When a guest makes the decision to stay at a hotel, there is a high level of trust involved. At a core level, customers trust that the bed they will be sleeping in and the bathroom they will be using are clean. They also trust that their loved ones and their belongings are safe inside the room. If they have any reason to doubt these fundamental requirements—they are most likely staying elsewhere.
Value of personal data
There is a second level of trust as well. Hotels gather a tremendous amount of personal information about their guests. They, of course, have credit card information, but they also have quite a bit of personal information. Much of it is given knowingly to facilitate the stay, or to leverage a loyalty program. A hotel may know where the guest works, their home address, the name of their spouse, how many kids they have, what kind of car they drive, along with that car’s license plate, and even what allergies someone might have.
In their effort to provide better, more personalized service, there is also an abundance of information that a hotel can collect of which the customer is probably not aware. Things like, what TV channels they watch, what websites they visit, when they visit the fitness center, perhaps even how they like their coffee— all bits of data that are easy to collect, and passive to the guest.
If a customer has a reason to lose trust in how a hotel is stewarding all of that information, then it also makes it difficult to have trust in the core elements that determine what hotel they plan to stay at. Today, the value of personal information, as sold on the dark web, exceeds the value of credit card data. Why? Because a credit card number is only going to be useful for a short period of time. If a criminal gets a card number, the cardholder, or their bank will detect the fraudulent transactions and shut it down within a few uses. Personal information, however, is going to be attached to an individual forever.
It should be no surprise that hotels are a prime target for cyber criminals who try to gather and sell information to the highest bidder. In other words, there are malicious third parties who are deliberately taking action to violate a guest’s trust.
This doesn’t mean credit card data is no longer a security priority. It’s still vitally important to secure it. A hotel environment has several challenges for protecting card data. Primary among them, is the need to keep a card on file for later charges. Storing credit card data should always be avoided. It is imperative that hotels use a card processor that provides a tokenization service. With tokenization, when the hotel sends credit card data to be authorized, they not only send back the approval, but also a token that can be used for future charges. Even if the token is compromised, it is only useful for transactions between that customer and that hotel, so it is safe to be stored.
Of course, for tokenization to function, the internet connection to the processor must be up at the time the card is run. Many payment systems have a store-and-forward function, to allow a card to be taken—even if the internet is down and processes the card later when the internet comes back online. This is still storing credit card information and is a feature that should be turned off.
The use of a payment system that is end-to-end encrypted also helps secure the transaction. With that model, the actual card number is never present within the hospitality or POS system, and the only data that moves across the network is encrypted. Encryption, however, requires a live connection between both ends so they can negotiate the derived encryption key.
Because of tokenization and encryption, it is imperative that the hotel’s internet connection remains up at all times. If the internet is down, no payments can be processed. Therefore, it is important to have a dual-WAN, or SD-WAN broadband service in order to maximize the reliability of the payment systems.
At most hotels, the hospitality management system acts as a central hub for payments. The point-of-sale systems for restaurants, convenience stores, spas, or other services, all need to have communication paths back to the hospitality system where protected information is stored. This presents a number of weak points where a cybercriminal can find their way into the hotel’s repository of information.
There are two security controls to keep information protected:
- First, design the network with firm segmentation, and specific pinholes between network devices to facilitate the flow of data.
- Second, there must be stateful inspection of the traffic between segments to identify anything that might by trying to collect data, and/or send data outbound. Nearly every hotel chain has a loyalty system, and that information is usually stored at a central data center, or in the cloud. To prevent that data from being intercepted while in-flight, it is strongly recommended to use encrypted connectivity between sites. These can be in the form of SD-WAN, an MPLS Network, or direct site-to-site Virtual Private Network connections.
Secure guest WiFi
Another major weak point at hotels is the guest WiFi network. Many hotels have a separate internet connection for guest WiFi, so that it has no connection at all to the hotel’s internal network. This approach is slightly costlier, but by far the most secure. Even with segmentation, it is possible to exploit the number of vulnerabilities in the chipsets of the many different WiFi devices that gain access to a WiFi network configured to be secure. This requires a physical presence on-site, but who is going to question someone using WiFi at a hotel?
The hospitality industry is exceptionally dependent on trust, and nothing breaks trust faster than showing up in the news as the latest breach. Hotels must view network security as an investment in future business, and not as an added expense.