Hotel Online  .Special Report

Operators Weigh Options as Senate Moves
Toward New Data Security Rules

”Insecure databases are now low-hanging fruit for hackers.” Sen. Patrick Leahe

September 7, 2005 -- On July 28, 2005 politicians signaled a readiness to enact security breach and data safeguard laws and indicated new federal regulations could reach President Bush's desk by the end of the year. Bills from three different Congressional committees proposed during the last week of July share common points.These include requiring prompt notification when security breaches occur, awarding more regulatory power to the federal government, and setting minimum standards for data security. 

Vermont Senator Patrick Leahy, a sponsor of the Personal Data Privacy and Security Act of 2005, said, “We are seeing a rise in organized rings that target personal data to sell in online virtual bazaars.Insecure databases are now the low-hanging fruit for hackers looking to steal identities and commit fraud.”

If passed, this legislation will impact every hotel operator in the United States.At the very least, hotel companies will be held responsible for maintaining and documenting mandated data security procedures to protect guest information from identity thieves.At most, it will mean a complete overhaul of all guest data storage, including hardcopy archiving and disposal, and the possible upgrading of all existing property management systems (PMS) and other technologies where guest information is stored. Executives at top hotel companies acknowledge their systems are regularly probed by hackers, but for security reasons most will not discuss details of penetration attempts or the risk of identity theft.The scope of this challenge can be summed up by one chain CIO who said, “Security is the primary technology problem in the industry today.” 

As a result of the security breaches in other industries, a number of lawsuits have been filed against various entities. However, because only a few of these cases have made it to final adjudication, the extent of potential liability is still unclear. What is clear is that costs associated with legal defense, customer notification, crisis management and lost business could add up to millions of dollars per breach. 

Leading systems companies gear up for compliance

Almost all hotel companies maintain extensive guest information databases, most often in their PMS guest history modules. These applications store guest credit card numbers and other personal contact records.Because most PMSes were designed before data theft was a primary concern, their information is rarely protected with more than simple one-word pass code access maintained by property managers. Further, when employees move on to other jobs their passwords often continue to be valid. Of equal concern is the widespread use by hotels of thinly-secured 24-hour Internet connections for receiving online bookings and updating room availability on travel sites. Both of these technologies may provide hackers with easy access to data. Forward-looking property management system providers aware of these threats are already working with clients to safeguard guest data with layered security, and encrypt Internet communications before likely federal mandates go into effect. 

Maestro supports multi-layered security safeguards 

Warren Dehan, NORTHWIND’s president of US operations, said, “With identity theft growing significantly it is critical that properties protect guest data. Credit card information is the usual target of system hackers, but we are securing most guest data at multiple levels.” Dehan noted many instances where property employees have unnecessary access to guest data. “No one needs to see a credit card number after it is swiped. But with many front office systems almost any member of the front desk staff can run a report listing guest card numbers and other personal information. NORTHWIND’s Maestro PMS has always supported three separate security thresholds to prevent unauthorized staff from gaining access to a property’s system, and now because of ID theft legislation in California we are finalizing 64-bit encryption to protect credit card numbers and other guest information in our system so it cannot be viewed by staff or printed without management security approval.” This new data security technology lets property managers decide what information is accessible to its staff, and will use a random-generated key at each property so every hotel will have unique security protection to prevent cross-property data theft. 

Online booking a possible open door for hackers, viruses 

The public Internet is the fastest growing source of reservations for our industry, but it can also present an open door to data thieves and expose a property to liability if data is stolen. Many hotel companies use the Internet to communicate booking information and financial data between properties and third-party travel sites, but very few properties regularly update and test their virus protection and firewalls. 

NORTHWIND’s Dehan said, “Numerous hotels use Internet booking engines to drive online reservations; many of these systems maintain a full-time two-way connection between the hotel PMS and the Web that passes guest data to the property, and property data to the guest.” Dehan explained that the data a guest sees through their web browser should always go though SSL, a secured socket layer, identical to those used by banks and credit card companies. He emphasized that NORTHWIND protects its Maestro users from threat from Internet viruses and hackers with the latest security technology. “For example,” Dehan continued, “Our ResEze booking engine uses 128-bit encryption for all data that passes between the property and the viewer. For data that flows between a user and the Maestro server we use military-grade 448-bit encryption that is extremely difficult to crack.” For added security the Maestro system does not store guest credit card numbers on its reservation server. “Even if a hacker was very aggressive and managed to break into our ResEze data server they would find no information of any value to them. This protects both our clients and their guests,” Dehan said. 

