Reflections

Hackers Love To Attack Hotel Databases To Grab Credit Card Info

Posted by on Jul 6, 2010 | 3 Comments

In a recent survey it was found that 38% of credit card hacking cases happened at hotels. In its report, Spider Labs, which is a data-security consulting firm for Trustwave, confirmed this fact. For many of us who thought that most credit card thefts occurred at retail locations, this should be an eye opener. The hotel industry wants to keep the information away from the public, since the current recession has already cut deep into its revenues. The report also stated that because of the decline of revenue, many hotels are unable to upgrade their security which adds to the problem.

In a recent N.Y. Times article it went on to state that:

Why hotels? Well, to paraphrase the bank robber Willie Sutton, hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.

“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

ABC News reported that Destination had been victimized by “an intense database attack that lasted over three months,” and quoted law enforcement authorities saying that losses, which totaled hundreds of thousands of dollars, averaged $2,000 to $3,000 on each of the estimated 700 credit card numbers stolen.

Which brings up two things I do on a regular basis: I check my credit card statements several times a week looking for any suspicious activity; I also have a credit card I use when away from home that has a $1,000 limit. I also use this same card to make purchases on the Internet from various online merchants.

What do you do to protect yourself?

Comments welcome.

Source – N.Y. Times

  • Pingback: The Internet is Over ~ Chris Pirillo

  • http://www.pkgamer.net SpyderBite

    I use Common Sense.

    1. Read the policies of my credit and bank accounts re: my accountability for fraudulent use of my account. Currently, I don’t have a single account that holds me responsible for more than $50 in fraudulent use of my cards.

    2. I don’t use the same password for my email accounts. Once an email account is compromised, an online breach of my account is just a password reset away. The same goes for PIN numbers on credit/debit cards. Use a different PIN for each card. If your wallet/purse is stolen and the PIN is the same on all the cards.. well.. you do the math. Literally.

    3. Keep a credit card with a small limit like $500 for making reservations. Do not use your Debit Card for securing hotels, rental cars etc. Forget about a thieves for a moment.. a double billing to your Debit Card can be a much bigger deal than a refused charge on your Credit Card.

    4. Memorize or write down and store in a secure place, the CSV code on your debit/credit cards then black them out with a black markie pen. Your card is useless for online purchases on most reputable merchants without the CSV number.

    5. At restaurants and bars, make sure your server is swiping your card at a location in sight. 90% of all credit card #’s stolen are a result of “Keychain Swipers”. The server will swipe your card on the restaurant/bar system, then on their swiping device.. take the device home and plug it in to their computer and add it to the list of #’s they’ve collected. Once they have 100-1000 #’s they can sell the list for upwards of $10-$100/cc # for valid cc #’s.

    ;)

    • http://wp3.lockergnome.com/nexus/blade/ Ron Schenone

      SpyderBite,
      Thanks for the info.