Accor Hotels is rolling out a multi-million-pound
encryption system as part of a programme to safeguard customers'
personal information, including credit card details, from the risk
of identity theft.
The hotel chain is thought to be one of the first to use
encryption technology to safeguard customer data held on hotel
systems, central databases and the internet.
It will roll out the encryption system from security software
firm RSA to more than 1,300 hotels across North America this year,
and is evaluating a roll-out across Europe.
The project follows growing concern from organisations that
identity theft and leaks of personal data can irreversibly damage a
company's reputation.
Harvey Ewing, senior director of information technology security
for Accor North America, said recent high-profile data breaches
were one of the deciding factors behind the project.
"I have been in IT security for 10 years and data theft is
something you never want to occur. The website privacyrights.org
documents 100 million breaches since February 2005 and that is just
overwhelming. It has definitely had an impact on my strategy," he
said.
The system will enable Accor to meet compliance regulations,
including the credit card industry's Payment Card Industry Data
Security Standard, as well as state reporting laws, which require
firms to publicly announce any data breaches if the data is not
encrypted.
Accor plans to integrate the RSA key management technology with
its existing Unix-based legacy systems, hotel point-of-sale
systems, call centres and internet booking systems.
The technology will initially ensure that all credit card data
is encrypted from the time it is entered into a hotel point-of-sale
system, through the internet or a call centre, but will ultimately
allow all customer data to be encrypted.
"We are looking at credit card information in the first
instance, but with ID fraud becoming more common we wanted
architecture that is able to encrypt any data. If we decide names
and address are confidential we can start to seamlessly encrypt
them," said Ewing.
Read David Lacey's security blog
www.computerweekly.com/blogs/david_lacey