The security of your data is critical to your business. Credit card fraud topped $24.7 billion in 2016, according to Nilson. Hoteliers must follow strict rules based on the Payment Card Industry Data Security Standard (PCI DSS), which requires all companies that accept, process, store or transmit credit card information to maintain a secure data environment.
While it’s important to have PCI compliant technology partners like SkyTouch Technology at your hotel, there are common mistakes your staff might be making that can still make your guest data vulnerable. So, it’s critical that hoteliers implement the right processes to protect data integrity. SkyTouch recently held a webinar to share these insights regarding how hoteliers can protect their businesses with some easy-to-follow policies. Be sure to watch the entire webinar here.
According to data security expert Ed Vasco, CEO of cybersecurity company Terre Verde, hotel staff may be inadvertently making credit card data vulnerable to theft. Here are some of the highlights that can help protect your business.
The High Cost of a Breach
Vasco said it could cost as much as $21,000 when a breach occurs for a select service hotel. He added, “60 to 85 percent of businesses go out of business once they’ve had a breach of some form.”
The lesson: don’t be lulled into thinking traditional technologies such as antivirus products and firewalls are the only protections you need. That’s a false sense of security, says Vasco. Newer attacks such as phishing scams, ransomware and cryptoware are more likely to make it through hotel systems undetected and require a different response.
Avoid Credit Card Authorization Forms
To prevent potential data theft, which may not always be possible, Vasco said, “Stop taking those credit cards via fax or email. It creates a significant amount of exposure and significant amount of risk for your organization,” said Vasco. He noted that if you must use a credit card authorization form, get rid of the paperwork as quickly as possible and do not keep it stored onsite for an extended period. To be safe, shred and destroy. Plus, he added, you’re not supposed to store sensitive authentication data, even if it’s encrypted in some format.
Saved Emails Could cost You
Vasco said emails are “very, very difficult to secure.” He said it creates a significant amount of challenges for hotelier, and if you keep that data around it will significantly increase the costs associated with PCI DSS compliance. He recommends educating guests to never send any sort of credit card via fax or email, which will at least minimize exposure.
Third Shift Most Susceptible to Fraud
Vasco said he’s frequently seen a common scenario during the overnight shift. A call comes in from someone posing as an agent from the corporate office, or the company’s help desk. The person will say they must get system access to make certain things are patched or some other important sounding story. They’ll ask you to share a hotel computer’s desktop, which they’ll then use to install malware, for example. That exposes the hotel to future breaches. Rather than take incoming calls, be sure to arm your team with phone numbers so they can call to initiate a call instead.
Secure Your Systems
Aside from breach preventing technology, it’s essential to implement strong access controls. A user ID and password should just be the first step. Vasco recommended a secondary authentication method, such as a code sent via SMS. Also, make sure someone is regularly monitoring and testing network security. And keep up to date on changing PCI compliance security standards.
Want to make sure your system is up to snuff?
We are offering a complimentary PCI Compliance Review valued at $1,000, courtesy of Terra Verde. Plus, you’ll receive a 10% discount on any of their services or managed security solutions, should you purchase one of their services.