Category Archives: Guest Issues

by | March 17, 2013 · 7:04 am

Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

“…Just before the 2012 festive period, a new piece of malware surfaced and was found in hundreds of POS systems in hotels, restaurants, retailers and private parking providers. The malware was discovered by Israel-based security cybercrime in hotelsfirm Seculert: ‘Dexter’ (which comes from the string ‘BKDR_DEXTR.A’) is a data-theft tool used to target and attack POS systems. The program, which is Microsoft Windows-based, uses common techniques to search the memory of running processes to identify credit-card track data, but with the uniqueness of the attacker having full control…”

Connected point-of-sale (POS) systems – that’s the checkout to you and me – are the most recent targets of the cybercriminal, and a specially-crafted malware, dubbed Dexter, is further indication that now all kinds of connected devices may be vulnerable to attack.

Seculert CTO and co-founder Aviv Raff explains that while the company is as yet uncertain as to who is behind Dexter, the author is fluent in English: Dexter mainly targeted English-speaking countries. The malware was located in 40 different countries, but notably 42 per cent of POS systems targeted were in North America and 19 per cent UK-based. “Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” Raff says.

The malware injects itself into the iexplore.exe file in Windows servers, through rewriting in the registry key. It then’ pinches sensitive credit-card data from the server, before transferring it through a remote command and control system. Windows-based POS systems are used increasingly in the industry, and according to Seculert’s findings, 51 per cent of targeted POS systems use the outdated Windows XP. The high percentage indicates Windows-based machines that process unencrypted track data are viable targets.

Microsoft Windows XP may be the ‘preferred’ choice for POS systems, especially among smaller retailers who feel that they cannot afford to upgrade, but with the operating system to be discontinued in 2014, the question is over what support will be offered for remaining XP users and if they will be able to handle the upgrade to Windows 7 or 8.

“Dexter only has three purposes in life,” says Trustwave’s security researcher Josh Grunzweig. “To always be running on the victims’ machine, to find any card, or track, data in any running program on the victim, and to communicate with the attacker who is controlling it.”

The latter is what makes the malware stand out and impresses Grunzweig. “I can’t remember the last time I saw a piece of malware that targeted POS systems that had a nice command and control structure to it,” adds Grunzweig.

He explains the hacker maintains control of the attack by using normal communication methods, but with the skill to hide what it was sending by encoding the data. This involved sending out a message to the attacker, by default, every five minutes and also checks the victim to see if there is any track data running every 60 seconds.

The magnetic strip on a credit card contains three tracks and the malware attempts to extract data from memory relating to tracks one and two, containing numeric or alphanumeric data that can be used to clone the card that was used in a transaction. If Dexter finds any of this track data, it alerts the attacker in the next message sent and the process is repeated. The attacker has the control to change the times and install additional malware or even remove Dexter altogether.

“The most unusual thing about Dexter is the small amount of public attention it has received,” says Trustwave’s Josh Grunzweig. “The issues that make POS-specific malware difficult to discuss in the industry also affects the ability of antivirus companies; without samples they are unable to provide detailed protections for specific threats.”

For more:  http://eandt.theiet.org/magazine/2013/03/turn-on-log-in-checkout.cfm

Comments Off on Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

Filed under Claims, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , , , , , ,

by | March 15, 2013 · 6:41 am

Hospitality Industry Legal Risks: California Restaurant Sued By Woman “Sexually Assaulted” By Employee Near Restroom; Failed To Perform Background And Reference Check

“…the lawsuit filed in San Mateo Superior Court alleges that Straits owners failed to provide a background or Hospitality Industry Criminal Background Checks (2)reference check for Guicoy that could have shed light on his “mental instability and propensity toward sexual assault…”

A Foster City woman is suing a restaurant where a dishwasher attempted to rape her as she waited to use the restroom on New Years Eve 2011. Now Mary Hagan, 35, has filed a $1 million lawsuit against Straits in Burlingame, claiming it could have performed a background or reference check on Jose Mauricio Guicoy before hiring him.

