Marriott’s Information Privacy & Security Project Update and Webinar Opportunity May 5, 1:30 p.m. ET
The security of the Personally Identifiable Information (PII) of customers and associates at Marriott-branded hotels is one of Marriott’s highest priorities. Failure to protect this information could result in serious consequences, including diminished brand preference/loyalty, fines, long-term government oversight, and the loss of credit card processing capability. In addition to these risks, there are also significant costs associated with responding to a data breach, should one occur.
Marriott’s main focus is to protect PII and to ensure our systems and networks remain in compliance with Payment Card Industry (PCI) requirements. We continuously assess the security measures we have in place to protect our hotels and information assets, and we are committed to investing in new technology and programs in order to further strengthen the protection of our network, systems and information.
Information Protection
Network and system security are vital to protecting Marriott’s systems and information. The Marriott Enterprise Security team continuously scans our network for malicious software, and we actively manage access to the systems on our network. As such, beginning in August 2014, controls were put in place to prevent non-authorized users or devices from accessing Marriott’s network and systems; these controls enable us to remove any device from our network which we believe is not secure.
As cyber threats continue to evolve, it is imperative that Marriott continues to adapt our systems and processes. To support this policy, Marriott’s Information Protection team is implementing additional controls to further secure our operating environment, including implementing enhanced end-point protection, two-step authentication, and enhanced server malware protection. To learn more about these controls, view details on MGS (owner | franchisee).
PCI Compliance
PCI compliance continues to be a priority in order to protect the PII of customers and associates at Marriott-branded hotels. We would like to assure owners of our Marriott-managed hotels that we take the security of our systems and protection of our guests’ data very seriously. To that end, we have invested in eliminating high-risk data from key systems by replacing credit card numbers with tokens for our Property Management Systems and Global Point of Sale solution.
As outlined in our franchise agreements, it is incumbent upon all franchisees to operate their Marriott-branded hotels in compliance with all data protection and privacy laws and regulations applicable to their jurisdiction. Marriott-branded hotels must be operated in compliance with our standards, as well as the PCI requirements, to which all merchants are required to adhere. To understand franchisees responsibilities and to access information on maintaining compliance, best practices and training materials, please access MGS.
In addition to network security and PCI compliance, Marriott has assessed the risk for hotels in the U.S. associated with the liability shift that will occur in October related to EMV (also known as “Chip and Pin”) processing. It is important to put EMV in context for our industry as compared with other more comprehensive security standards. While EMV helps to make payment cards more difficult to counterfeit, which in turn protects against fraudulent purchases at the point of sale, fraudulent purchases in hotels are a rare occurrence due to operational protocols that should be in place (e.g., requesting a photo ID at check-in). Marriott is not in a position to assume responsibility for fraudulent purchases at hotels. However, in preparation for this liability shift, we are encouraging hotels to focus on training and execution of security protocols in order to continue to minimize counterfeit fraud. Resources are available on MGS to assist franchisees with improving security within your hotels.
The security initiatives outlined above are vital to ensuring the reputation and strength of our brands, maintaining customer trust, and supporting Marriott’s position as a premier, global lodging organization. Franchisees who would like to learn more about security initiatives underway are encouraged to join us for a webinar on May 5 at 1:30 p.m. ET. Click here to register now.
We appreciate your continued support of these efforts.