SlideShare a Scribd company logo
1 of 25
INFORMATION
SECURITY IN HOTELS
Credit Card Information

Vishal Sharma
Information Security Consultant
Tourism is one of the six key locational factors for a
country’s Image which gives an idea about a country’s
culture & economy

Here are some figures relating to nights spend in German
Hotels by resident and non-resident over a period from
2010-2011 and the relative expansion of tourism.
Nights spend in Hotels in Germany 2011 (in
Millions)
total     non-residents          residents
240.8    51.3                    189.5



percentage increase from 2010 in %

total     non-residents          residents

5.40%     6.00%                  5.30%
non-residents
                                                   residents




Nights spend in Germany by resident/non-resident
residents




non-residents




        total




            4.80%        5.00%     5.20%      5.40%     5.60%   5.80%   6.00%


                    % Change in overnight stay after 2010
 But with increasing demand of customers for tourism in
 Germany, the liability of ensuring customer’s security is
 also increasing

Information Assets of a customer

• Personal information (identity, nationality, DOB. etc.)
• Payment
• Purpose of visit
• Duration of stay
• Facilities/services availed by customer
Modes of Payment:

• Cash
• Credit/Debit Cards
• Travellers’ Cheques
• Vouchers
• Company Account
• Money transfer to the desired account
Ways of booking a room in hotel:

• Via mail
• Via hotel’s website
• At arrival
• Via Phone
• Travel agency
• Via company
Check in procedure:
NOTE: According to Verizon Data Breach Investigation Report
(DBIR) in 2010, hospitality industry was most vulnerable target
by hackers following with financial and retail industries
respectively. And the most important fact is that 98% of the
targeted data was payment card information.
Hotels Hacked the most


Hospital Financial   Ret   Food and   Business   Educati   Technolo Manufacturi   Othe
ity      Services    ail   beverage   Services   on        gy       ng            rs




38       19          14.2 13          5          1.4       4        1.4           4
Hospitality
Financial Services
Retail
Food and beverage
Business Services
Education
Technology
Education
Manufacturing
Types of Credit Cards Fraud
Identity Theft




Source: thehackernews.com
Malware
Other means of credit card information breach

• Dummy wi-fi / Hotspot: Wireless internet is one of the
 most basic services offered by many hotels—

However, you might be connecting to hotel’s actual
network, instead, you may have simply clicked on a dummy
Wi-Fi network called “ABC-Free-Wi-Fi”
• Phishing by phone: since the beginning of IP telephone
 systems, the risk of telephone phishing has always been
 higher.
• Since in hospitality industry, people are hardly aware of
    Information Security norms, appliance or governance, so I
    would like to shed a little light on PCI-DSS requirements:

• PCI –DSS Requirements:
• Requirement 1: Install and maintain a firewall configuration to
    protect cardholder data
•   Requirement 2: Do not use vendor-supplied defaults for
    system passwords and other security parameters
•   Requirement 3: Protect stored cardholder data
•   Requirement 4: Encrypt transmission of cardholder data
    across open, public networks
•   Requirement 5: Use and regularly update anti-virus software
    or programs
•   Requirement 6: Develop and maintain secure systems and
    applications
•   Requirement 7: Restrict access to cardholder data by
    business need to know
• Requirement 8: Assign a unique ID to each person with
    computer access
•   Requirement 9: Restrict physical access to cardholder
    data
•   Requirement 10: Track and monitor all access to network
    resources and cardholder data
•   Requirement 11: Regularly test security systems and
    processes.
•   Requirement 12: Maintain a policy that addresses
    information security for all personnel.
• Network Separation: Isolation of network is not an entity
  of PCI-DSS but it should be clearly defined that which
  channel we would use in order to perform various
  operations in hotels. Network segmentation or separation
  can be done in various ways at physical or logical level:
• Configured internal network firewalls
• Routers with strong access control lists
• IAM-Identity Access Management or the technologies that
  restrict access to a particular segment of a network.
• According to PCI-DSS the business needs should be
 defined, policies, and processes should be defined clearly
 in order to store individual’s information. So the minimal
 and only the legitimate information which is highly
 required should be stored and the retention policies
 should be strictly followed.
• Wireless: When wireless technology is used to store, process,
  or transmit cardholder data then we need to consider the
  following in order to have secure transmission over the channel
• Install perimeter firewalls between any wireless networks and
  the cardholder data environment, and configure these firewalls
  to deny or control (if such traffic is necessary for business
  purposes) any traffic from the wireless environment into the
  cardholder data environment.

