Minutes: I. Welcome & Introductions Mark Haley, Committee Chair, welcomed the committee members and guests. Introductions around the room.

Transcription

1 Technology Committee Meeting Minutes Orange County Convention Center Monday, June 25, 2006 Meeting Attendees: Laurence Barron, AH&LA Dr. Pearl Brewer, U of Nevada Las Vegas Patton Conner, Marriott International Dr. Daniel Connolly, U of Denver Brian Garavuso, Hilton Grand Vacations David Sjolander, Carlson Hospitality AH&LA - EI Pam Inman, EVP, COO Richard Garrett, Director elearning Phyllis Burton, Executive Assistant Gary Haynes, Starwood Hotels & Resorts WW Sherry Marek, Datavision Technologies, Inc. Bret Molen, ibahn Dan Ouellette, Marriott Columbus North Mark Haley, The Prism Partnership Guests: Joseph Rook, Jr., MHS, VP Sales Chris Zoladz, VP, Information Protection & Privacy Marriott International, Inc. E-Business Committee Guests: Richard Jackson, Hilton Grand Vacations Minutes: I. Welcome & Introductions Mark Haley, Committee Chair, welcomed the committee members and guests. Introductions around the room. Laurence read the AH&LA Antitrust Laws before agenda discussion. II. Membership Requirements & other AH&LA Business Pam Inman, EVP & COO of AH&LA gave a report concerning activities of the Members & Industry Relations and in particular, three key actions the Association is focused on. 1

2 Strategic and Business Plan (3 years) 1. Increase membership in properties by 15% - adding 4 new sales people (total 6). The new sales staff will be targeting unvisited states to generate memberships. First five months of 2007 new sales staff generated 87 new sales (43 partner states / 147 total sales). 2. To be the voice of the lodging industry 3. Striving to be multicultural -Women in Lodging Connect (a group that mentors women in the hospitality industry encouraging them to move up the ladder) webnar forthcoming in Fall AH&LA Restructuring Hotels, corporate hotels, allied students and facilities are now members. In previous years the state hotel & lodging association were the only members of AH&LA. Summary: Membership in properties is up by 2.4% as of May 2007 The Hotel industry is strong and as a result AH&LA, the Foundation and Educational Institute are having positive financial reports AH&LEF is going to give over 1 million in grants this year Being on the committee is a membership benefit, therefore each attendee must be an AH&LA member In the future, there will always be an AH&LA staff member attending all the committee meetings to ensure the members are updated on any AH&LA membership and business changes. The Credit Card Advisory Committee (staff of 6 - comprised of 3-credit card processing executives, attorney and hotelier) Jim Abrams is the State Executive of California. The CCA committee, in conjunction with several other entities are preparing documents for AH&LA to make available to the lodging industry to (1) make them ware of PCS/PABP, (2) inform the industry in an understandable manner what is required of them and their third-party providers, and (3) provide the industry with useful tools, links and other resources to enable hoteliers to insure compliance. Plans are to have standards completed by September Seminar scheduled for the New York Show in November III. TRANSITIONS Dr. Dan Connolly was nominated as the new Chair - - committee gave their overall acceptance. Dr. Dan Connolly accepted his new position as Chairperson Patton O Conner was nominated as Vice Chair -- committee gave their overall acceptance. Patton O Conner accepted her new position as Vice Chairperson. Laurence presented Mark Haley with an AH&LA souvenir in appreciation for his dedication and service as past Chair. 2

3 IV. PCI Education Chris Zoladz, Vice President of Information Protection & Privacy for Marriott International provided an overview of PCI DSS (Payment Card Industry Data Security Standard) and CISP (Cardholder Information Security Program). When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. Visa USA has instituted the Cardholder Information Security Program (CISP). CISP is intended to protect Visa cardholder data wherever it resides ensuring that members, merchants, and service providers maintain the highest information security standard. CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements. Visa USA maintains CISP as the managing program for data security compliance endorsing the PCI Data Security Standard. Comprehensive global security standard applies to anyone who accepts credit cards, every business process that involves the collection processing, storage and transmission of credit card data. There are 5 sponsored organizations of PCI: Visa International, Master Card Worldwide, American Express, JCB International and Discover Within PCI are twelve high level security domains, within each domain are multitudes of individual specific security requirements, added together are 206 detailed security requirements that are part of the standard. All merchants will fall into one of the four merchant levels based on Visa transaction volume over a 12-month period. Merchant Level* 1 2 Description Any merchant-regardless of acceptance channel-processing over 6,000,000 Visa transactions per year. Any merchant that has suffered a hack or an attack that resulted in an account data compromise. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Any merchant identified by any other payment card brand as Level 1. Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa transactions per year. 3 Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year. Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other 4 merchants-regardless of acceptance channel-processing up to 1,000,000 Visa transactions per year. In addition to adhering to the PCI Data Security Standard, compliance validation is required for Level 1, Level 2, and Level 3 merchants, and may be required for Level 4 merchants. 3

