Keeping Mobile Tech in Hotels Secure with Biometrics
By Court Williams Chief Executive Officer, HVS Executive Research | January 05, 2020
A big question currently facing the hotel industry is how to keep guests, employees, and data safe in our increasingly connected world. While mobile technology provides a vehicle for much of the progress, it can also provide the security methods needed to safeguard them in the form of mobile-based biometrics.
What Are Biometrics?
Biometrics are biological measurements or physical characteristics that can be used to identify individuals. Fingerprint mapping, facial recognition, and retina or iris scanning are all forms of biometric technology, but these are just the most well-known options.
Hollywood films have used biometrics in their storytelling for several years, but their efforts have been unsophisticated at best. Remember James Bond and the iris scans in Diamonds are Forever? The fact is, biometrics are making significant inroads in almost every industry, and hospitality is no exception.
Mobile biometrics, in particular, are scoring high on the list of popular authentication methods, partly because mobile phones are the devices we carry most often. In 2020, I expect hotels to start using mobile biometrics for a number of purposes, including financial security, inventory protection, staff management, and the safeguarding of privacy and personal information.
Hotel Security Needs are Growing
With the current glut of data breaches experienced across all industries, the need to protect both company and guest information is increasing. It's not only about data security, however. One of the fundamental expectations of every hotel guest is personal privacy, but given the online marketplace for selling everything from credit card numbers to private photos, it's getting more and more difficult to achieve this.
Consider these potential scenarios: A hotel employee has access to connected devices in guest rooms, and installs a recorder to take candid photos of guests that are then sold on the Dark Web. A worker with ties to terrorism adds a deadly substance to a hotel's hot water supply, which causes multiple guest deaths before management even becomes aware of the problem. Or, as we have seen so often in the movies, a service employee is compromised and smuggles weapons into the hotel in a laundry or food cart.
Managing every possible risk without the help of technology is practically impossible, but we can make use of the one item almost every person on the planet carries-a biometrically-enabled mobile device.
How Biometrics Work
Biometrics currently come in two primary flavors: physical biometrics and behavioral biometrics. Physical biometrics include such popular ideas as facial recognition, digital fingerprint verification, nuanced voice authentication, iris scanning, and even vein recognition.
Behavioral biometrics are based on multi-dimensional intelligence, which uses machine learning to form conclusions based on a combination of human-device interactions, location, IP address, muscle memory, and behavioral habits.
Both of these methods can be used with mobile devices, through the development of apps such as Mobile Passport Control and the inclusion of sensors. These have the ability to track behaviors such as walking speed, the angle at which the user holds their smartphone, and the finger pressure used to type on the device, as ways to verify identity.
Some of the exciting developments happening in mobile biometrics currently include authentication based on lip motion and brain wave analysis that determines a user's mental state and approves access to resources on that basis.
Current Biometrics Usage in Hotels
This might all sound rather sci-fi for the hospitality industry, but, in fact, hotels have been employing biometrics for some time already. Marriott hotels in China use facial recognition technology for check-in purposes, charging the room fee and deposit automatically to guests' Alipay accounts and providing the room key after identity verification. AccorHotels' loyalty program Le Club offers members a quiz about travel preferences, and then uses their webcam to monitor and analyze their heart rate based on their facial reactions to images.
The usage of biometrics in hotels isn't only on the customer-facing side, however. Many hotel chains use large-scale, organization-wide enterprise systems for their IT operations. These require exceptional cybersecurity, controlled user access, and extensive cloud computing capabilities. Implementing biometric authentication for these enterprise systems is an obvious solution to the risks facing every organization that needs to protect guests' personally identifiable information (PII) as well as its intellectual assets.
Moving to Mobile Biometrics
Evolving cybersecurity threats, concerns regarding data security and privacy, and the increase in instances of security breaches in hospitality such as terrorist attacks and bombings are motivating hotels to find more reliable tools for managing identity and controlling access. The current shift towards password-less authentication needs innovative solutions, and according to the Identity Management Institute, mobile biometrics are emerging as an option to address the risks associated with traditional login methods. Today's mobile devices have the capability to be part of the user's identity, and to act as a login point or part of a series of identification factors in a multi-factor authentication (MFA) process.
One of the simplest ways hotels can use this technology is to enforce a biometric approval process through the user's mobile device before allowing an employee to access sensitive information. Whether approval depends on confirmation of walking style, facial recognition or lip motion, the unique identification ability is built into the mobile device. Some ways we could expect to see hotels using mobile biometric authentication in the very near future include staff timekeeping, monitoring of attendance during work time, and access to computers, networks, and servers.