Guicoy allegedly grabbed Hagan and began pulling her into a closet with his pants unzipped, reported the San Mateo County Times. She was able to fight him off.

Guicoy pleaded no contest to sexual battery, and was sentenced a month later to two years in prison.

For more:  http://sanmateo.patch.com/articles/foster-city-woman-sexually-assaulted-by-dishwasher-files-lawsuit-against-restaurant

Comments Off on Hospitality Industry Legal Risks: California Restaurant Sued By Woman “Sexually Assaulted” By Employee Near Restroom; Failed To Perform Background And Reference Check

Filed under Crime, Guest Issues, Labor Issues, Liability, Management And Ownership, Risk Management, Training

Tagged as , , , , ,

by | March 11, 2013 · 8:08 am

Hospitality Industry Health Risks: Washington Restaurant Closed For Multiple Health Code Violations That Led To Food Poisoning Outbreak

“…(violations included)…foods not protected from cross contamination, poor personal hygiene practices and Restaurant Health Code Violationsinsufficient handwashing; equipment not properly sanitized, handwashing facilities not working and an imminent health hazard: establishment linked to a foodborne illness outbreak…”

The Ambassel Bar and Restaurant on Jefferson Street in Seattle, Washington has been closed by health authorities after they discovered several health violations and associated it with a food poisoning outbreak. Public information officer for the Seattle and King County Health Department Katie Ross told Food Poisoning Bulletin that they are aware of two cases of E. coli associated with this restaurant in mid-February. She said that both cases were adults. One person was “briefly hospitalized” and both have recovered.

Seattle and King County health authorities closed the restaurant, which serves Ethiopian food, after a number of food safety violations were discovered and patrons who ate at the restaurant became ill.  Five violations were listed on the notification of closure.

Restaurant employees are a contributing factor in more than 65 percent of all foodborne illness outbreaks in the U.S.,  according to the U.S. Food and Drug Administration (FDA).  Bacteria that causes disease can be transmitted directly from an infected food employee through food. That’s why restaurant employee health and personal hygiene are so important.

For more:  http://foodpoisoningbulletin.com/2013/food-poisoning-outbreak-closes-ambassel-restaurant-in-seattle/

Comments Off on Hospitality Industry Health Risks: Washington Restaurant Closed For Multiple Health Code Violations That Led To Food Poisoning Outbreak

Filed under Food Illnesses, Guest Issues, Health, Insurance, Labor Issues, Liability, Management And Ownership, Training

Tagged as , , , , ,

by | March 7, 2013 · 7:18 am

Hospitality Industry Payment Risks: Hotel Tech Trade Association Releases “Secure Payments Framework For Hospitality”; Best Practices Advocates “Tokenization” And “Removal Of All Guest Credit Card Data From Systems”

Hospitality Industry Secure Payment Framework-page-001

Click on “Hospitality” to view online

Hospitality Industry Secure Payment Framework Executive Summary-page-001

For more:  http://www.scmagazine.com/hotel-tech-trade-association-offers-best-practices-for-reducing-payment-card-risk/article/283129/

Comments Off on Hospitality Industry Payment Risks: Hotel Tech Trade Association Releases “Secure Payments Framework For Hospitality”; Best Practices Advocates “Tokenization” And “Removal Of All Guest Credit Card Data From Systems”

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Tagged as , , , , , , ,

by | March 5, 2013 · 8:21 am

Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

“…(the motel clerk) used his position to remove credit card information from 23 customers from the motel database and used 12 of the card numbers in a fraud scheme to steal cash from the business…the owner Hotel Credit Card Fraudadmitted that he did not do a background check prior to hiring this person…the background check was too expensive…”

Mobile police have arrested a man for credit card fraud and trafficking in stolen identities after they say he took credit card information from 23 motel customers. Police said Bryant Onell Niles, 28, worked as a desk clerk at the Baymont Inn Suites in Mobile, where the alleged crimes took place.

