- Home
- About Us
- Membership
- Qualifications
- Accreditation
- Information Services
- Publications
- News
- Latest News
- Insight News January 2012
- The Institutes new improved e-resources
- Institute Fellows recognised in New Year Honours list
- Market your accessibility for free
- The Institute promotes ‘Room to Change’ conferences
- Calling all chefs - Win a luxury trip to Thailand
- Free introduction service matches hotels with trained receptionists
- Hospitality Assured success reaches Jamaica
- Concierges beware
- Branch News
- 2011 News
- Newsletter Archive
- Events
- Career Management
Safeguarding Customer Data: New Guidance from Visa
Visa has published new advice to help the hospitality industry safeguard customer data. ‘Hospitality Breaches on the Rise’ offers insight on how cyber-criminals target hotels, and guidance on how data can be protected to help businesses comply with the Payment Card Industry Data Security Standard (PCI DSS).
The hospitality sector is the biggest victim of data security breaches in the world, according to Trustwave, a global provider of IT security and compliance headquartered in Chicago. Its latest Global Security Report found that hospitality businesses accounted for 38% of all data security breaches last year, compared to 19% for financial services and 14% for retail.
Hotels can have more complex payment systems than other retail businesses, making it harder for them to achieve PCI DSS compliance. Compared with some retailers who may have only one point-of-sale, customer card data is stored and retrieved at multiple pay terminals within hotels, such as the reservation desk, restaurant, bar, or for room service, internet access and online bookings.
Visa Europe and Trustwave, in consultation with leading hotels, have developed a series of recommendations to help hoteliers and franchises lower the risk of security breaches:
- Change vendor-supplied defaults for passwords or other security information for Hotel Management Systems (HMS) and Point of Sale (POS) payment systems. The HMS is the central and core component in which cardholder data is stored, processed and transmitted to perform authorisation and settlement across other payment terminals in the network
- NULL sessions (unauthenticated connections to a Windows computer) should be disabled. This is the number one method for hackers to gain information on passwords, groups, services and users
- Install and maintain a firewall to protect data. HMS and POS payment systems should not be directly accessible via the Internet; inbound traffic should be blocked and outbound services should be filtered
- Assign a unique ID to each person with computer access and implement a dual-factor authentication method for remote system access via the Internet. This will mitigate unauthorised access into HMS and POS payment systems
- Track and monitor all access to network resources and cardholder data to track and monitor anomalies and suspicious attack activity
Visa is introducing a range of guidelines for retailers including advice on emerging technologies such as data encryption and tokenisation, which help secure card data when it is either being moved or stored and make it simpler to achieve PCI DSS compliance.
For more on Visa’s PCI DSS compliance guidelines and Visa’s ‘Hospitality Breaches on the Rise’ white paper go to visaeurope.com website under vulnerabilities.
