Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Crime Security IT

Hotels Lead the Industry In Credit Card Theft 135

Posted by kdawson from the shred-everything dept.
katarn writes "A study released this year found that, of the credit card hacking cases last year, 38 percent involved the hotel industry. At hotels with inadequate data security, the greatest amount of credit card information can be obtained using the simplest methods. It doesn't require brilliance on the part of the hacker. Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to store or transmit this kind of data properly, and that starts with the point-of-sale credit card swiping systems."
This discussion has been archived. No new comments can be posted.

Hotels Lead the Industry In Credit Card Theft More

Hotels Lead the Industry In Credit Card Theft

Comments Filter:

  • they can also clone your card to a room key as wel (Score:3, Interesting)

    by Joe The Dragon ( 967727 ) on Friday July 09, 2010 @09:35AM (#32849932)

    they can also clone your card to a room key as well if they want to I don't think they do that by default any more.

  • Re:Why do merchants need to retain CC info? (Score:1, Interesting)

    by Anonymous Coward on Friday July 09, 2010 @09:47AM (#32850066)

    I think with hotels the issue is less of a refund than it is an extra charge. Let's say someone checks out at 10am and leaves town. The cleaning staff get to the room at 11:30 to find that anything not nailed down was taken (carried out a side door at 2am) and the room completely trashed. Hotels keep those numbers to protect themselves without putting a reserve of $1,000 on your card for a one-night stay in a two-star hotel.

    I can't think of any reason for other merchants to keep your data beyond the point of sale.

  • ...and outright fraud (Score:5, Interesting)

    by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Friday July 09, 2010 @09:47AM (#32850072) Homepage Journal

    I recently stayed at a cheap chain motel while traveling for a softball tournament. They had a sign posted (in the disused lavoratory, etc.) along the lines of:

    Theft is a problem. We have a safe in your room. If you use it and someone steals your stuff, we'll insure you up to $10,000. For your convenience, a $1.50 charge will be added to your bill for the rental of the safe. If you don't want to pay the charge, let us know and we'll remove it.

    (Part in bold is as verbatim as my memory allows.)

    When I checked out the next morning, I asked the clerk to remove the $1.50 fee. She kind of huffed, spent the next 5 minutes messing around with the computer, then gave me a receipt for the correct amount that I expected to pay. Two days later, I noticed that my online statement was off $1.50+tax. Sure enough, they'd charged me anyway. When I called them to say that I wanted it fixed - yes, I am that stubborn and nitpicky - they assured me that this never happens and they were so sorry.

    As cheap as the motel was, that was an extra 3% or so in automatic free revenue. If they're operating at a 10% profit margin, that's about a 66% increase in actual profit. How many times to people look that closely at their credit card bills? I'd be willing to bet that 99 times out of 100, people see that the charge was correct to the nearest $10 and don't check it to the penny, or they figure it's not worthwhile and don't follow up on it.

  • Re:People with too much time on their hands (Score:5, Interesting)

    by NoPantsJim ( 1149003 ) on Friday July 09, 2010 @09:56AM (#32850148) Homepage
    I used to be one of these night shift people. I was definitely underpaid, but I used my spare time on the job with a laptop and a book learning to program.

    Here's the scary thing, plenty of people made it extra, extra easy for an employee to steal. We had this ridiculous backup process that had to be run nightly which would make our computers inoperable for about 90 minutes. If someone with a reservation came to check in I could do so, but any walk-ins would have to wait. Around 2-3 times a month people would come in so exhausted from driving all day that they'd just hand me their credit card and say "I'll pick it up in the morning, just give me a room key". I think that since it was an upscale Marriott people just assumed everything was safe.

  • wonder if it includes the social engineering side (Score:5, Interesting)

    by cybrthng ( 22291 ) on Friday July 09, 2010 @10:07AM (#32850220) Homepage Journal

    Hackers often target hotel pbx systems to call rooms and "confirm" credit cards with people staying there.. Its one of those big issues you never hear about until someone is caught and its easily done since 99% of the hotel rooms don't offer any caller-id functionality. So if you get a call while in a room to confirm your credit card, just ask to go downstairs and confirm at desk.

  • Re:People with too much time on their hands (Score:4, Interesting)

    by guruevi ( 827432 ) on Friday July 09, 2010 @10:12AM (#32850260)

    That's why I always pay by credit card from a reputable bank. You just dispute the payment and they cancel it for you. Some vendors have disputed my disputes after a quick call they have always refunded bad charges. Cash is so outdated and easy to lose.

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Friday July 09, 2010 @10:14AM (#32850278)
    Comment removed based on user account deletion

  • Wardriving (Score:4, Interesting)

    by CODiNE ( 27417 ) on Friday July 09, 2010 @10:22AM (#32850350) Homepage

    I remember years ago I drove around a little with my laptop on the passenger seat recording the SSIDs I'd passed. Always fun to see how people name things. One that stood out was a Pik N Save or something... they strangely had a Wifi setup but the name was.

    PIKSAVPOS

    Yeah, their Point of Sales network was unencrypted and accessible throughout the huge parking lot and onto the main road.

    Nice.

    Perhaps the hotels used the same contractor. Very cheap and fast setup, works great.

  • Re:...and outright fraud (Score:4, Interesting)

    by tkohler ( 806572 ) on Friday July 09, 2010 @12:04PM (#32851510)
    One time I was staying at a not-so-cheap hotel in upstate UK. The hotel offered a choice of breakfasts: Continental or Full, with about a US$10 price difference. Each day I chose a breakfast, changing based on mood and hunger, about splitting the choices evenly through my 5 day stay. (I was attending a conference at the same hotel) The waiter took my selection and room number each day. Upon checkout, I found they had charged me (and everyone else) for the Full breakfast everyday. I asked them why and they said they assumed that everyone would chose the "much better breakfast" and made that section for them "as a convenience". I then asked why the waiter bothered to ask the choice if they were going to only charge one price. The desk clerk had corrected the charge and finished my bill and now was just concerned with getting rid of me so he finally said, "Sometimes, sir, hotels just try to rip you off". I had no response.

  • Re:Wardriving (Score:4, Interesting)

    by kent_eh ( 543303 ) on Friday July 09, 2010 @01:48PM (#32852718)

    Now with smartphones people aren't quite so retarded.

    Ummm... We found one of the office girls plugged in her little Apple Air-Port Express to the LAN under her desk, so she could use the WLAN on her iPhone at her desk.
    When was confronted, she couldn't comprehend why it was a bad thing she was doing.
    Fortunately the policy (which we thoughtfully presented her with a paper copy of) clearly states that allowing strangers onto the company LAN can be a firing offense.
    That she understood (if not why)

Slashdot Top Deals

If a train station is a place where a train stops, what's a workstation?

Close