With the popularity of remotely hosted ASP (application service provider) front office systems and other applications, more operators are running their entire PMS from off-site locations using high-speed Internet connections to access all functions from their properties. This type of system may also be susceptible to data theft and hacking. Warren Dehan explained, “With any ASP application security is particularly important. At all our Maestro ASP installations the connection between the property browser and the central hosting server is fully encrypted by SSL security so data flowing across the Internet is protected.” At the NORTHWIND ASP hosting site full credit card encryption and masking is also in place secured behind multiple firewalls. 

Hotel data security checklist

With federal data security legislation pending and hotel company databases being probed regularly, it is imperative that operators review their data protection and security policies. Taking effective precautions to safeguard their systems can include the following: 

  • Check all Internet firewalls to verify updates are current;
  • Ask your PMS vendor to discuss its guest data security and credit card masking precautions;
  • Review all functional system passwords and employee security levels;
  • Employ a security professional to test your systems security barriers for effectiveness;
  • If you are a systems professional who believes there is a potential security weakness at your property, notify management at once.
NORTHWIND’s Warren Dehan concluded, “There is little consumers can do to prevent identity theft; the key is for operators to establish responsible information-handling practices. People need to realize that security must be taken seriously before they are compromised. If hotels do not use the tools at their disposal they may be liable for exposing their guest information to data thieves.” 

At IHM&RS 2005 in New York City be sure to visit the NORTHWIND team at Booth 3038 to discuss your security concerns with a Maestro professional and receive a full demonstration. 


NORTHWIND, known in the hospitality industry for its service and state-of-the-art technology, is widely respected for providing hotels, private organizations, and corporate management companies with flexible software solutions. 

Based in Markham, Ontario, Canada, with a network of dealers and offices worldwide, NORTHWIND is a leading supplier of software for all types of hospitality operations including hotels, resorts, timeshares, condominiums, seminaries, state parks, and clubs. Maestro applications are engineered for operators who need to manage their enterprise in a real time environment for the utmost operational control and profitability. Designed to maximize the efficiency of any size single hotel or multi-property enterprise, NORTHWIND's Maestro solution offers the most productive working environment, which includes the following suite of products: PMS, Sales & Catering, Club/Spa Management, Corporate Reservations Office, Multi-Property Management, Condo/Owner Management, Yield Management, POS & Online Table Res, GDS Connectivity and ResEze Internet Reservations. This comprehensive multi-platform (Windows 2000/XP, Unix/Linux, Terminal Server & Web Enabled) suite is recognized as the solution of choice for progressive and demanding organizations. NORTHWIND is a total solution provider that offers leading-edge technologies, and unparalleled training and support. 


Audrey MacRae – Director, Marketing Communications 
60 Renfrew Drive, Suite #235
Markham, ON L3R 0E1
Phone: (905) 940-1923 ext – 246
1-888-NORTH88 (667-8488)
Fax: (905) 940-1925

Media Contact:
Julie Keyser-Squires
Softscribe Inc.