• For wireless environments connected to the cardholder data
 environment or transmitting cardholder data, change wireless
 vendor defaults, including but not limited to default wireless
 encryption keys, passwords, and SNMP community strings.

• Ensure wireless networks transmitting cardholder data or
 connected to the cardholder data environment, use industry
 best practices (for example, IEEE 802.11i) to implement strong
 encryption for authentication and transmission.
• Third Party Outsourcing: According to the business
 processes defined involved parties needs to involved
 certain measures

• They can undergo a PCI DSS assessment on their own
 and provide evidence to their customers to demonstrate
 their compliance; or If they do not undergo their own PCI
 DSS assessment, they will need to have their services
 reviewed during the course of each of their customers’ PCI
 DSS assessments
THANKS
Information security is a ongoing process

More Related Content

What's hot

protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach AnalysisTal Be'ery
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce  Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentationleodegras
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentationleodegras
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom fieldMichalis Mavis, MSc, MSc
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.pptshaks9151
 

What's hot (20)

E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
 
E commerce
E commerceE commerce
E commerce
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Electronic Security
Electronic SecurityElectronic Security
Electronic Security
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce  Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentation
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentation
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci compliance
 
001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt
 

Viewers also liked

Viewers also liked (20)

Acompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVAAcompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVA
 
Janiya skateboarding
Janiya skateboardingJaniya skateboarding
Janiya skateboarding
 
claudiacelta presentacion rodilla
claudiacelta presentacion rodillaclaudiacelta presentacion rodilla
claudiacelta presentacion rodilla
 
Rvc developmental math model packet 2013
Rvc developmental math model packet 2013Rvc developmental math model packet 2013
Rvc developmental math model packet 2013
 
Présentation1
Présentation1Présentation1
Présentation1
 
Letter of Recommendation from Ms. Vee
Letter of Recommendation from Ms. VeeLetter of Recommendation from Ms. Vee
Letter of Recommendation from Ms. Vee
 
Sample Promotion Photo Slideshow
Sample Promotion Photo SlideshowSample Promotion Photo Slideshow
Sample Promotion Photo Slideshow
 
Congreso9 y10mayo
Congreso9 y10mayoCongreso9 y10mayo
Congreso9 y10mayo
 
Desafio inglês 1 vídeo 3
Desafio inglês 1   vídeo 3Desafio inglês 1   vídeo 3
Desafio inglês 1 vídeo 3
 
Hungry Ghost Festival
Hungry Ghost FestivalHungry Ghost Festival
Hungry Ghost Festival
 
Industrializacion
IndustrializacionIndustrializacion
Industrializacion
 
tipos tis katoxis
tipos tis katoxistipos tis katoxis
tipos tis katoxis
 
Redes sociales
Redes socialesRedes sociales
Redes sociales
 
Presentación economia
Presentación economiaPresentación economia
Presentación economia
 
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp0128443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
 
Genre theory
Genre theoryGenre theory
Genre theory
 
5 занятие
5 занятие5 занятие
5 занятие
 
Yoleni's at Open Coffee Athens LXXVIII
Yoleni's at Open Coffee Athens LXXVIIIYoleni's at Open Coffee Athens LXXVIII
Yoleni's at Open Coffee Athens LXXVIII
 
Startup Career Launchpad 2013 programme
Startup Career Launchpad 2013 programmeStartup Career Launchpad 2013 programme
Startup Career Launchpad 2013 programme
 
Eteres
EteresEteres
Eteres
 

Similar to Secure Guest Data in Hotels

Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitalityVishal Sharma
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
Protect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security BreachesProtect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security BreachesVerifone
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Donald Malloy
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open SourceDonald Malloy
 
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...HarshitaMadhale
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminardlinehan2
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 

Similar to Secure Guest Data in Hotels (20)

Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitality
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
Protect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security BreachesProtect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security Breaches
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low Cost
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open Source
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Role of IT in Hospitality
Role of IT in HospitalityRole of IT in Hospitality
Role of IT in Hospitality
 
Cybersecurity Slides
Cybersecurity  SlidesCybersecurity  Slides
Cybersecurity Slides
 
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White Paper
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
 
Security and governance
Security and governanceSecurity and governance
Security and governance
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Secure Guest Data in Hotels

