With significant financial transactions and extensive databases of personal, sensitive data, hotels and hospitality venues are a treasure trove for valuable customer information. Consequentially, it comes as no surprise that hospitality has been found to be one of the top industries most susceptible to credit card breaches.
Trustwave SpiderLabs' study of global data breaches revealed that hospitality industries are particularly vulnerable to attack. In 218 investigations spanning 24 countries, 38% were in hotels – and almost all involved stolen credit card information.
While it’s vital that hotels and hospitality venues take the necessary cybersecurity practices to ensure data remains secure and protected from malicious attacks or unauthorised access, it’s not always easy to understand where to start or how to keep up to date with the latest types of attacks, with cybersecurity threats becoming increasingly sophisticated.
Keep reading to find out how hotels can implement cybersecurity practices to help protect against malicious attacks and access to sensitive customer information.
The Ponemon Institute's study on data breaches in the hotel industry found that the average time it takes for a hotel to detect a breach is 200 days. This means that, on average, a hotel may not know it has suffered a breach for nearly seven months. This prolonged detection time can significantly damage a hotel's reputation and financial losses.
The same study found that the average time to contain a breach in the hotel industry is 70 days. This means that, on average, it takes a hotel 70 days from the time it detects a breach to stop it from spreading. This is an important metric, as the longer a breach persists, the more damage it can do to the hotel and its customers.
The study highlights the importance of having strong cybersecurity practices in place and regular security audits to help detect and respond to data breaches as quickly as possible. This can help minimise the impact of a breach and protect both the hotel and its customers.
Security breaches at point-of-sale systems continue to increase dramatically, with 91% of security compromises being attributed mostly to Card Not Present (CNP) fraud. To protect against CNP crime, hotels can stick to a few consistent practices, including:
Fraudsters may contact hotels wanting immediate verification and confirmation of accommodation. It’s important for hoteliers to take time and adequately verify identification, including credit card, passport, and other relevant documentation.
Large, first-time transactions can sometimes be a sign of fraudulent activity. If hoteliers have suspicions about a transaction, it is encouraged to make contact to verify legitimacy and confirm identification.
When a guest’s billing and shipping addresses don’t match, it can be a red flag that something is awry. This warning holds especially true in the travel industry where contactless transactions are on the rise.
|
Make sure your chosen systems (such as your venue management software) comply with security standards set by the PCI Security Standards Council.
|
|
|
|
By implementing these cybersecurity practices, your venue can ensure it’s doing everything it can to protect against online threats.
These efforts not only protect customers' data but also provide a sense of safety and security that will make any hotel or hospitality venue an attractive option in the eyes of potential visitors.