According to a recent survey by
Gemalto, 66% of adults would no
longer frequent a business that
experienced a data security breach.
The NetDiligence Cyber Claims
Study cited that the cost of POS
investigations averaged $735,000,
and the Ponemon Institute’s 2017
Cost of Data Breach Study claims
the average cost per stolen record
reached $225.
Since the POS/PMS has been
identified as the highest risk within
a hotel it’s important to understand
what steps to take to help reduce the
likelihood of data being stolen if a
breach does occur. Fortunately, there
are several things that hotels can
implement today to help reduce the
risk of payment card data getting into
the hands of thieves:
• PCI Validated Point-to-Point
Encryption (P2PE) – Invest in
a P2PE solution which encrypts
payment card data at every point in
the transaction. Even if a malware
infection exists, P2PE protects
the integrity of the underlying
payment card data, making the
encrypted data unreadable except
for those authorized users with
the decryption keys. A PCI
validated solution means that the
PCI Security Standards Council
has validated that the solution is
working as it is intended, offering
additional security confidence.
• Tokenization – Use tokens to turn
payment card data into a random
string of numbers and letters at
the point of entry. Tokens have no
value to hackers, thereby greatly
reducing the risks inherent with
holding customer payment card
data for subsequent authorizations
or transactions.
• PCI DSS compliance – This is
required of all businesses who
accept payment cards. The intent
is to create standards for security
policies, technologies and ongoing
best practices that protect
payment systems from breaches
and theft of cardholder data. It’s
important to continually monitor
requirements and processes to
ensure adequate protection against
attacks.
• EMV – Enable EMV acceptance,
which allows a POS/PMS terminal
to validate a real payment card
from a counterfeit one. EMV
cards store the encrypted payment
card data on the chip rather
than the magnetic stripe, which
makes duplicating a card nearly
impossible.
• 2-factor authentication –
implement an extra layer of
security into how staff can access
internal systems. It typically
includes a password in addition
to a question that only that user
would know. The purpose is to
decrease the likelihood that thieves
can access the system with only a
stolen username and password.
• Basic anti-virus protection -
Install and use a software suite
that’s designed to prevent, detect
and remove malware infections.
Most programs provide real-time
detection, so the hotel can be
alerted to anything suspicious as it
occurs.
• Apply an external IP address filter
to the POS server – Remove
visibility of the POS/PMS
server from the general web by
implementing a filter so that only
known applications can reach the
POS controller. The filter identifies
and blocks potential breaches while
permitting the flow of legitimate
traffic.
Taking the appropriate steps
today can help limit the risks
of a data breach occurring at a
hotel property. There is no way to
completely eliminate the risk but
starting with the steps above can
help protect your guests’ payment
card data from getting into the
hands of a hacker.
For more information about Elavon’s
payment solutions please contact
Timothy Bourke at timothy.bourke@
elavon.com or 954.732.3863
SOURCES:
Verizon: 2018 Data Breach Investigations Report
NetDiligence Cyber Claims Study
Gemalto, Customer Loyalty Study, 2016
2017 Cost of Data Breach Study by the Ponemon Institute
PCI: How to Secure with the PCI Data Security Standard
26 ILHA