IT and Hospitality: The Case of the Hopeless Hotel Key Card System

Ralph Villanueva CISA CISM CC PCIP CIA

Introduction

In my previous article, I wrote about the mystery of smashed keyboards and broken printer trays, and how an IT professional in the hospitality industry could have resolved it by a wholistic view of the situation. This article is a continuation of my drive to help fellow IT professionals in the hospitality industry, by sharing valuable insights gained from 15 years’ work in both private and publicly listed US hospitality companies.

The Case of the Hopeless Hotel Key Card System

A decade ago, one of the properties I used to work for decided to implement a new hotel key card system. The vendor’s technical representatives, hotel IT techs and front desk managers tested and re-tested the entire system in a segregated and isolated test area within the property. They tested the system from the time the reservation was created in the LMS or lodging management system to the time the test plastic card key’s magnetic stripe was loaded with the details of the test guest’s information, such as room number, and check in and check out dates and times. They also tested the key to see if it works with the POS or point of sale system in a test bar and restaurant environment. Guests normally charge their bar tab and food orders to their guest room for the sake of convenience. At checkout time, a guest room folio is generated, and all charges are charged to the guest’s credit card on file.

Everything went well in the test environment, so top management greenlit the project. All the 50 plus PCs in the front desk counters, front desk managers’ offices and concierge got the software for the new system.

Curiously, some PCs worked well with the new hotel key card system, and some did not. Some front desk stations have long lines of guests waiting for the keys, and some have almost no queue at all. ?There was a lot of head scratching at the property. The general line of thinking was “It worked well in the test environment, why not in the production environment?”

Further inquiry and a rigorous root cause analysis revealed the following:

a.????? The system works perfectly and swiftly only with an upgraded Windows version and PCs with the CPU and RAM size that was specified in the system specifications,

b.???? There was no inventory of which PCs had the upgraded Windows version and the correct hardware specifications,

c.????? The absence of an inventory meant that no one knows which PC is right for the new system and which ones need to be upgraded or replaced, and

d.???? It took a while for the completion of the rollout, because purchasing must go through the process of ordering the right PCs.

Takeaways

This happened a decade ago, yet the lessons remain relevant today. First, the test environment should mimic the real production environment. A perfect test environment will obviously yield a perfect test result, but the proof is in the production environment and the user experience and acceptance testing. Second, an asset inventory may be furthest from everyone’s mind but is very valuable in situations such as this one. An updated inventory of which PCs can work with the new system could have saved a lot of time and spared a lot of guests so much frustration. And lastly, involving purchasing and other relevant stakeholders could have sped up the process. If an inventory was available, purchasing will know how many PCs to order ahead of time, finance will be able to budget financial resources, and IT can schedule enough time to configure these PCs.

Stay tuned for more observations and insights from fifteen years in the hospitality industry in Las Vegas, the entertainment capital of the world. I guarantee that these observations and insights will help you, my fellow professionals in IT audit, security, governance, risk and compliance in the global hospitality industry, solve your problems and add value to your companies.

Ralph Villanueva is a fifteen-year IT security and compliance professional in the Las Vegas hospitality industry with relevant professional certifications and a sterling record of protecting his hospitality stakeholders from IT security and compliance risks, and thus saving them from financial, operational and reputational peril that could have amounted in the millions of dollars. He regularly speaks at IT conferences, writes and reviews articles for professional publications and is an officer of the local chapters of the Institute of Internal Auditors or the IIA, and the Information Systems and Control Association or ISACA. ? Ralph Villanueva 2024. All rights reserved.??