Police said he was found in possession of the 11 unused credit card numbers with names and expiration dates belonging to former customers of the motel. Mobile police said last year, Niles was working as a desk clerk at an unnamed hotel when he stole credit card information from a person who had stayed at the hotel.

Police said he used the guest’s information to book hotels for himself and his friends. That’s how authorities say they caught him.

For more:  http://www.fox10tv.com/dpp/news/local_news/mobile_county/mpd-hotel-clerk-stole-23-credit-card-numbers

Comments Off on Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Theft

Tagged as , , , , , ,

by | March 4, 2013 · 7:17 am

Hospitality Industry Insurance Risks: “Slip And Fall Accidents” And “Cooking Fires” Represent Top Operational Risks For Restaurant Owners

“…more than 3 million foodservice employees are injured each year from slip-and-fall accidents. With an average cost of almost $21,000 per claim, this is a substantial risk when you consider the number of guests slip_and_fall accidentwho also fall each year in a foodservice establishment…”

Cintas Corporation, a nationwide leader in restaurant facility solutions, identified the top 13 hidden risks to restaurant operations in 2013. By identifying potential risks before they become a problem, restaurant owners and managers can reduce their exposure and maximize their bottom line by ensuring the proper programs are in place.

  • Slip and falls: According to the National Floor Safety Institute (NFSI), more than 3 million foodservice employees are injured each year from slip-and-fall accidents. With an average cost of almost $21,000 per claim, this is a substantial risk when you consider the number of guests who also fall each year in a foodservice establishment. Protect floors, workers, and patrons with a comprehensive safe-floor program that includes deep cleaning, protection, and ongoing maintenance.
  • Cooking fires: By knowing that the majority of restaurant fires occur around 10 a.m., restaurant operators can develop a fire protection system that prevents or limits the spread of cooking fires. Ensure that hood suppression systems are regularly inspected by a licensed fire protection provider so they are always in working order and ready to extinguish a fire. Also, have your kitchen hood and exhaust ducts cleaned of excess grease and fuel at regular intervals.

For more:  http://www.qsrmagazine.com/news/cintas-reveals-top-13-hidden-restaurant-risks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+QSRmagazine+%28QSR+magazine%29

Comments Off on Hospitality Industry Insurance Risks: “Slip And Fall Accidents” And “Cooking Fires” Represent Top Operational Risks For Restaurant Owners

Filed under Guest Issues, Injuries, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Training

Tagged as , , , , ,

by | March 3, 2013 · 7:40 am

Hospitality Industry Payment Risks: Restaurants Can Utilize New “Smartphone Apps” To Reduce Credit Card Fraud, Increase Guest Satisfaction

“Tabbedout” is a new free app for smartphones. The credit card number is encrypted in the phone and tied to a tab…(the guest) can walk in, open (their) tab and show the phone to TabbedOut Merchant Payment Smartphone Applicationthe bartender (or waiter) and literally start ordering food and beer right away…when they feel like leaving the venue, press one button on (the) smartphone and leave…”

Crooks are constantly stealing credit card numbers. Often times it’s skimmers attached to credit card machines or some other crafty way to lift information. Now a new app may help reduce the chances of that and simplify the dining out experience.

Denver is a test market for a new service that makes paying a tab in a restaurant or a bar as simple as just one quick click. It’s a legal way of “dining and dashing.”

Who hasn’t been frustrated while waiting to pay a tab? And how safe is sending a credit card off with a waitperson? Now there are options. “Credit card fraud is the handing the cards back and forth. Someone will snap a picture of it and then steal your identity or take your credit card,” bartender Josh Finocchiaro said. “With this, it’s set up through your phone, so the card isn’t passed back and forth.”

Restaurants like the Ice House in LoDo like it because it means the wait staff can focus on serving good food and drinks without worrying about serving up a check at the end of a meal. Diners gain more control over their experience and there’s no waiting around to pay.

