Hotels are prime targets for hackers, not only do they possess credit card details but also an overload of guest data, including emails, passport details, home addresses and more.
As a quick recap, on the 30th of November 2018, Marriott International announced, they had experienced a massive security breach at Starwood branded properties from 2014 to September 10, 2018. 500 million customers were involved in the breach, with credit card information, passport details and mailing addresses compromised.
“Whilst the Marriott breach was the largest ever recorded, if you confine comparisons of the top 20 largest hotel chains worldwide, with the airline, cruise line and car rental chains worldwide, it is clear that hotels have allowed themselves to be vulnerable to far more breaches” – Skift, 2018
The penalties for lax security measures surrounding sensitive information are two-fold.
Firstly, the financial impact can be a fine of up to 4% of global turnover or €20 million, whichever is higher. Security experts think it is highly likely Marriott will be faced with a considerable bill.
Secondly, there is the risk of reputational damage, which is much greater thanks to social media and the speed at which negative comments can be shared. It is impossible to put a precise number on the financial implication a loss of reputation can cause. However, when a company’s bottom line is linked to its reputation, it is fundamentally important to protect your brand name. The Marriott International hack, although the largest on record, is by no means a new occurrence within the hospitality industry. In 2017, Hilton Worldwide agreed to pay a $700,000 fine after data security failures exposed more than 350,000 credit card numbers in two breaches during 2015. Trump Hotels, Starwood, Mandarin Oriental, Kimpton, IHG and Millennium Hotels and Hotels have all experienced data security breaches over the past 5 years.
It does not stop there, smaller hotels are a target too, according to the Verizon report published in 2018, 86% of the accommodation-industry breaches occurred at small businesses. Bob Russo, GM of the PCI Security Standards Council, said in recent years the hotel industry has been particularly vulnerable to cyber attacks. All evidence points to the importance of security and the need for active efforts to ensure the protection of guest data and credit card information.
So, what makes a Smarthotel so secure?
We are aware of this risk, as are travelers and corporate travel managers. We have built our technology with this information in mind, and chosen our data storage and our payment provider with the utmost care.
Our data storage provider, AWS (Amazon Web Services) – a managed cloud platform, received ‘best in class’ and ‘best of breed’. That is tech jargon for being the best product in within the software category and the overall best product of its type. See this graph as a visual of where AWS stands next to its competitors.
In operational terms, Smarthotels never receive unencrypted credit card details, yet the staff is able to trigger payments via our hotelier app, thus ensuring sensitive data protection and fraud prevention. In terms of secure payments, our payment provider SumUp is PCI DSS (Payment Card Industry Data Security Standard) certified and can boast FCA-approved status, meaning all guests using our solution are paying with a payment service that obeys the highest security standards available, ensuring your hotel and clients are covered.