4 Tier 1 Level 1 Compliant Deadline: A service provider must have a review done by their internal auditor or an independent third party by September 30, In this report, you must indicate full compliancy (206 requirements). The merchant bank (not VISA) will enforce $25, 000 fines starting October 1, You pay your merchant bank; your merchant bank remits money to VISA. Tier 2 Level 2 Compliant Deadline: $5,000 fines enforced. Same schedule as Tier 1. PCI Training by VISA FREE Training, August and September 6-7 Foster City, CA. for Level 1 & 2 Merchants. Lodging and travel expenses on your own. See website PCI Security Standards Council Meeting - Toronto, Canada Sept , Any merchant, acquiring bank or software vendor that is in the credit card space can join as a participating organization for $2,000. Council currently has 200 seats. Compliance Program: If merchants aren t PCI compliant in a timely manner, substantial financial and other penalties will be enforced - may increase over time. Co-Marketing: If you are non-compliant, Visa will not put any money on the table for co-marketing efforts (ex., use your Visa card gets $10 off). Whether you re a small or large operator these rules will apply. You must be fully compliant. Consumers are getting more sensitive to the PCI issue. The states are focusing on it even more. There are a number of federal bills out there; some more threatening than others. FATA components are requiring not showing expiration dates and completing credit card numbers (max 4 or 5 digits). V. ADDITONAL COMMITTEE MEMBERS & ACITIVTY Dan challenged the committee members to add to the membership by inviting and bringing at least one additional person and/or speaker to our meetings. VI. We will have conference calls on alternate months to keep projects going forward and to provide active participation. E-Business and Technology Committees struggles with issues of purpose, scope, and critical mass; it was proposed to merge both committees. Mark motioned formal discussion to vote - committee officially voted in favor. Merger vote conference call scheduled for July 16, PRIMER RESEARCH FUNDING APPROVED Pearl Brewer announced funding for membership research on future primer topic has been approved. Suggest soliciting both committees (by this summer) to help formulate questions to use as basis for the survey draft. With the assistance of the University graduate students, Pearl would refine the draft and return back to committee by a deadline. Software tracking will be used to track responses. Proposing final draft of survey to the E-business and Technology Committees in November Submit to protocol committee for final approval. Membership Survey should be ready for distribution in December 2008 or January Note: Deadlines for AH&LEF receipt of funding applications are March 1 and September 1. 4

5 VII. VIII. 2-LINE PHONE ISSUE ADVANCEMENT Dan Connolly led a discussion on two-line phones. Hoteliers are complaining that the second phone lines are not being used in the guest rooms; in turn, it s costly not being used. Mark Haley has done some primarily discussions with organizations regarding this subject. One organization felt that it was unfair to have a supplier represented company such as AAA and Mobil influencing the standards. Dan asked the committee for their thoughts on continuing to pursue this subject further or should it be dropped. Laurence mentioned that the AH&LA Ratings and Advisory committee had discussed this issue in their meetings and has brought this issue to Joe McInerney s attention. However, the RAC committee didn t see a large interest for action. With that said, the Technology committee agreed to end future discussions regarding 2-line phones. HOTELPAC DISCUSSION Joe Rook, VP of Sales with ibahn / Chair of HotelPAC / Vice Chair of the Government Affairs Committee gave a report on the three legislative issues in which the Association is focused on in Immigration Reform (Senate Bill #1348) - the need to have a guest worker program as part of the comprehensive solution to the immigration problem 2. Enhancements for Security Verification Program - of every employee within a three year period Guest Worker Program - temporary worker is permitted to be in the U.S. for two years, they must leave for one year, they can return to the U.S. for two years, they have to leave for one year, and then a final two years in the U.S. It s a one time deal. 3. Employee Free Choice Act (House Resolution 800) this is a modification to the way unions becomes certified. Currently under this bill, when unions get 50% of cards from employees publicly saying they are interested in this union representing them, the union automatically becomes their union. This bill strips away the right of an employee to elect by secret ballot vote to determine representation or not. President Bush said if this bill passes, he will Veto it. 4. Terrorism Insurance Reform Act (TIRA) this legislation was introduced last week. Current legislation expire end of Pending legislation regarding the extension of TRIA through An extension is expected to eliminate the distinction between acts of terror committed by U.S. citizens and those committed by foreigners. Also expressed the need to add nuclear, biological, chemical and radiological requirements to avoid the unintended consequence of reducing the availability of terrorism insurance. HotelPAC is an organization that raises money for the Political Action Committee (PAC). How things get done on capital hill depend on the amount of funds you have. Each committee within AH&LA is being solicited in efforts to reach the $500, goal in Any contribution in the form of personal check, credit card or company funds was encouraged. Company contributions are considered soft funds and will be used to purchase auction items. Auctions items are purchased with hard dollars which are used for administrative expenses of operating PAC. The committee liaison for PAC is Brett Molen, who can be reached at via at bmolen@ibahn.com or phone (801) PAC hosts auctions three times per year - next auction held at New York Show in November

6 2007 November Meetings: Technology Committee Mtg. Sat., 11/10 2:30pm 3:30pm IH/M&RS NY Technology Seminar Sat, 11/10 3:45pm 4:45pm IH/M&RS NY E-Business Committee Mtg. Sun., 11/11 9:00am 10:30am IH/M&RS NY E-Business Seminar Sun., 11/11 3:00pm 4:30pm IH/M&RS NY PCI Education: Action Items: Possible Actions: 1. Writing Primer (PCI Guide for Dummies) 2. Speak at different conferences to get information to the right audiences 3. Host web base training sessions(powerpoint slide with voice over) Confirmed Actions: 1. Mark Haley and Dr. Pearl Brewer volunteered to work with the Credit Card Advisor Committee on PCI Data Security Standards efforts - Laurence will also assist Additional Committee Members & Activity 1. Laurence to schedule conference calls on alternate months to keep projects going and to provide active participation Primer Research Funding: 1. Laurence provide Pearl with annotated database of AH&LA membership (hotels & hotel companies only) for survey 2. Laurence provide permission letter to Pearl to use AH&LA membership database HotelPac 1. Committee members are asked for personal and/or company contributions to HotelPac for help raise money for PAC. The committee liaison for PAC is Brett Molen, who can be reached at via at bmolen@ibahn.com or phone (801) Adjournment Dr. Connolly thanked everyone and adjourned the meeting. 6