Tabbedout is now in 25 restaurants around Denver and some in the mountains as well.

For more:  http://denver.cbslocal.com/2013/03/02/tabbedout-app-helps-pay-restaurant-bill-avoid-credit-theft/

Comments Off on Hospitality Industry Payment Risks: Restaurants Can Utilize New “Smartphone Apps” To Reduce Credit Card Fraud, Increase Guest Satisfaction

Filed under Crime, Guest Issues, Labor Issues, Management And Ownership, Risk Management, Technology

Tagged as , , , , , ,

by | February 26, 2013 · 7:14 am

Hospitality Industry Health Risks: Florida Hotel Guests Hospitalized With “Flu-Like Symptoms” Were Exposed To High-Levels Of Carbon Monoxide; Broken Exhaust Fans In Boiler Room Caused Gas To Build Up For Days

 “…broken exhaust fans in the building’s boiler room allowed the room to fill with carbon monoxide…a guest staying (next to boiler room) was hospitalized for similar (flu-like) symptoms…but no one made the connection hotel Carbon Monoxide Poisoningto carbon monoxide exposure, and the guest was not tested…firefighters suspect the carbon monoxide level was high since Friday or earlier…”

Guests at a south Fort Myers hotel may have been exposed to dangerous levels of carbon monoxide at least three days before the building was evacuated Monday. Firefighters responded to Crestwood Suites Extended Lodging off U.S. 41 around 12:45 p.m. Monday and discovered high levels of the deadly gas.

Guests were allowed back inside after firefighters shut off the gas and ventilated the building, but two people were hospitalized for exposure. The two hospitalized guests, who were staying near the boiler room, are in good condition and were hospitalized for observation as a precaution, Knudsen said.

Knudsen said firefighters checked carbon monoxide levels after the two guests called Lee County EMS complaining of flu-like symptoms. Responding firefighters noticed the guests’ proximity to the boiler room and suspected their symptoms were caused by an environmental factor.

Firefighters measured the carbon monoxide level in the boiler room at 2,000 parts per million, and in the lobby at 300 parts per million. Exposure to anything above 600 parts per million carries a high risk of death, according to the Agency for Toxic Substances & Disease Registry website. Patients can experience symptoms including drowsiness, weakness, nausea, headaches and coma at levels of 160 to 1,000.

For more:  http://www.news-press.com/article/20130226/NEWS0117/302260021/Cause-guests-flu-south-Fort-Myers-hotel-Carbon-monoxide

Comments Off on Hospitality Industry Health Risks: Florida Hotel Guests Hospitalized With “Flu-Like Symptoms” Were Exposed To High-Levels Of Carbon Monoxide; Broken Exhaust Fans In Boiler Room Caused Gas To Build Up For Days

Filed under Guest Issues, Health, Liability, Maintenance, Risk Management, Training

Tagged as , , , , , ,

by | February 25, 2013 · 6:48 am

Hospitality Industry Legal Risks: Texas Club Owner Ordered To Pay $10.5 Million To Family Of Woman Killed By “Monster Truck” In Parking Lot; “Dram Shop” Laws Hold Company Liable For Over-Serving Alcohol To Driver

“…(the plaintiff) sued Crutchfield and High Expectations Hospitality, the corporate name for Spearmint Rhino, pointing to state “dram shop” laws that allow a business to be held liable if it serves alcohol to someone who Alcohol Drink Responsiblywas clearly intoxicated and ended up causing harm to others…”

The parents of a 23-year-old woman killed by a monster truck outside a gentlemen’s club have won a $10.5 million civil verdict against the driver and the club for serving him alcohol. Kasey McKenzie died after she was run over in March 2011 by a pickup truck elevated on monster tires in the parking lot of the Spearmint Rhino club in Dallas. The driver of the truck, Eric Crutchfield, was drunk and has since pleaded guilty to manslaughter.

