Hotels Unprepared When it Comes to Payment Security
When it comes to payment and data breaches, the hotel industry in general is woefully unprepared. Hotels did reveal to Hospitality Technology magazine that payment and data security would be their top focus for technology in 2017, and all you need to do is glance at recent headlines to realize why this is with good reason. The hospitality industry is a favorite for hackers, as recent reports indicate that hotels are the most breached type of business.
“Hackers love hospitality,” said John Bell, founder of security consulting firm Ajontech, LLC, in an interview with HT. This statement is corroborated by Verizon’s 2016 Data Breach Investigations Report, which states, “nearly three quarters (74%) of all threats to security in the hospitality industry involved POS intrusions. And they accounted for 95% of breaches, where data was confirmed stolen.”
Unfortunately, however, when asked what their companies are doing to protect payment data, the results are troubling. According to Hospitality Technology’s 2017 Lodging Technology Study, 74% of hotels do not have breach protection and less than half use end-to-end encryption for cardholder data (49%) or use tokenization at the card swipe (46%).
Operators have been slow to make the switch to EMV systems, with many owners citing the cost of upgrading hardware as prohibitive. Less than half (44%) upgraded terminals for EMV/chip-based cards. Only 56% of hotels regularly test systems and processes. Overall, these figures are startlingly low, when considering the risk.
When asked to name a top strategic goal for technology in 2017, 40% of lodging operators name enhancing payment and data security, which came in second only to enhancing digital customer engagement. Improving security dropped from its first place ranking when it had 62% in the 2016 study. With the liability shift occurring in 2015, there was a laser focus in 2016 on EMV rollouts, however, overall, hotels still have a long way to go to ensure they have a layered security solution in place.
“Hackers love hospitality,” said John Bell, founder of security consulting firm Ajontech, LLC, in an interview with HT. This statement is corroborated by Verizon’s 2016 Data Breach Investigations Report, which states, “nearly three quarters (74%) of all threats to security in the hospitality industry involved POS intrusions. And they accounted for 95% of breaches, where data was confirmed stolen.”
Unfortunately, however, when asked what their companies are doing to protect payment data, the results are troubling. According to Hospitality Technology’s 2017 Lodging Technology Study, 74% of hotels do not have breach protection and less than half use end-to-end encryption for cardholder data (49%) or use tokenization at the card swipe (46%).
Operators have been slow to make the switch to EMV systems, with many owners citing the cost of upgrading hardware as prohibitive. Less than half (44%) upgraded terminals for EMV/chip-based cards. Only 56% of hotels regularly test systems and processes. Overall, these figures are startlingly low, when considering the risk.
When asked to name a top strategic goal for technology in 2017, 40% of lodging operators name enhancing payment and data security, which came in second only to enhancing digital customer engagement. Improving security dropped from its first place ranking when it had 62% in the 2016 study. With the liability shift occurring in 2015, there was a laser focus in 2016 on EMV rollouts, however, overall, hotels still have a long way to go to ensure they have a layered security solution in place.