SlideShare ist ein Scribd-Unternehmen logo

Secure Guest Data in Hotels

Vishal Sharma
Vishal Sharma

1) Tourism is an important part of Germany's economy and culture, with over 240 million nights spent in German hotels in 2011, a 5.4% increase from 2010. 2) Hotels hold significant customer information such as payment details, personal information, travel plans, which makes them a prime target for hackers seeking financial data. 3) To protect customer information, hotels must comply with PCI security standards which require practices like firewalls, encryption, access control, and regular security testing. Proper network segmentation and access restrictions are also important to reduce risk of credit card fraud and data breaches.

TechnologieBusiness
1 von 25
INFORMATION SECURITY IN HOTELS Credit Card Information Vishal Sharma Information Security Consultant
Tourism is one of the six key locational factors for a country’s Image which gives an idea about a country’s culture & economy Here are some figures relating to nights spend in German Hotels by resident and non-resident over a period from 2010-2011 and the relative expansion of tourism.
Nights spend in Hotels in Germany 2011 (in Millions) total non-residents residents 240.8 51.3 189.5 percentage increase from 2010 in % total non-residents residents 5.40% 6.00% 5.30%
non-residents residents Nights spend in Germany by resident/non-resident
residents non-residents total 4.80% 5.00% 5.20% 5.40% 5.60% 5.80% 6.00% % Change in overnight stay after 2010
 But with increasing demand of customers for tourism in Germany, the liability of ensuring customer’s security is also increasing Information Assets of a customer • Personal information (identity, nationality, DOB. etc.) • Payment • Purpose of visit • Duration of stay • Facilities/services availed by customer
Modes of Payment: • Cash • Credit/Debit Cards • Travellers’ Cheques • Vouchers • Company Account • Money transfer to the desired account
Ways of booking a room in hotel: • Via mail • Via hotel’s website • At arrival • Via Phone • Travel agency • Via company
Check in procedure:
NOTE: According to Verizon Data Breach Investigation Report (DBIR) in 2010, hospitality industry was most vulnerable target by hackers following with financial and retail industries respectively. And the most important fact is that 98% of the targeted data was payment card information.
Hotels Hacked the most Hospital Financial Ret Food and Business Educati Technolo Manufacturi Othe ity Services ail beverage Services on gy ng rs 38 19 14.2 13 5 1.4 4 1.4 4
Hospitality Financial Services Retail Food and beverage Business Services Education Technology Education Manufacturing
Types of Credit Cards Fraud
Identity Theft Source: thehackernews.com
Malware
Other means of credit card information breach • Dummy wi-fi / Hotspot: Wireless internet is one of the most basic services offered by many hotels— However, you might be connecting to hotel’s actual network, instead, you may have simply clicked on a dummy Wi-Fi network called “ABC-Free-Wi-Fi”
• Phishing by phone: since the beginning of IP telephone systems, the risk of telephone phishing has always been higher.
• Since in hospitality industry, people are hardly aware of Information Security norms, appliance or governance, so I would like to shed a little light on PCI-DSS requirements: • PCI –DSS Requirements: • Requirement 1: Install and maintain a firewall configuration to protect cardholder data • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters • Requirement 3: Protect stored cardholder data • Requirement 4: Encrypt transmission of cardholder data across open, public networks • Requirement 5: Use and regularly update anti-virus software or programs • Requirement 6: Develop and maintain secure systems and applications • Requirement 7: Restrict access to cardholder data by business need to know
• Requirement 8: Assign a unique ID to each person with computer access • Requirement 9: Restrict physical access to cardholder data • Requirement 10: Track and monitor all access to network resources and cardholder data • Requirement 11: Regularly test security systems and processes. • Requirement 12: Maintain a policy that addresses information security for all personnel.
• Network Separation: Isolation of network is not an entity of PCI-DSS but it should be clearly defined that which channel we would use in order to perform various operations in hotels. Network segmentation or separation can be done in various ways at physical or logical level: • Configured internal network firewalls • Routers with strong access control lists • IAM-Identity Access Management or the technologies that restrict access to a particular segment of a network.
• According to PCI-DSS the business needs should be defined, policies, and processes should be defined clearly in order to store individual’s information. So the minimal and only the legitimate information which is highly required should be stored and the retention policies should be strictly followed.
• Wireless: When wireless technology is used to store, process, or transmit cardholder data then we need to consider the following in order to have secure transmission over the channel • Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. • For wireless environments connected to the cardholder data environment or transmitting cardholder data, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. • Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission.
• Third Party Outsourcing: According to the business processes defined involved parties needs to involved certain measures • They can undergo a PCI DSS assessment on their own and provide evidence to their customers to demonstrate their compliance; or If they do not undergo their own PCI DSS assessment, they will need to have their services reviewed during the course of each of their customers’ PCI DSS assessments
THANKS Information security is a ongoing process