Also See Winthrop Rockefeller Center to Implement Maestro Enterprise Suite, PMS, Sales & Catering, ResEze Web Booking Engine / July 2005
Six-Property Les Hotels Jaro Chain Selects Maestro Multi-Property PMS, Sales & Catering, CRO, and ResEze Internet Booking / June 2005
Benchmark Going Strong with Maestro as Recommended Property Management Solution / June 2005
NORTHWIND Delivers Maestro Profitability Tool Suite to Boost ADR, Drive Repeat Business / May 2005
Maestro Users Group Findings Spotlight Operator Objectives; Incubator for Best Practices / May 2005
NORTHWIND Opens Virginia Office, Taps Industry Professional Margaret Legum For Business Development Position / April 2005 
Maestro Property Management Suite Selected by Five-Diamond Stein Eriksen Lodge and Four-Diamond Washington Duke Inn & Golf Club / March 2005
Hoteliers Logon to New NORTHWIND Website for Maestro Solutions that Deliver Profitability and Efficiency / March 2005
Religious Housing, Theological Conference Centers Occupancy Up 40%, Emerge as Growing Hospitality Segment, Competition in Some Markets / February 2005
Maestro Property Management Suite Selected by Seven Additional Full-Service Hotels in One Month for 1st Quarter Installation / January 2005
Maestro™ Brings Powerful E-Booking Tools to New York IH/M&R Show and Historic Hotels of America Annual Meeting / November 2004
Maestro Property Management Suite Tapped by Two More Prominent Historic Hotels of America Properties / November 2004
Universal Resorts Selects Maestro Enterprise Suite from NORTHWIND For Chain of 9 Luxury Resorts in The Maldives / October 2004
Maestro Property Management Suite Installed by Three Canadian Hotels to Integrate Operations, Boost Efficiency; The 284-room International Hotel of Calgary, Stonehaven Relais & Spa, and the Exclusive Severn Lodge Select Maestro / September 2004 
High Profile Downtown Property, Listel Vancouver in British Columbia, Taps Maestro for Integrated Functionality, Ease of Use / September 2004
Industry Recovery Evident as Operators Invest in Technology; Install Maestro Property Management Solutions in Over 1,500 Rooms in June / July 2004
NORTHWIND President Outlines Hot Technology Trends in Audio Interview; Dehan Discusses How to Halt Rate Erosion via Standardizing Rates Across all Channels, Importance of Integrating Yield  Management with GDS, PMS / June 2004 
NORTHWIND Expands Operations as Sole Provider of its Maestro Suite of Property Management Solutions in North America, Adds UK Distributors, Strengthens Support Standards / June 2004
NORTHWIND Successfully Completes Rollout of its Maestro ASP Front Office System to 65 Suburban Franchise System Properties / June 2004
Industry’s First Seamless GDS Yield Management Reservation Profitability Tools at HITEC; Client-Focused Rate Management Tutorials and Classes Provided / June 2004
Vintage Inn Chain Increases GDS and Web Reservations 500%; Four-Property Hotel Group Leverages NORTHWIND’s Maestro Yield Management, GDS Interface for Projected $1M in e-Bookings / May 2004
Holiday Inn Sydney at Rooty Hill Selects Maestro Enterprise Suite to Automate Front Office, Sales & Catering and Work Order Scheduling / May 2004
Canadian Military Learns from Hospitality Industry: Troops Heading Overseas Move Faster as Maestro System from NORTHWIND Streamlines Air Base Lodging Check-in From 1 Hour to 2 Minutes / March 2004
Suburban Franchise Systems Selects NORTHWIND to Install  Maestro ASP Front Office in 65 Suburban Extended Stay Hotels / December 2003 
State of Arkansas Woos Visitors: Automates 4 Lodge Operations and 23 Parks With Single-System Strategy and Internet Booking - Installs Maestro from NORTHWIND / November 2003 
Extended-Stay Developer Centralizes Operation of Six Long-Term Stay Properties, Drives 70-Day Average Length of Stay / October 2003 
Hotel Companies Accelerate Property Conversions To Vacation Ownership, NORTHWIND Supports Trend with Strong Condominium and Timeshare Owner Management Applications / Sept 2003
Hotel Operators Leverage Technology to Reduce Labor Costs, Increase Revenue, Drive Occupancy; ROI Verified / June 2003
Swan Lake Resort and Conference Center Reduces Check-In Time 25%, The Yarrow Golf & Conference Center Smoothes Operations for Well Heeled Clientele / May 2003
Bodyguards, Health Consultants Help Stressed-Out Professionals Take A Break At The Caribbean’s Premier Spa Adventure Resorts / May 2003 
Maestro Enterprise Suite Leverages Strong Functionality for Multi-Property Operating Companies, Delivers Centralized Management, Cross-Selling, CRM Advantages / April 2003
NORTHWIND Commits to Clients' Profitability, Support Fees to Remain Low in 2003; Four Diamond Service Initiative Announced, Maintenance Renewal Fees Unchanged for Clients in Coming Year, Users Drive Enhancements / Feb 2003
Northwind Appoints Dave Carrick Director of Operations, Increases Value-Add to Customers Using Maestro Property Management Solutions / Jan 2003
Northwind Appoints Atoy Moya as New Client Service Specialist; To Build a Stronger Partnership with Existing Clients / Sept 2002
Maestro Adds The Sizzle To ResEze / June 2002 
Barnsley Gardens Charms the World Using Integrated Sales and Catering, PMS from Northwind / June 2002
Northwind - Forsys Maestro-SilverWare Collaboration Provides Unique Hotel - F&B Outlet Operating Efficiencies, Optimizes Guest Services and Customer Loyalty / May 2001 
Canadian Hotel Owner-Operator Drills Down into Maestro PMS from NORTHWIND to Pump Guests, Profits Into 26 Properties / April 2002 
Château Cartier Resort Boosts Annual ADR and Sales With Maestro PMS, Yield Management, Sales and Catering from NORTHWIND / March 2002 
Maestro at Northwind Off to a Good Note in 2002 / Jan 2002 
NORTHWIND Announces Two–Way GDS and Internet Travel Portal Integration through Newtrade Technologies Inc. / December 2001 
Pacific International Hotels’ selects Maestro Property Management System / Nov 2001

To search Hotel Online data base of News and Trends Go to Hotel.Online Search

Home | Welcome! | Hospitality News | Classifieds | Catalogs & Pricing | Viewpoint Forum | Ideas/Trends
Please contact Hotel.Online with your comments and suggestions.