In June this year, 20 hotels run by HEI Hotels and Resorts, including Hyatt, Marriott, Starwood and Intercontinental were affected by the malware which targeted payment card information of customers. According to privately-owned HEI, hackers were desired to target POS (point of sale) systems and steal card data used by customers to make payments. In details, the malware was active to have accessed to customer names, account numbers, payment card expiration dates and verification codes. According to a spokesman for HEI, Chris Daly, hackers potentially target cards used at lobby shops, restaurants, bars, spas and other departments within the premises of the affected hotels. During the period the malware was active, the total transactions estimated to be influenced are nearly 20,000. In other words, there are a growing numbers of vulnerabilities in POS security when people use credit card for payment.
With the advantages of lightweight, handy and easy installation, POS machines are equipped in most supermarkets, hotels and commercial centers around the world. However, POS machines are not enough safe due to many security loopholes. Heid – chief research officer at Security Scorecard – explained that POS systems became vulnerable to cyber-attacks for the same reasons any Internet connected system would be vulnerable to attack due to outdated software, weak passwords, incorrect configurations, and/or malware infection. Typically, the attackers often try to spread malware by tricking people to download them through email or strange links, and were interested in obtaining logins and passwords, as well as what is presumed to be credit card track data. Attacking a single vulnerable device and less secure area of the network is a common and effective method that hackers often use.
According to Strand, a single POS machine can provide a hacker with data on thousands of credit cards over a few days, weeks or months. Moreover, in holiday time, when hotel has the high number of visitors, POS vulnerabilities’ systems are easier to exploit. In details, POS breaches impact both the customer of the affected service providers, as well as the individuals using payment cards to conduct transactions. Once hackers track successful the data of credit card owner, it can be cloned onto a new card and used by the attackers. They can reset a password on the account, check the account balance, change the PIN number, and make withdrawals.
As a matter of fact, these issues lead to an urgent need to integrate sophisticated technology such as biometrics with a POS solution. Biometric POS systems provide accuracy and security that brings numerous benefits to the hospitality industry. In details, personal traits scanned by biometrics are difficult to lose, forget or copy. For this reason, it is considered to be safer and more secure than other traditional POS. Moreover, this also prevents impersonation and eliminates any possible disputes at the time of final billing regarding the use of these paid services. Therefore, adoption of biometrics for POS solutions within the hospitality industry is increasing thanks to these advantages. Currently fingerprint recognition is now dominant the mainstream biometric modality of many POS systems but as other biometric technologies have evolved, many end users are also choosing other stronger secure biometric modalities such as palm vein, iris recognition thanks to the inherent benefits that are included such as lower false acceptance and false rejection rates.