Hotels Lead the Industry In Credit Card Theft 135
katarn writes "A study released this year found that, of the credit card hacking cases last year, 38 percent involved the hotel industry. At hotels with inadequate data security, the greatest amount of credit card information can be obtained using the simplest methods. It doesn't require brilliance on the part of the hacker. Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to store or transmit this kind of data properly, and that starts with the point-of-sale credit card swiping systems."
I read the article (Score:5, Informative)
Not surprising... (Score:5, Informative)
I recently had a hotel leave one of those quick check-out forms partially slid under my door. The problem was that it had my credit card information printed on it. It would have been quite easy to walk down the how and grab a dozen names, credit card numbers and expiration dates. On top of that, who knows what happens to the forms once you sign them as I highly doubt they go through a shredder.
Re:People with too much time on their hands (Score:5, Informative)
We have been vacationing on Hilton Head Island for over 20 years. Back in the late 1980s/early 1990s we were ripped off in a hotel employee scam. My mother would always pay in cash. Four crisp 100 dollar bills were laid on the counter and slid across to the staffer behind for our week long stay in paradise (we always found it hilarious that it was 1/6th as expensive as a shitty two bed hotel room on the Jersey shore). This year, however, the clerk requested that we put down a credit card to cover any damages which may occur during our stay. My mother, not one for hucksters, agreed reluctantly only because a young boy of no more than 10 or 11 was whining in the backseat of the minivan about how he had to pee.
After another excellent vacation we arrived home and a letter came in the mail with our receipt of a credit card charge in the amount of $400. My mother knowing this had to be a mistake as she had a similar receipt for $400 in cash called and explained the situation and expected it to be cleared up--after all we always paid with cash and never had problems before. After accusations of lying and trying to scam the resort out of money it was later determined that 7 or 8 other families met similar fates.
One of the employees was pocketing the cash and charging the credit cards. We were later begged to stay, free of charge, the next summer. My parents ignored the request and we spent the next few years in a far less cozy location on the other side of the island.
So yeah, some employees truly do suck--always have and always will.
Re:they can also clone your card to a room key as (Score:5, Informative)
Most room keys do not offer a mag-stripe that is capable of holding all 3 tracks of CC data properly...
Re:they can also clone your card to a room key as (Score:3, Informative)
Most room keys do not offer a mag-stripe that is capable of holding all 3 tracks of CC data properly...
They don't need to create new, valid-looking cards on-site. Besides, all the fun stuff is replicated in tracks 1 and 2.
The room-key card system could provide a means of swiping (hah!) customer credit cards that doesn't require the same level of auditing that the actual payment systems should have. That could give them an easy way to grab the data for later.