Earlier this year, a report from SpiderLabs came up with the startling fact that data within hotel computer systems were breached more than in financial institutions in 2009 and that nearly all the attacks were targeted at the repository of payment-card data. In fact, the ratio of attacks in the hotel industry (38%) was exactly double that of those in the financial industry (19%).That unsurprising conclusion was on the heels of reports of one of the largest credit-card data compromises for a hotel chain when a hacker put eight million people at risk of ID fraud by selling the details to the Russian mafia.
The New York Times ran a report explaining why hackers went after hotels more so than other industries including retail. The self-evident reason offered was that “hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security the greatest amount of credit card information can be obtained using the most simplified methods.” The industry remains a step behind the hackers who employ sophisticated sytems that vary depening on the targeted hotel/s. Unhelpful to the process of thwarting the cyber-thieves is the peripatetic nature of hotel clients, many of whom fail to check their credit card statements early and often enough resulting in long lead times for the perpertrators to salt away their ill-gotten gains. Add to that is the recent trend in frugality brought on by the recession of guests using debit cards instead of credit cards which puts customers at greater risks should they have large amounts in their bank accounts.
While many hotel companies have undertaken plans to implement new technology the failure to disclose, at least in broad stokes, those steps to the traveling public is arguably a disservice and does nothing to instill consumer confidence. Mercifully, there have been no reported attacks in the last 5-6 but it is unlikely the hackers are reposing quietly.
Nevertheless, recent technological innovation, outside the hospitality industry, is likely to enable hoteliers to keep one step ahead of those looking to purloin credit-card data. One such innovation is by Akamai, a leading web-services and content delivery technology company. Akamai is planning to launch its secure e-payment solutions early next year in the Asia-Pacific region, with Singapore as the hub. The service will enable any online merchanto convert credit card data to a token on Akamai’s cloud which will make it harder, though not impossible, for data-thieves to access the information. Named Akamai Edge Tokenisation, the e-payment security service will offer automatic compliance with the Payment Card Industry Data Security Standard. Akamai’s executive noted that “this service is a game changer that will free merchants from an environment where credit card information is stored in local data centres, at high risk of being stolen by data thieves.” While it is appears to be a significant technological lead forward in terms of a barrier to data theft, hospitality companies will need to retool PMSs and CRS systems to ensure that guest data that necessarily will remain in them for marketing and CRM purposes is bereft of the critical piece, credit card numbers, sought by cyber-hackers.
