hypuk,

Your first move should be to get the vendors of this system to explain what security measures are in place to prevent the interception of data over what appears to be an insecure local network.

If your guests can just "find and connect to" your network, so can anybody else.

My personal views would be:

1. I would not send my credit card details over a WiFi network in a railway station or public library, so why should I do so at your hotel?

2. When A hotel charges me for services, I expect those to appear on the bill I check before I leave. Just like the telephone calls and pay per view TV.

3. Whilst your security concerns might not be with your guests, they certainly should be with people who are wardriving within range of your network as you know that those people's intentions are not honourable.

It sounds to me as if someone in your organisation with no IT knowledge has "just gone out and bought the system" That is not the way to do things, as security should have been a part of the original Business Requirements Specification.

If the vendors cannot satisfy you, I would recommend getting a professional IT security auditing firm to look at it.

I would really need to know much more about how the system works and what features and options it offers to offer any suggestions as to an alternative implementation strategy. In all honesty, those are questions that should have been asked before you went out and installed anything.