PoS Malware is a malicious software written to steal customer payment data from PoS (Point of Sale) systems. This PoS malware resides in the PoS, waits for the customer payment data to be entered, and the moment it is entered transfers it to the attacker’s (cyber criminal’s) remote computer. Customer payment data is available unencrypted only for a brief period, so the PoS malware has to operate within these few seconds. Cyber-criminals often purchase PoS Malware to infect various PoS systems to steal customer data from retail organizations with the intention of selling the data rather than using it directly.
It seems that the hospitality industry in India is one of the worst affected by these PoS Malware related attacks. Come to think of it, this finding does seem appropriate. Because the moment we step into a hotel, we start using our credit card or debit cards, and our digital payments cease only when we check-out of it. So it’s not at all surprising that our hospitality industry seems to be the most affected by PoS Malware attacks – for it is an industry where sensitive customer data is thrown about with little or no rules to regulate their usage.
Of course, things are changing now and the high-end Indian hotels are beginning to adopt more stringent rules to secure their customer payments system; and obviously, other hotels are going to follow suit. But there’s still a long way to go. Only last year, cyber criminals hacked into the New Delhi-based international five-star hotel chain and stole some ‘loyalty points’. Then Hyatt hotels were hit by malware. Such attacks have forced all major Indian hotel chains to conduct cyber audits to analyze weak points in their IT systems.
Another worrying factor for Indian hotels is that the Information Technology Act 2000 (amended in 2008) still does not comprehensively deal with relevant issues present in the cyber security ecosystem. Therefore providing effective remedies to cyber attacks is still a major problem which is greatly affecting these hotels which have become a constant target for cyber crimes.
Some Obvious Threats Posed By Hospitality Industry
1. Customer Payment Data is retained for a Long Time.
Even after your check-in, your payment data is retained for charging miscellaneous services which you may subscribe to during your stay. And you cannot really blame the hotels for doing this. Because they are doing it with ‘customer comfort’ in mind. So all one can hope for is a more secure system for retaining such sensitive data.
2. PoS Systems are Available at Various Locations.
A hotel’s help desk is not the only place you’ll come across a POS system. Restaurants, bars, spas and other such places located within the hotel will have a POS system. And you’ll be using all of them for making digital payments. Chances are at least one of them could be infected with a POS malware that could rob you out of your money.
3. Usage of Smart System.
Advancement in technology has led may hotels to adopt smart systems. Smart systems are good and easy to use. But this is another area where hackers can easily sneak in and steal sensitive customer data easily, because of the Internet of things (IoT) technology that is deployed in the case of smart systems.
4. In Case of Getting a Hotel Membership.
Getting a hotel membership means your personal details are with them for a long time. At least till your membership expires. This again poses a great risk. So a secure system for maintaining such crucial information is the need of the hour. `
5. Online Booking Systems.
Another area which when not safeguarded properly can pave way for hacking. In the case of hotels, online booking systems may also involve third parties, which can further worsen the situation, increasing the chances of sensitive information being compromised.
6. Public Wi-Fi Networks.
Almost every hotel these days is expected to provide free Wi-Fi. Most of the times, these are not well-protected and therefore increase the chances of customer data being hacked.
Indian Customers are Putting Themselves at Risk, Suggests Intel Security
Adding to the problem seems to be the frivolous attitude of Indian customers when it comes to handling their sensitive digital data which is putting them at risk, suggest findings from Intel Security. Some interesting excerpts from the research:
We habitually share sensitive data using public Wi-Fi leading to cyber risks
Almost 54% of us are smartphone addicts, and this could have adverse effects especially when we carry these smartphones with us while on vacation.
36% of us have no apprehensions with sharing personal information online, although we know very well doing so without exercising discretion could compromise our security.
37% of us are social media addicts. This further makes us more vulnerable to online attacks, as the more time we spend on social media, the more are the chances of us sharing personal information.
Stringent Security Policy Can Improve Things.
A stringent IT security system will not only make the hospitality industry secure but will help build their brand reputation; which in turn will build customer trust and loyalty. The result is that hotels will do more business and the customers are happy and secure. So it’s important that hotels have a stringent IT security system in place.
To cite an example, hotels use third-party vendors for handling customer payment data. So they bank a lot on these third party vendors for securing their customer data. A security lapse by the third party vendor will eventually make them appear bad. So to avoid such a situation and tighten the security, these hotels could impose stricter rules on the third party vendors so that they comply with the latest security trends and standard protocols. Like, for example, not allowing them to make copies of the sensitive customer data without the required authorization. Such rules can improve security for hotels, help them fight security attacks and make their customers happy.