Tag Archives: Information

Hospitality Industry Information Security: The Key To Cyber-Security Is Adopting Encryption AND Tokenization, But Payment Processors Must Adopt Standards First

“Encryption is a process that jumbles personal data into unreadable letters and numbers every time a credit card is swiped….

…Any info about that credit card going forward … none of the credit card information is stored, it’s the token that is stored.”

“Encryption fundamentally is a math algorithm, but it’s a very complicated math algorithm,” Roman said during a recent telephone interview. The information can only be deciphered with a key.

“When an encrypted signal is sent to the intended party, the intended party’s encryption has a key to decrypt and read the message and display it on the screen in readable alpha numerics,” Roman said. “It’s built into the receiving end of each encryption software.”

Encryption jumbles information as it’s transmitted from one system to the other, but it doesn’t necessarily account for data that’s being stored. That’s where tokenization comes in, said Chainrai Waney, an IT consultant who’s worked in data center operations for more than 25 years.

When that card is swiped there’s some sort of a front-end application that generates a token (a line of random numbers) that has nothing to do with that credit card number,” he said. “Any info about that credit card going forward … none of the credit card information is stored, it’s the token that is stored.”
 
A token is a globally unique identifier, generated randomly, and it only has meaning to the sender who provides it and to the processing center that’s purchased it, Roman said.

Noble has yet to adopt tokenization, Garrido said. The company is waiting for payment processors to make the next move.

“They’ve talked about being able to take the data out of the property,” he said. In other words, the processing companies would store the data and send a token back to vendors. No definitive solution has yet been approved, however.   ‘

For more:  http://www.hospitalitynet.org/external/4048209.html

Comments Off on Hospitality Industry Information Security: The Key To Cyber-Security Is Adopting Encryption AND Tokenization, But Payment Processors Must Adopt Standards First

Filed under Crime, Insurance, Liability, Risk Management, Theft, Training

Hotel Information And Data Security Risks: Costs To Hotels Can Be High If Guests Personal Information And Credit Card Data Are Stolen

“…class-action claims will be brought against hotels. These are particularly problematic because while the actual damages may be low, the cost of settling is very high…”

…basis for a claim can be negligence—hotel guests can argue that even when a hotel did not overstep its promises, it is liable to a guest for negligence by not taking adequate steps to protect information. That is going to be even more important as state and federal governments pass laws and adopt regulations that require companies to take affirmative steps to safeguard personal information; these laws and regulations will form a road map for potential plaintiffs.

as we see larger and larger breaches (such as the recently announced Wyndham breach), it’s likely that class-action claims will be brought against hotels. These are particularly problematic because while the actual damages may be low, the cost of settling is very high. Second, governmental agencies—particularly states’ attorneys general and the Federal Trade Commission—are increasingly active in monitoring and investigating breaches. Even where no damages are incurred, responding to investigations is a costly, time-consuming process. I am currently working on a response to an informal FTC investigation that recently topped 1,000 pages—and we’re about half way through.

For more:   http://www.hotelnewsnow.com/Articles.aspx?ArticleId=3364&ArticleType=35&PageType=News

Comments Off on Hotel Information And Data Security Risks: Costs To Hotels Can Be High If Guests Personal Information And Credit Card Data Are Stolen

Filed under Crime, Insurance, Liability, Theft