Crown Plaza Venice hotel booking fiasco could have been avoided
Richard Kirk, Fortify's European Director, said that the online booking fiasco - in which rooms at the Crown Plaza Venice East Quarto D'Altino hotel were sold for pennies - has lost the group tens of thousands of pounds.
"Rooms, which normally cost between up to 150 pounds a night at the four star hotel in Venice, have been booked by savvy Internet punters, most of whom are well aware of the law of contract," he said.
"After the company initially blamed the fiasco on hackers, they quickly realised their own coding and data mistake - and are now effectively locked into completing the contract with customers," he added.
Kirk says that the incident, which will cause a hole in the hotel's annual profits, could have been avoided if the hotel group - or its booking IT services provider - had used standard code auditing techniques on the Web site server system and its allied data.
Standard auditing techniques that look for non-standard patterns in bookings, as well as erroneous low or high value card authorisations, would have picked up this anomaly, he explained
According to Kirk, because of these failings in the audit process, more than 5,000 bookings were reportedly made within hours of the one pence rate being offered on the Crown Plaza Web site.
"The irony of the situation is that the hotel - and the Intercontinental Hotels Group - will probably gain in the publicity stakes, but this is an expensive way to learn that your Web site code auditing and allied safeguards have failed you," he said.
"Coming in the wake of a 40 per cent slump in first half year profits for the group, the IT director is probably not going to be too popular in the company boardroom," he added.
For more on the Crown Plaza Venice hotel fiasco: http://preview.tinyurl.com/oj3c54
For more on Fortify Software: http://www.fortify.com
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Mobile Nutzung von SAP effektiv absichern
Unternehmen, die auf Mobilgeräten kritische Daten aus SAP-Systemen zugänglich machen, müssen sie zuverlässig vor Verlust und Missbrauch schützen. SAP bietet für die Absicherung mobiler Geräte, Apps, Daten und Dokumente diverse Lösungen. Die mobile Sicherheit darf hierbei aber nicht isoliert betrachtet werden. Sie ist ein Baustein in einem ganzheitlichen IT-Sicherheitskonzept, das die Bereiche Organisation, Technologie und Menschen umfasst.Weiterlesen