IT Security News and Opinion
Wednesday February 8th 2012
Protect Your Private Data

Smart Cards Are Key to Outsmarting Hospitality Hackers

Now that we’ve reached the  last real month of summer the US vacation season will slowly wind down. However  if the 2010 Global Security Report from Trustwave is any indication, the hospitality industry won’t feel relief from hackers anytime soon.

According to the multi-industry report, hackers infiltrated hospitality services  more than finance, retail and any other industry in 2009. The report states that hospitality breaches accounted for 38% of all breaches investigated by Trustwave Spider Labs – and many attacks can be attributed to systems responsible for the processing and transmission of payment card data. The report identified software-based point of sale (POS) systems as the most frequently breached (85%) in all of the industries involved, because these systems provide the easiest means for criminals to obtain credit card data.

I recently corresponded with Christina Volpe of Hospitality Technology for a story she published last week, “Outsmart Hospitality Hackers”. In this article she notes that a first line of defense against data breaches is compliance with Payment Card Industry Data Security Standards (PCI DSS).

Of course I agree with Christina’s article, but I’d like to add that some additional measures should be taken. PCI DSS compliance is a reasonable starting point to protect customer information and credit card records. Unfortunately, it does not deal with any measure of sophisticated attacks, nor does it provide any safe-harbor for those who implement it. To protect against emerging threats, organizations must implement more advanced technologies such as network sensors and heuristic traffic analysis. Enterprises should also conduct constant security auditing of their systems, network traffic and personnel.  Unfortunately, even if all of these efforts are undertaken there is still no guarantee of security.

The Smart Card Solution

Smart cards are a far more reliable approach that’s already used to minimize Card Not Present (CNP) fraud and card cloning outside the USA. However, absent a government mandate, U.S. credit card issuers will continue to refuse to issue smart cards because the technology adds to their costs. As a result, U.S. consumers may be among the last to benefit from a technology with proven security benefits.

This is obviously a topic that I am passionate about. I’ve shared my thoughts with Christina and with John Dix of Network World. I recommend both articles, as they provide good insight into a growing problem.  Check out these articles and let me know what you think.

  • Facebook
  • Twitter
  • LinkedIn
  • Delicious
  • Google Buzz
  • Technorati Favorites
  • Yahoo Buzz
  • Digg
  • Windows Live Favorites
  • Blogger Post
  • Google Reader
  • MSDN
  • Share/Bookmark
Post Published: 18 August 2010
Author: Philip Lieberman
Found in section: Latest IT News, Regulatory Compliance

Tags: , , ,

Previous Topic:
Next Topic:

Leave a Reply

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed

Archives

Recent Comments

Tags

Administrator Password Android Application-to-Application Credentials Application Security ArcSight Casino security Cloud Computing Cloud Security CSO cyber-attacks Cyber Security data breach Data Breaches Datacenter Security Data Security Department of Defense enterprise security Governance Risk and Compliance Identity Management Insider Threats Internet security IT IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats Password Security PCI-DSS Compliance Ponemon Institute privacy privileged accounts Privileged Identities privileged identity management RSA Sarbanes Oxley Compliance Securing Legacy Applications Security Management SIEM smart card Sony SOX Compliance Windows 7 Windows XP
Visit the Lieberman Software Website