Data breaches in the hospitality sector are becoming the norm, and outdated security processes in concert with human error are to blame. Millions of consumers have been impacted by hackers targeting the hospitality and other sectors over the past few years, and these problems persist.

This week a reputable hotelier suffered a breach that compromised payment systems at their properties in the U.S. and Caribbean. A malware-based attack nestled its way into the servers used to process credit card payments at 12 of their hotels, proving it crucial for companies to rethink how they safeguard customer data.

The most recent attack is only the latest hotel group to be breached. Recently three other marquee hospitality brands all reported significant credit card data and other breaches. Typically, POS systems were the weak link in the chain and the choice of malware in these situations. The use of so-called solutions like PINs, passwords, hard or soft two-factor tokens, and chip/smart credit cards all fail to resolve the core issue. That is, passwords and their mismanagement are the weak link.

Biometrics, in contrast, have evolved and are now a commercially viable way of verifying internal and external users. Leveraging mobile devices in this war against fraud is possible as evidenced by Fortune 500 firms replacing older security with mobile-device biometrics, which function on mobile and desktop applications and whose use cases run the gamut of login, payments and physical access control such as to hotel rooms.

An area that needs attention is the biometric security sector. Enterprises need to understand that biometrics should never be stored in a centralized repository, and can be secured with decentralized biometric authentication.

If hotels upgraded to biometric authentication, the threat of credit card data access and ransomware lockouts would be mitigated, as such data and access control is tied to a human, not to a computer.

When enterprises implement decentralized biometrics, absent passwords, it reduces the chance for password-human error mistakes or attacks. It also disrupts criminals’ processes by forcing hackers to go from device to device to obtain credentials, which is not a scalable business model.

The word is out that hotel operators are unprepared for attack. Hoteliers are unwittingly placing themselves and guests at risk of reputational and financial trouble through a stubborn reliance on passwords and supporting processes. With 2 billion biometrically enabled mobile devices already supported, it would seem obvious for hotel companies to protect customer data. Or, risk losing it all.