Empfohlen

New generation of Internet Cyber Security
New generation of Internet Cyber SecurityNew generation of Internet Cyber Security
New generation of Internet Cyber SecurityChristian Sauer
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachTeri Radichel
 
E business security
E business securityE business security
E business securitySameer Sharma
 
Cyber security
Cyber securityCyber security
Cyber securityPerfect Training Center
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 

Empfohlen

New generation of Internet Cyber Security
New generation of Internet Cyber SecurityNew generation of Internet Cyber Security
New generation of Internet Cyber SecurityChristian Sauer
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachTeri Radichel
 
E business security
E business securityE business security
E business securitySameer Sharma
 
Cyber security
Cyber securityCyber security
Cyber securityPerfect Training Center
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce SecuritySyed Maniruzzaman Pabel
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach AnalysisTal Be'ery
 
E commerce
E commerceE commerce
E commerceHumayun Khalid Qureshi
 
E commerce Security
E commerce Security E commerce Security
E commerce Security Wisnu Dewobroto
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-CommerceDattatreya Reddy Peram
 
Electronic Security
Electronic SecurityElectronic Security
Electronic SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentationleodegras
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentationleodegras
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom fieldMichalis Mavis, MSc, MSc
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.pptshaks9151
 
Acompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVAAcompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVAgenomicaUNAD2014
 
Janiya skateboarding
Janiya skateboardingJaniya skateboarding
Janiya skateboardingKelly Hines
 

Weitere ähnliche Inhalte

Was ist angesagt?

protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach AnalysisTal Be'ery
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSrausdeen anfas
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commercenikitaTahilyani1
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentationleodegras
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentationleodegras
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6annwhyjay
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceSysCloud
 
001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom fieldMichalis Mavis, MSc, MSc
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.pptshaks9151
 

Was ist angesagt? (20)

E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Target Breach Analysis
Target Breach AnalysisTarget Breach Analysis
Target Breach Analysis
 
E commerce
E commerceE commerce
E commerce
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
Security issues in E-commerce
Security issues in E-commerceSecurity issues in E-commerce
Security issues in E-commerce
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Electronic Security
Electronic SecurityElectronic Security
Electronic Security
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentation
 
Computer related risks presentation
Computer related risks presentationComputer related risks presentation
Computer related risks presentation
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Risks of not complying with sox and pci compliance
Risks of not complying with sox and pci complianceRisks of not complying with sox and pci compliance
Risks of not complying with sox and pci compliance
 
001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field001-MAVIS - Criminal acts in the telecom field
001-MAVIS - Criminal acts in the telecom field
 
10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt10.2.2015 e commerce fraud final slide show.ppt
10.2.2015 e commerce fraud final slide show.ppt
 

Andere mochten auch

Acompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVAAcompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVAgenomicaUNAD2014
 
Janiya skateboarding
Janiya skateboardingJaniya skateboarding
Janiya skateboardingKelly Hines
 
claudiacelta presentacion rodilla
claudiacelta presentacion rodillaclaudiacelta presentacion rodilla
claudiacelta presentacion rodillaclaudiacelta
 
Rvc developmental math model packet 2013
Rvc developmental math model packet 2013Rvc developmental math model packet 2013
Rvc developmental math model packet 2013kathleenalmy
 
Présentation1
Présentation1Présentation1
Présentation1SavPoirier
 
Letter of Recommendation from Ms. Vee
Letter of Recommendation from Ms. VeeLetter of Recommendation from Ms. Vee
Letter of Recommendation from Ms. VeeJemario Houston
 
Sample Promotion Photo Slideshow
Sample Promotion Photo SlideshowSample Promotion Photo Slideshow
Sample Promotion Photo Slideshowburgertk
 
