After recently learning of a security breach within its system, Wyndham Hotels & Resorts issued an open letter to customers regarding the incident. The hotel brand disclosed that potentially exposed information includes guest and/or cardholder names and card numbers, expiration dates and other data from the card’s magnetic stripe.
Research from the American Hotel & Lodging Association’s PCI Primer1 reveals that upwards of 55% of credit card fraud comes from the hospitality industry. As breaches like this one at Wyndham continue to occur, it has become clear that the industry is lacking in both network security and compliance with the PCI DSS.
Wyndham has assured guests that the hack was immediately terminated and disabled and changes are already being implemented to strengthen and improve security. Unfortunately, if the hotel brand had implemented these measures in a proactive manner, they most likely would not be in this situation. Protecting your business before a breach is much more cost effective and can minimize the chances of a hacker infiltrating internal network connections as one did in this case.
The open letter released by Wyndham further outlines the incident and provides resources to guests looking for more information.
No brand wants to deal with the consequences of a breach; therefore, it is vital that you take a proactive approach to network security and PCI compliance. We encourage you to contact us for a free PCI consultation.
For small operators without a dedicated IT department, implementing wireless Internet can be somewhat of a challenge. However, offering free Wi-Fi to customers has several advantages that are often overlooked. QSR chain and SecureConnect® customer, Culver’s, has offered free Wi-Fi for some time but added the SecureConnect® Wi-Fi Hotspot solution last year to provide adult-content filtering and other network security features. Free wireless is often another extension of the brand experience, so keeping it safe and secure is essential.
A recent article by QSR Web, Free WiFi: Is it right for your QSR?, discusses McDonald’s decision to offer free wireless service to customers and considers if a majority of the industry will follow suit. Highlighting many advantages, the article also cautions operators on trying to implement the wireless offering without an experienced service provider.
The article emphasizes some questions that should be asked of a solution:
Is the connection reliable?
Are customers protected from downloading malicious content?
Can the solution deprioritize streaming multimedia so one customer doesn’t suck up the bandwidth?
Is the network secure and PCI compliant?
With a secure wireless connection, operators can provide customers with an experience that will drive revenue and increase return visits. At Culver’s customers are using Wi-Fi to set up meetings, or families are stopping in during road trips to check their email. With each log-in, the operator has the chance to connect the customer to its brand through an initial terms and conditions page that can also be utilized as a promotional tool. Operators can promote a variety of things including their menu, social media, etc. This marketing tool is another significant benefit to offering free wireless in stores.
With McDonald’s on the Wi-Fi train, it is inevitable that other chains will take notice of the advantages. If you are considering implementing wireless service in your restaurant, contact SecureConnect® to learn about our Wi-Fi Hotspot which offers a secure, PCI compliant connection at an affordable price.
Although consumer confidence remains difficult to measure, common sense tells us that loyalty stays with companies that can provide the most secure, reliable transactions. Small merchants (known as Level 4), that process a lower amount of transactions per year, are actually at the highest risk for security breaches.
The American Hotel and Lodging Association has found that these Level 4 merchants account for more than 85% of compromises.
A study conducted by the University of Delaware has sought to understand the impact of credit card breaches on service quality, guest satisfaction, future revisit intention and the likelihood of recommending a brand to others. More details on the study can be found in the Hospitality Technology article, A ‘Breach’ in Customer Loyalty by Cihan Cobanoglu.
The most significant results of the study, though expected, clearly outline the positive impact of keeping customer credit card data safe through proper security measures. Because consumer trust is so fragile, it is vital that businesses apply common sense practices and comply with the PCI DSS. As Cobanoglu says, “A company can spend years building confidence and trust, but one single event can destroy or damage it significantly.”
The moral of the story is, don’t keep your PCI compliance efforts to yourself! By communicating it to customers, your business will be further positioned as a company of trust and may give you a needed advantage over competitors.
The rise of computers and the Internet have spawned numerous security threats that threaten to disrupt day to day operations. However, with careful planning and monitoring, most security threats can be neutralized before they spiral into bigger concerns. One tool to help in the fight against network security threats is file integrity monitoring.
As the name implies, file integrity monitoring is a critical process that checks to make sure that the files on your network have not changed unless they were modified on purpose. This is beneficial to a business trying to stay PCI compliant because it’s a core component of the PCI compliance guidelines.
What file integrity monitoring tools do is scan every file on a computer system and watch for changes to the individual attributes of a file. Common attributes that are changed as a result of outside system threats are the size of the file, the name of the file, as well as the date the file was modified. By catching these signs early, such threats can be neutralized quickly before they are allowed to affect the operation of the computer network.
Overall, file integrity monitoring tools are vital to monitoring the health of a computer system tied to the credit card processing and overall technical operation of your company. If you’re not sure what set of file integrity monitoring tools you need to protect your business and achieve PCI compliance, don’t hesitate to contact us today for more specific information.
There’s a lot of confusion over numerous aspects of PCI compliance, but one issue that seems to have plenty of discussion is the Self -Assessment Questionnaire (SAQ) process. Some business owners are concerned about whether or not the SAQ actually applies to them, as well as whether they actually need to file the SAQ in the first place. Here’s what you need to know about the process.
First, the SAQ is designed to help you avoid the need for a full PCI compliance audit by a Qualified Security Advisor (QSA), which is a much more expensive process. The point to remember about PCI compliance is that it’s actually based on different levels. Those levels are actually based on the number of transactions that your business does in a calendar year. If you have a low number of transactions, then you qualify to fill out the SAQ rather than having to go through a full audit. This is a major bonus for small businesses that are just getting started.
Next, filling out the paperwork for the SAQ can often be done online and turned into your credit card payment approval authority with minimal hassles, along with any other requested documentation.
Overall, the SAQ is a very straightforward concept within the realm of PCI compliance. Of course, if you have any questions, feel free to contact us today to get them answered!