , ,

by | June 21, 2010 · 6:57 am

Hotel Security And Surveillance Systems: New Jersey Hotel Employee Receives $2.5 Million Settlement From Security System Company After Panic Button Fails To Work During Attack

 “…Vanwell Electronics, the alarm company that installed and maintained the hotel’s security system, agreed to pay Grajales $2.5 million to settle her lawsuit…”

“Vanwell knew for 16 weeks the (security) line wasn’t properly connected and did nothing about it,” said her lawyer, David Mazie, who filed the claim in Essex County because Vanwell also conducts business there.”

Kimberly Grajales was working the overnight shift as a clerk at the Hampton Inn in Carlstadt when a mentally disturbed man climbed over the front desk and attacked her. Grajales managed to push the panic button on the wall, and thought police would soon arrive. No one came.

The silent alarm at the Bergen County hotel had been broken for months, and Grajales ended up struggling with her attacker for 30 minutes before escaping to another guest’s room, where she dialed 911. A hotel surveillance camera captured the 4 a.m. incident, which happened on July 4, 2008. The attacker nearly bit off Grajales’ finger, and the panic button was stained with her blood, local police said.

For more:  http://www.nj.com/news/index.ssf/2010/06/alarm_company_settles_lawsuit.html

Comments Off on Hotel Security And Surveillance Systems: New Jersey Hotel Employee Receives $2.5 Million Settlement From Security System Company After Panic Button Fails To Work During Attack

Filed under Crime, Injuries, Liability, Risk Management

Tagged as , , ,

by | June 3, 2010 · 5:53 am

Hotel Industry Safety And Security Risks: Major Hotel Chain Testing “Smart Phone” Application For Keyless Room Entry Which Could Expose Hotel Guests To Potential Risks

“…not all properties are as security-conscious as others. “

At this point we don’t know if there will be would-be prowlers hopefully beeping at locked hotel room doors or how glitchy the system could be.

Hackers also target hotels not only because they give up the goods pretty easily, but on average it takes a hotel about five months to figure out they’ve been hacked.

So far, little is known about the Open Ways application, including its vulnerabilities

Also, hotels as a rule, are known as easy pickings for hackers looking to find credit card numbers and other forms of identification. Because many are independently owned and operated, not all hotels in the same chain will have the same amount of security. and how it works in relation to the hotel system.

For more:  http://industry.bnet.com/travel/10006366/smartphones-as-hotel-room-keys-not-so-fast/

Comments Off on Hotel Industry Safety And Security Risks: Major Hotel Chain Testing “Smart Phone” Application For Keyless Room Entry Which Could Expose Hotel Guests To Potential Risks

Filed under Crime, Insurance, Liability, Theft

Tagged as , , , ,

by | March 10, 2010 · 5:23 am

Hotel Industry Cybercrime: Los Angeles Westin Bonaventure Hotel Disloses Credit Card Security Breach At Four Restaurants

According to Westin, its four restaurants – Lake View Bistro, Lobby Court Bar, Bonavista Lounge, L.A. Prime – along with its valet parking operation may have suffered a data security breach between April and December last year.

(From a InfoSecurity-us.com article)  In further proof that the hospitality industry is becoming a prime target for hackers, The Westin Bonaventure Hotel and Suites has admitted a likely data security breach.

According to a statement issued by Westin, compromised data may include names printed on customer credit or debit cards, card numbers, and expiration dates.

“Guests who used or visited the affected businesses during the eight month-period and who used a credit or debit card to pay their bills directly to the restaurants and valet parking might have had such information compromised and are encouraged to review their statements from that time period,” Westin said.

Although the company gave advice on how to place a full alert on a credit file, it did not offer any credit protection services for potential victims in the statement.

According to the 2010 Global Security Report from Trustwave, hospitality companies became the most breached sector in 2009, representing just over a third of all breaches. That said, the majority of these cases stemmed from a single site breach, the company said at the time.

However, hospitality breaches appear to be mounting. Wyndham Hotels and Resorts also suffered a security breach between late October last year and January. It is not clear whether the Wyndham hack was the single site breach reported by Trustwave, but the hospitality firm said that a hacker went through centralized network connections. “The hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers,” Wyndham Hotels and Resorts said at the time.

Westin said that although customers of its restaurants and valet operation may have been compromised, the hacker did not gain access to customer card data stored in the system that stored credit card information for its hotel guests.

The Westin Bonaventure Hotel and Suites is independently owned by Today’s IV, Inc. and operated by Interstate Hotels & Resorts, Inc. under a license issued by Westin Hotel Management.

http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/

Comments Off on Hotel Industry Cybercrime: Los Angeles Westin Bonaventure Hotel Disloses Credit Card Security Breach At Four Restaurants

Filed under Crime, Liability

Tagged as , , , ,

by | February 26, 2010 · 6:07 am

Hospitality Industry Privacy: Hotels Must Safeguard Guests’ Privacy And Provide Better Hotel Security As Erin Andrews Incident Demonstrated

On October 12, the television magazine Inside Edition aired a segment in which they visited several hotels to reserve a room next to an employee who was posing as a hotel guest. In each case, the hotel was unaware of the purported sting operation. In each case, without challenging the inquirer, the reservationist complied.

