Security Breaches Persist, But Protection Policies Sluggish
Another day, another hotel breach. InterContinental Hotels Group recently joined the growing list of hotel companies acknowledging a security issue, disclosing a second security breach at 1,000+ hotels.
Earlier this year, the operator revealed that 12 of its hotels and restaurants were affected by a credit card breach. IHG says there is no evidence payment card data was accessed after that point, but it cannot confirm the malware was eradicated until two to three months later, when it began its investigation around the breach. The malware siphoned track data, including card numbers, expiration dates, and internal verification codes from the magnetic strips as they were routed through affected hotel servers.
Stories like this may keep security top of mind for hoteliers, but in many cases, fear of being breached has not translated to steps taken to enhance protection. There continues to be a disconnect between security concerns and actual strategic action. According to Hospitality Technology’s 2017 Lodging Technology Study improving data and payment security was named a top strategic goal for technology. Despite this, the actions being taken – or not being taken -- by hotels do not align with that stated intent. When we queried hoteliers about what they were doing to ensure payment security, the results were alarming. HT found that only 26% of hotels have breach protection. Equally distressing is that less than half of hoteliers use tokenization (46%), end-to-end encryption (49%) and even fewer have rolled out EMV-ready terminals (44%).
This sluggishness to adopt stronger security policies is one of the reasons that “hackers love hospitality,” as John Bell, founder of security consulting firm Ajontech, LLC says.
More than half of respondents (56%) to the study did admit to regularly testing systems and processes, so hopefully this will spur more hotel companies to take more stringent security measures.
Earlier this year, the operator revealed that 12 of its hotels and restaurants were affected by a credit card breach. IHG says there is no evidence payment card data was accessed after that point, but it cannot confirm the malware was eradicated until two to three months later, when it began its investigation around the breach. The malware siphoned track data, including card numbers, expiration dates, and internal verification codes from the magnetic strips as they were routed through affected hotel servers.
Stories like this may keep security top of mind for hoteliers, but in many cases, fear of being breached has not translated to steps taken to enhance protection. There continues to be a disconnect between security concerns and actual strategic action. According to Hospitality Technology’s 2017 Lodging Technology Study improving data and payment security was named a top strategic goal for technology. Despite this, the actions being taken – or not being taken -- by hotels do not align with that stated intent. When we queried hoteliers about what they were doing to ensure payment security, the results were alarming. HT found that only 26% of hotels have breach protection. Equally distressing is that less than half of hoteliers use tokenization (46%), end-to-end encryption (49%) and even fewer have rolled out EMV-ready terminals (44%).
This sluggishness to adopt stronger security policies is one of the reasons that “hackers love hospitality,” as John Bell, founder of security consulting firm Ajontech, LLC says.
More than half of respondents (56%) to the study did admit to regularly testing systems and processes, so hopefully this will spur more hotel companies to take more stringent security measures.