  • 1. INFORMATION SECURITY IN HOTELS Credit Card Information Vishal Sharma Information Security Consultant
  • 2. Tourism is one of the six key locational factors for a country’s Image which gives an idea about a country’s culture & economy Here are some figures relating to nights spend in German Hotels by resident and non-resident over a period from 2010-2011 and the relative expansion of tourism.
  • 3. Nights spend in Hotels in Germany 2011 (in Millions) total non-residents residents 240.8 51.3 189.5 percentage increase from 2010 in % total non-residents residents 5.40% 6.00% 5.30%
  • 4. non-residents residents Nights spend in Germany by resident/non-resident
  • 5. residents non-residents total 4.80% 5.00% 5.20% 5.40% 5.60% 5.80% 6.00% % Change in overnight stay after 2010
  • 6.  But with increasing demand of customers for tourism in Germany, the liability of ensuring customer’s security is also increasing Information Assets of a customer • Personal information (identity, nationality, DOB. etc.) • Payment • Purpose of visit • Duration of stay • Facilities/services availed by customer
  • 7. Modes of Payment: • Cash • Credit/Debit Cards • Travellers’ Cheques • Vouchers • Company Account • Money transfer to the desired account
  • 8. Ways of booking a room in hotel: • Via mail • Via hotel’s website • At arrival • Via Phone • Travel agency • Via company
  • 10. NOTE: According to Verizon Data Breach Investigation Report (DBIR) in 2010, hospitality industry was most vulnerable target by hackers following with financial and retail industries respectively. And the most important fact is that 98% of the targeted data was payment card information.
  • 11. Hotels Hacked the most Hospital Financial Ret Food and Business Educati Technolo Manufacturi Othe ity Services ail beverage Services on gy ng rs 38 19 14.2 13 5 1.4 4 1.4 4
  • 12. Hospitality Financial Services Retail Food and beverage Business Services Education Technology Education Manufacturing
  • 13. Types of Credit Cards Fraud
  • 14.
  • 17. Other means of credit card information breach • Dummy wi-fi / Hotspot: Wireless internet is one of the most basic services offered by many hotels— However, you might be connecting to hotel’s actual network, instead, you may have simply clicked on a dummy Wi-Fi network called “ABC-Free-Wi-Fi”
  • 18. • Phishing by phone: since the beginning of IP telephone systems, the risk of telephone phishing has always been higher.
  • 19. • Since in hospitality industry, people are hardly aware of Information Security norms, appliance or governance, so I would like to shed a little light on PCI-DSS requirements: • PCI –DSS Requirements: • Requirement 1: Install and maintain a firewall configuration to protect cardholder data • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters • Requirement 3: Protect stored cardholder data • Requirement 4: Encrypt transmission of cardholder data across open, public networks • Requirement 5: Use and regularly update anti-virus software or programs • Requirement 6: Develop and maintain secure systems and applications • Requirement 7: Restrict access to cardholder data by business need to know
  • 20. • Requirement 8: Assign a unique ID to each person with computer access • Requirement 9: Restrict physical access to cardholder data • Requirement 10: Track and monitor all access to network resources and cardholder data • Requirement 11: Regularly test security systems and processes. • Requirement 12: Maintain a policy that addresses information security for all personnel.
  • 21. • Network Separation: Isolation of network is not an entity of PCI-DSS but it should be clearly defined that which channel we would use in order to perform various operations in hotels. Network segmentation or separation can be done in various ways at physical or logical level: • Configured internal network firewalls • Routers with strong access control lists • IAM-Identity Access Management or the technologies that restrict access to a particular segment of a network.
  • 22. • According to PCI-DSS the business needs should be defined, policies, and processes should be defined clearly in order to store individual’s information. So the minimal and only the legitimate information which is highly required should be stored and the retention policies should be strictly followed.
  • 23. • Wireless: When wireless technology is used to store, process, or transmit cardholder data then we need to consider the following in order to have secure transmission over the channel • Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. • For wireless environments connected to the cardholder data environment or transmitting cardholder data, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. • Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission.
  • 24. • Third Party Outsourcing: According to the business processes defined involved parties needs to involved certain measures • They can undergo a PCI DSS assessment on their own and provide evidence to their customers to demonstrate their compliance; or If they do not undergo their own PCI DSS assessment, they will need to have their services reviewed during the course of each of their customers’ PCI DSS assessments
  • 25. THANKS Information security is a ongoing process