How secure is that mobile app?

(Hilton Digital Key)

This article is part three of a four-part series on mobile in the hotel industry. Part one can be found here and part two can be found here

Make no mistake: There is still a threat to security through a hotel’s mobile apps, said Rick Garlick, global travel and hospitality practice lead at J.D. Power. “While high-profile data breaches for some chains have centered on point-of-sales systems, the smartphone also represents a security vulnerability,” he said. 

Hotel smartphone apps create a link between the guests’ phones and the hotels system, revealing a potential weakness.  “While some hotel companies are taking steps to protect both their guests’ data and their own, some articles I’ve read suggest this security is not enough yet,” Garlick said. 

The Hilton HHonors app and its respective features have undergone comprehensive testing and have been vetted by security experts, said Dana Shefsky, Hilton Worldwide’s director of digital product innovation. 

For example, Shefsky said, each digital key is tied to a specific phone and a specific guest account and cannot be shared or placed on another device. Every time a digital key is requested under an account, Hilton sends a confirmation email to the email address in the guest’s Hilton HHonors profile confirming that he or she requested a digital key. 

“Only our guests with prior stay history can skip the front desk upon arrival,” she said. “Our guests that have not previously stayed with us make a stop at the front desk to show their identification and credit card. As an additional security measure, we’ve given our guests the option to hide their room number after the first time they unlock the door. Should the guest’s phone be lost or stolen, the room number associated with that digital key will be concealed. We have seen more than 350,000 digital key uses and have not experienced a single security compromise with the digital key.”

Because many of Hilton’s digital features are tied to a guest’s Hilton HHonors account, Shefsky warns that it is important guests select a strong, secure password to keep information protected on their smartphones and other devices. A recent app update allows guests to use fingerprint touch ID security features to log in if they choose.