A Solution to Help Curb Data Breaches

CHICAGO—When it comes to hospitality, you can never be too careful. Data breaches at hotels are widespread and hackers are not just hitting up the smaller or less-prepared hotels for credit card information and personal data—they’re going after major brands, too.

IHG, Hyatt Hotels Corporation, Trump Hotel Collection, Mandarin Oriental and White Lodging are among the hotel companies affected by breaches over the years. Data security is being disrupted on the property level and it seems no brand or operator is immune. However, there is something you can do about it: Don’t leave everything open to the enemy.

“One of the major hotel chains with over 500 properties in more than 50 countries came to us and said the VP of IT, who travels to all of the hotels, noticed that the agents weren’t logging out of the screens and it was a huge issue,” said Peggy Clark, VP of sales, MIS Computer, provider of HeadsUp FD. “Another issue for the hotel was agents piggybacking on each other with logins. Leaving guest information on the screen—not just credit card information, but the length of stay, home address—is dangerous and leaving it up on the screen is a PCI compliance issue.”

MIS Computer was tasked with delivering a solution that would solve the security and compliance issues. HeadsUp FD is a proximity badge-enabled software solution to streamline user access to front desk workstations and help organizations meet PCI and other privacy regulations.

“We worked with a partner for two years to pare down a product used for HIPAA compliance in hospitals and make it available for hospitality use. It works for each workstation including the front desk, concierge, spa and even the bell stand,” said Clark. “Anywhere there is guest information on a screen. Bell stands are vulnerable because the staff are moving around to get luggage.”

Here’s how it works: There’s a RFID reader that sits next to the workstation. At the start of a shift, the staff member manually logs in to access the PMS system. The remainder of the day, the user can “tap in or out” with the use of a wearable RFID badge, which serves as a quick and complete log in and log out.

“It speeds up the login and takes about one to two seconds,” she said. “They get the customer checked in, tap on reader and they’re logged out. It’s so easy. Another feature is the ability to tap over each other as well. If the staff member is on a computer working and the manager needs access, the manager can tap over the staff member and it will suspend the session securely. Once the manager taps out, the staff member’s screen is right where they left off.”

The software has been around for five years and has a big following, with brands like Viceroy, Radisson, Hyatt and Sandals implementing the HeadsUp FD software at their properties, noted Clark.

“It’s a really low-cost solution to protect something that could be a very expensive issue. It’s a one-time purchase, a cost per license, and doesn’t require any additional hardware other than readers and badges. You don’t have to renew. There’s a $500 annual fee for maintenance and updates. It can put it on an existing server,” she said. “PCI compliance is key to preventing data breaches and our clients have found HeadsUP FD is an integral piece of an overall effective security policy. For that price, it’s a great value.”