Then there's the need for controlled access to critical data as well as physical areas, such as those where cash or alcohol are stored, or inventory of valuable room items. HR managers will be able to automate the monitoring of individual staff members' locations based on their mobile position. They might track the time workers spend on tasks like room cleaning, to identify any duration anomalies that could indicate problems-at least until room cleaning can be done entirely by robots.
Hotels are also embracing the Internet of Things for the benefit of guests, to adjust room temperature settings, lighting, voice-controlled room service, operate adjustable beds and other appliances. The risk scenarios outlined above show how important it is to restrict access to these appliances to vetted, authorized users, and we all know how many ways password-based logins can be compromised. A combined, multi-factor authentication (MFA) process using a password, retina scan via an app on a mobile device, plus transmission of the mobile device's location, can radically reduce the risk of unauthorized access to in-room appliances.
Many properties are combining augmented reality (AR) and virtual reality (VR) for entertainment, convenience, and administrative purposes. AR-powered signage, for example, can help direct guests to check-in or pick-up locations, based on their mobile fingerprint and biometrically-verified identity. Guests can view realistic, virtual representations of celebrities, among other things, using their smartphone cameras. These activities typically require both a connection to the internet and a payment, or at least verification of their guest status-all of which can be provided by a biometrically-empowered mobile device that recognizes its user.
Accessing customized content often requires authentication, whether for hotel guests or employees, and mobile biometrics can provide those options irrespective of the user's nationality, current location or home country.
Benefits On Offer
The closer the connection between biometric methods and the user, the greater the security. Since a user's personal mobile device is effectively a "closer" link to the individual than a hotel's facial recognition system, one of the benefits of going mobile is increased security of data, employees, guests, finances, and facilities. There are also the obvious benefits of having the built-in biometric ability to verify identity for the purpose of easier reservations, confirmation, check-in, and account payment options.
Both hotels and guests will score by having mobile biometrics make it faster and simpler to place secure orders of food and beverages. Options range from screens that welcome guests by name on their arrival in a hotel lobby using data from their phones, to accessing spa services, digital entertainment, and the use of AR and VR facilities, mobile will play a huge part. From a hotel management viewpoint, the workload required to record staff hours, vacation, sick time, or activities for compensation can be both vastly reduced and improved in accurac
No Free Lunch
Of course, there's no such thing as a free lunch, and even the most advanced developments aren't without some disadvantages. Mobile biometrics, like any other technology, opens the door to the risks of cybercrime. As fast as we find ways to protect networks, criminals develop new ways to attack them.
Privacy is a huge consideration, such as securing PII on mobile devices against the risk of loss or theft, while still making it possible to access the device easily for personalized daily use. Research from SmarterHQ shows 72% of consumers will only engage with marketing that is personalized to their interests, while 86% don't want to provide their personal information because of privacy concerns. This creates a major conundrum for the hospitality industry.
Then there's the security risk. Users can't be expected to carry the entire responsibility for security themselves. The "arm's length" relationship between the personal devices of staff or guests and hotel management makes it unrealistic for the latter to assume complete responsibility, which means a grey area exists. Hotels could take a page from the financial industry's playbook, which currently holds the competitive edge by taking precautions to protect both their customers' account information and the biometrics used for identification.
There's also a compelling need for robust protection against malware, which is a major issue currently for mobile apps, and the rapid changes in regulatory requirements that occur as authorities in various countries attempt to exercise individual preferences.
What Mobile Biometrics Mean for Hotels
Guests are increasingly expecting hotels to be able to offer the very latest in technology and security. At this point, mobile biometrics are the most advanced way to achieve these. There are many implications for the industry, starting with the need for extensive capital investment to buy and configure the necessary software, and, in some cases, hardware.
In terms of staffing, this indicates a clear need to employ highly-qualified workers and more tech-savvy hotel staff -at all levels. It will also be essential to retrain existing employees to function in the connected world, while still exhibiting the communication and client service skills they will need during the transition period.
Hotels will likely encounter some opposition from employees, which they will have to address by getting legal advice, revising contractual terms and conditions, and revisiting future employment requirements. This could have the broader effect of impacting labor regulations, raising a number of questions, and putting the hotel industry into a state of flux. All of this will take time, during which hotels are at risk for any of the problems identified here.
I'm not suggesting mobile biometrics are the final solution to these issues, by any means. But as one of the most adaptable and developing technologies available right now, I believe the vibrant hotel industry can expect to see real action in this area in 2020. The sooner hotel executives factor these possibilities into their thinking, the more ready their companies will be to hit the ground running.
HotelExecutive retains the copyright to the articles published in the Hotel Business Review. Articles cannot be republished without prior written consent by HotelExecutive.