  As a result of the unauthorized video release on the Internet and the suspect’s demonstrated pattern of stalking Ms. Andrews, several news media organizations are calling or visiting hotels and asking for specific rooms, next to specific registered guests (typically undercover media producers posing as registered guests) to see what security measures are in place at the hotel. Commonly referred to as “tabloid journalism,” various media outlets have resorted to these stings to entrap hoteliers doing something wrong and to boost their viewership ratings.

  On October 12, the television magazine Inside Edition aired a segment in which they visited several hotels to reserve a room next to an employee who was posing as a hotel guest. In each case, the hotel was unaware of the purported sting operation. In each case, without challenging the inquirer, the reservationist complied.

So, what can and should hotels do to avoid falling prey to investigative reporters and more importantly ensure the safety and privacy of their guests? Here are eight steps to get started:

  1. ESPN's Erin Andrews

    Immediately start discussing this case with the hotel’s front desk and reservation staff. Make sure that everyone realizes the widespread magnitude and fallout of the privacy violation of Ms. Andrews. If you need more info, “Google” Erin Andrews, and you can get all the latest news from the Internet. In fact, just by searching the keywords “hotel” and “peeping tom” more than 213,000 hits will be revealed in Google, almost all referring to the Erin Andrews incident. And of course the name of the hotel where the incident occurred appears in nearly every hit.

  2. Revisit basic hotel security and privacy procedures, and do some staff training at your hotel. Now more than ever it is appropriate to ask more questions of guests, challenge suspicious people on your property, and evaluate your security cameras, security policies, locking entrance doors, elevator and stairwell access, etc. And expect the stings by investigative journalist to continue into the foreseeable future.
  3. Empower hotel employees to challenge requests for rooms next to other guests. Hotel staff members should ask the requestor why they would like a specific room, and what their relationship is with the person they are requesting to be housed adjacent to. Do not grant the special room request without contacting the other guest and securing their permission; ask them if they know the person who is requesting the special room. We all hate to say “NO” to anyone for anything, but times have changed, and a hotel must take a more proactive stance in guest safety and privacy.
  4. To the extent possible, do not block VIP guests or celebrities in rooms until the morning of arrival. Only advise non-management employees about the name and room number of the celebrity on a “need to know basis” and never in advance of arrival. This will help prevent the identity and location of the celebrity from becoming known outside the hotel and individuals seeking accommodations near the celebrity’s guestroom.
  5. Be more curious and suspicious, and allow staff members some leeway in also being more careful. Do not criticize or punish employees for being too safe. Remember, it is a different world out there from a few years ago. Safety and privacy must be the first priority of every hotel nowadays. Guests expect nothing less.
  6. If a guest complains, IT DOESN’T MEAN YOU DID SOMETHING WRONG! I have to keep reminding my clients of this fact. Sometimes guests “think” they know a law, or industry standard, when in fact many do not know what they are talking about. Hotel employees have every right to ask more questions of a guest who is requesting a room next to someone else, to refuse to connect a caller to a room number where they do not know the registered guest’s name, or to ask questions of a guest loitering around the hotel.
  7. Change your mindset from an immediate “YES” to a more carefully thought out response to guest requests that places safety and privacy at the forefront. Start evaluating guest requests more carefully, and how they may apply to guest security issues. “YES” is always the appropriate response if the request does not compromise the safety and privacy of others or the hotel. If it does, then the correct response is a courteous “NO” with the offer of a suitable alternative (if possible).
  8. Remember, Management retains the right to ask any news media personnel off hotel premises. You do not “have” to answer questions, especially if the media “ambushes” you with cameras in your face. If you find someone walking around your property doing a secret undercover investigation, you can order them off your property immediately. Hotels are considered private property and Management retains complete control of who can and cannot be on your property, as long as such ejection does not violate regulations, statutes or ordinances designed to eliminate illegal discrimination in hotels. Train all employees to refer all media requests only to the hotel’s designated spokesperson and discipline or terminate employees who fail to comply with the workplace rule. Finally, call the police for assistance if media refuse to comply with requests to leave the hotel’s premises.  

(Todd Seiders, CLSD, is director of risk management for Petra Risk Solutions, which provides a full-range of risk management and insurance services for hospitality owners and operators. Their website is: www.petrarisksolutions.com. Todd can be reached at 800-466-8951 or via e-mail at: todds@petrarisksolutions.com.)

Comments Off on Hospitality Industry Privacy: Hotels Must Safeguard Guests’ Privacy And Provide Better Hotel Security As Erin Andrews Incident Demonstrated

Filed under Insurance, Liability, Training

Tagged as , , ,