Monday, September 29, 2008

Credit Card Compliance

Smith, M. (2008). Top three data breach vulnerabilities and how to avoid them. Hospitality Upgrade, Summer 2008, 38 – 40. Retrieved from
http://www.hospitalityupgrade.com/_magazine/magazine_Detail.asp?ID=301

While hospitality industry professionals thinking about new advanced technologies implementation in the field there are other “professionals” trying to crack these technologies in order to get personal profit from it. Credit card holders’ information is one of the main objectives for hackers. The results of payment vulnerabilities study conducted by Visa Corporation are presented by Michael Smith in the article “Top 3 Data Breach Vulnerabilities And How to Avoid Them”. The author describes the top three survey results, among them:
1. Storage of track data. In many cases it can occur unwillingly and unknowingly for the company but stealing this information may allow hackers to make indistinguishable card duplicating;
2. Structured Query Language (SQL) injection attacks. Cardholders’ personal information in hospitality merchant databases may be threatened because of these attacks;
3. Packet sniffers mainly related to intercepting data that is transmitted over the computer networks.
Also, the author provides special strategies for all three problems that could be used to reduce the risk of information vulnerabilities. The author highlights that these methods implementation and Payment Card Industry Data Security Standard (PCI DSS) compliance will help hospitality industry companies to protect their customers’ personal information and provide security for credit card payments.

The utmost importance of this topic for the whole hospitality industry is obvious. Nowadays most companies are concerned about implementation of modern progressive technologies in the business. At the same time one of the crucial things is to provide its security. According to recent tendencies credit card payment option becomes more and more popular while cash using decreases. It is very important to notice that in terms of travel industry globalization and fast growth of international tourism on-line reservation becomes the most convenient and sometimes the only way to book a hotel room. And of course, if the number of on-line reservations and payments increases the number of credit card information vulnerability attempts will also go up. The statistical data provided in the article that in 2007 about 50% of known compromises occurred in restaurant segment once again confirm the significance of PCI DSS compliance for hospitality industry. The main advantage of the article is that the author not only describes the problems associated with data breach vulnerabilities, but also provides the possible risk mitigation strategies. Above this, the link to the Visa corporate web site is given in the article, so everyone who is interested in the topic can find extended relevant information. Probably, this article will encourage more industry professionals to pay attention for credit card payment security issues as not all hospitality companies are fully compliant with PCI DSS nowadays.
Posted by at

3 comments:

Parisa Salkhordeh said...

These days I am just thinking about information security in hotels and restaurants. As you mentioned almost everybody use credit cards for the services and the cash is used rarely. Not only the guests should pay attention to the security, but also the hotels have to do their best to increase security in their networks. One of the most important information is guest credit cards information. I am really interested in PCI DSS and I will read more about it. I think the hospitality industry has to establish a serious standard for information security & the hotels have to upgrade their networks system and security frequently.

October 5, 2008 at 8:33 PM
Steve Blasik Hospitality Blog said...

As hospitality technology advances daily, personal information may be unveiled if there is a lack of implemented security. The travel industry is growing internationally, and as Ekatrina mentioned, credit card payment options are becoming more and more popular. During the summer I was in parts of Europe, where mainly I used a debit card to pay off larger acquisitions (such as hotel stay, food, etc). It is not comforting to know that information vulnerability can be an issue, if proper security is not implemented into their system, especially when in foreign regions.
However, it is reassuring to know that Payment Card Industry Data Security Standard (PCI DSS) is an implementation that provides security for credit card payments. Hopefully, this powerful payment account data security system will drastically limit credit card security vulnerabilities and threats.

October 6, 2008 at 8:04 PM
kutay said...

In addition to my friends, here is some useful information. In the U.S., about 75 percent of households have at least one credit card (creditcard.com). Javelin Survey and Research Company released the findings of the 2007 Identity Fraud Survey, which found that 8.4 million people in the U.S. fell victim to identity theft. The monetary loss was $49.3 billion or an average of $5,720 per victim. Additionally, it took an average of 25 hours to resolve the issue for each victim.0

October 7, 2008 at 7:01 AM

Post a Comment

Subscribe to: Post Comments (Atom)