Desafio inglês 1 vídeo 3
Desafio inglês 1 vídeo 3Desafio inglês 1 vídeo 3
Desafio inglês 1 vídeo 3Lilian Francisco
 
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp0128443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01mohd fahmie mohd fauzi
 
Yoleni's at Open Coffee Athens LXXVIII
Yoleni's at Open Coffee Athens LXXVIIIYoleni's at Open Coffee Athens LXXVIII
Yoleni's at Open Coffee Athens LXXVIIIOpen Coffee Greece
 
Startup Career Launchpad 2013 programme
Startup Career Launchpad 2013 programmeStartup Career Launchpad 2013 programme
Startup Career Launchpad 2013 programmeChristopher Pruijsen
 

Andere mochten auch (20)

Acompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVAAcompañamiento tutorial del e-mediador en AVA
Acompañamiento tutorial del e-mediador en AVA
 
Janiya skateboarding
Janiya skateboardingJaniya skateboarding
Janiya skateboarding
 
claudiacelta presentacion rodilla
claudiacelta presentacion rodillaclaudiacelta presentacion rodilla
claudiacelta presentacion rodilla
 
Rvc developmental math model packet 2013
Rvc developmental math model packet 2013Rvc developmental math model packet 2013
Rvc developmental math model packet 2013
 
Présentation1
Présentation1Présentation1
Présentation1
 
Letter of Recommendation from Ms. Vee
Letter of Recommendation from Ms. VeeLetter of Recommendation from Ms. Vee
Letter of Recommendation from Ms. Vee
 
Sample Promotion Photo Slideshow
Sample Promotion Photo SlideshowSample Promotion Photo Slideshow
Sample Promotion Photo Slideshow
 
Congreso9 y10mayo
Congreso9 y10mayoCongreso9 y10mayo
Congreso9 y10mayo
 
Desafio inglês 1 vídeo 3
Desafio inglês 1 vídeo 3Desafio inglês 1 vídeo 3
Desafio inglês 1 vídeo 3
 
Hungry Ghost Festival
Hungry Ghost FestivalHungry Ghost Festival
Hungry Ghost Festival
 
Industrializacion
IndustrializacionIndustrializacion
Industrializacion
 
tipos tis katoxis
tipos tis katoxistipos tis katoxis
tipos tis katoxis
 
Redes sociales
Redes socialesRedes sociales
Redes sociales
 
Presentación economia
Presentación economiaPresentación economia
Presentación economia
 
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp0128443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
28443119 soalan-bm-bahasa-melayu-pemahaman-tahun-4-131115050029-phpapp01
 
Genre theory
Genre theoryGenre theory
Genre theory
 
5 занятие
5 занятие5 занятие
5 занятие
 
Yoleni's at Open Coffee Athens LXXVIII
Yoleni's at Open Coffee Athens LXXVIIIYoleni's at Open Coffee Athens LXXVIII
Yoleni's at Open Coffee Athens LXXVIII
 
Startup Career Launchpad 2013 programme
Startup Career Launchpad 2013 programmeStartup Career Launchpad 2013 programme
Startup Career Launchpad 2013 programme
 
Eteres
EteresEteres
Eteres
 

Ähnlich wie Secure Guest Data in Hotels

Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitalityVishal Sharma
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
Protect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security BreachesProtect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security BreachesVerifone
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Donald Malloy
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open SourceDonald Malloy
 
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...HarshitaMadhale
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminardlinehan2
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 

Ähnlich wie Secure Guest Data in Hotels (20)

Credit card frauds in hospitality
Credit card frauds in hospitalityCredit card frauds in hospitality
Credit card frauds in hospitality
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
Protect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security BreachesProtect Your SMB from Payment Security Breaches
Protect Your SMB from Payment Security Breaches
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low Cost
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
 
Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open Source
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Role of IT in Hospitality
Role of IT in HospitalityRole of IT in Hospitality
Role of IT in Hospitality
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
Unveiling the Multifactor Authentication Market: Securing Tomorrow's Digital ...
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White Paper
 
PCI Compliance Seminar
PCI Compliance SeminarPCI Compliance Seminar
PCI Compliance Seminar
 
Security and governance
Security and governanceSecurity and governance
Security and governance
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Kürzlich hochgeladen (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Secure Guest Data in Hotels