A Dallas civil jury on Tuesday awarded $4 million to the parents for mental anguish and $3.5 million for loss of companionship, along with about $3 million in other damages and expenses.

Michael Schmidt, an attorney for McKenzie’s parents, said the club served Crutchfield 10 or more drinks and shots on the night of McKenzie’s death. “This case basically is addressing a problem that we have, certainly in Dallas, of irresponsible establishments over-serving patrons and violating the law,” Schmidt said.

Schmidt said McKenzie was hit by Crutchfield’s truck while walking in the parking lot after 2 a.m. on March 17, 2011.

According to a police report, Crutchfield “had no idea he had run over” McKenzie. A blood test after the incident showed his blood-alcohol level was 0.18 percent, more than twice the legal limit.

For more:  http://www.azcentral.com/news/nationworld/free/20130220texas-monster-truck-death-lawsuit-verdict.html

Comments Off on Hospitality Industry Legal Risks: Texas Club Owner Ordered To Pay $10.5 Million To Family Of Woman Killed By “Monster Truck” In Parking Lot; “Dram Shop” Laws Hold Company Liable For Over-Serving Alcohol To Driver

Filed under Crime, Guest Issues, Injuries, Insurance, Liability, Management And Ownership, Risk Management, Training

Tagged as , , , , , ,

by | February 21, 2013 · 6:31 am

Hospitality Industry Legal Risks: Colorado Hotel And Restaurant Sued By Woman Who “Drank Bleach In A Water Glass”; Lawsuit Seeks $100,000 For “Negligence And Breach Of Implied Warranties Of Merchantability And Wholesomeness Of Food”

“…(plaintiff) suffered serious and continual medical problems, including the inability to eat effectively, persistent acid reflux syndrome, digestive problems and other symptoms…(her) relationship with her husband Hospitality Industry Injury Lawsuitsand her ability to care for her children have been affected…among the claims in the lawsuit are negligence, breach of implied warranties of “merchantability and wholesomeness of food,” loss of consortium and a violation of Colorado’s premises liability statute…”

A Basalt woman is suing the owner and operator of the Viceroy Snowmass, alleging that she was served and drank out of a glass that had bleach in it at the hotel’s Eight K restaurant. The incident happened during brunch in February 2011, according to the lawsuit by Janine and John Reichert. The suit, filed Tuesday in Pitkin County District Court, seeks more than $100,000. It lists Base Village Owner, the hotel’s owner, and Viceroy operator KHM Snowmass as the defendants.

After being seated, a waiter poured water for the Reicherts’ party from a pitcher, wrote their attorney, Alan Feldman of Aspen, in the lawsuit. “Immediately after Janine drank from the glass, she jumped up out of her seat, stating that she had drank chemicals and needed to get to the bathroom as she was going to throw up,” the lawsuit says. “Janine’s throat began to burn and swell up. … [She] raced to the restroom, where she became violently ill.”

John Reichert dipped his finger in her glass and allegedly tasted a bleach solution. The wait staff then cleared all of the glasses from the table and disposed of their contents, Feldman wrote. One Eight K employee allegedly told John Reichert that “it is typical for the water pitchers to be soaked in a solution of bleach for sterilization and that the waiter could have picked up a water jug soaking in this bleach solution, believing it to be drinking water,” Feldman wrote.

However, as Janine Reichert was talking to a poison-control operator, a manager allegedly told her that she had ingested merely the residue from the bleach left on the jug.

For more:  http://www.aspendailynews.com/section/home/156795

Comments Off on Hospitality Industry Legal Risks: Colorado Hotel And Restaurant Sued By Woman Who “Drank Bleach In A Water Glass”; Lawsuit Seeks $100,000 For “Negligence And Breach Of Implied Warranties Of Merchantability And Wholesomeness Of Food”

Filed under Claims, Food Illnesses, Guest Issues, Injuries, Insurance, Liability, Maintenance, Training

Tagged as , , , , , , , ,