  • 1. INFORMATION SECURITY IN HOTELS Credit Card Information Vishal Sharma Information Security Consultant
  • 2. Tourism is one of the six key locational factors for a country’s Image which gives an idea about a country’s culture & economy Here are some figures relating to nights spend in German Hotels by resident and non-resident over a period from 2010-2011 and the relative expansion of tourism.
  • 3. Nights spend in Hotels in Germany 2011 (in Millions) total non-residents residents 240.8 51.3 189.5 percentage increase from 2010 in % total non-residents residents 5.40% 6.00% 5.30%
  • 4. non-residents residents Nights spend in Germany by resident/non-resident
  • 5. residents non-residents total 4.80% 5.00% 5.20% 5.40% 5.60% 5.80% 6.00% % Change in overnight stay after 2010
  • 6.  But with increasing demand of customers for tourism in Germany, the liability of ensuring customer’s security is also increasing Information Assets of a customer • Personal information (identity, nationality, DOB. etc.) • Payment • Purpose of visit • Duration of stay • Facilities/services availed by customer
  • 7. Modes of Payment: • Cash • Credit/Debit Cards • Travellers’ Cheques • Vouchers • Company Account • Money transfer to the desired account
  • 8. Ways of booking a room in hotel: • Via mail • Via hotel’s website • At arrival • Via Phone • Travel agency • Via company
  • 10. NOTE: According to Verizon Data Breach Investigation Report (DBIR) in 2010, hospitality industry was most vulnerable target by hackers following with financial and retail industries respectively. And the most important fact is that 98% of the targeted data was payment card information.
  • 11. Hotels Hacked the most Hospital Financial Ret Food and Business Educati Technolo Manufacturi Othe ity Services ail beverage Services on gy ng rs 38 19 14.2 13 5 1.4 4 1.4 4
  • 12. Hospitality Financial Services Retail Food and beverage Business Services Education Technology Education Manufacturing
  • 13. Types of Credit Cards Fraud
  • 14.
  • 17. Other means of credit card information breach • Dummy wi-fi / Hotspot: Wireless internet is one of the most basic services offered by many hotels— However, you might be connecting to hotel’s actual network, instead, you may have simply clicked on a dummy Wi-Fi network called “ABC-Free-Wi-Fi”
  • 18. • Phishing by phone: since the beginning of IP telephone systems, the risk of telephone phishing has always been higher.
  • 19. • Since in hospitality industry, people are hardly aware of Information Security norms, appliance or governance, so I would like to shed a little light on PCI-DSS requirements: • PCI –DSS Requirements: • Requirement 1: Install and maintain a firewall configuration to protect cardholder data • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters • Requirement 3: Protect stored cardholder data • Requirement 4: Encrypt transmission of cardholder data across open, public networks • Requirement 5: Use and regularly update anti-virus software or programs • Requirement 6: Develop and maintain secure systems and applications • Requirement 7: Restrict access to cardholder data by business need to know
  • 20. • Requirement 8: Assign a unique ID to each person with computer access • Requirement 9: Restrict physical access to cardholder data • Requirement 10: Track and monitor all access to network resources and cardholder data • Requirement 11: Regularly test security systems and processes. • Requirement 12: Maintain a policy that addresses information security for all personnel.
  • 21. • Network Separation: Isolation of network is not an entity of PCI-DSS but it should be clearly defined that which channel we would use in order to perform various operations in hotels. Network segmentation or separation can be done in various ways at physical or logical level: • Configured internal network firewalls • Routers with strong access control lists • IAM-Identity Access Management or the technologies that restrict access to a particular segment of a network.
  • 22. • According to PCI-DSS the business needs should be defined, policies, and processes should be defined clearly in order to store individual’s information. So the minimal and only the legitimate information which is highly required should be stored and the retention policies should be strictly followed.
  • 23. • Wireless: When wireless technology is used to store, process, or transmit cardholder data then we need to consider the following in order to have secure transmission over the channel • Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. • For wireless environments connected to the cardholder data environment or transmitting cardholder data, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. • Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission.
  • 24. • Third Party Outsourcing: According to the business processes defined involved parties needs to involved certain measures • They can undergo a PCI DSS assessment on their own and provide evidence to their customers to demonstrate their compliance; or If they do not undergo their own PCI DSS assessment, they will need to have their services reviewed during the course of each of their customers’ PCI DSS assessments
  • 25. THANKS Information security is a ongoing process