Category Archives: Theft

Hospitality Industry Theft Risks: Illinois Restaurant Employees Plead Guilty To “Skimming Credit Card Information Of Paying Customers”; Over $200,000 In Fraudulent Purchases Made By Ring Leaders

“…(the ring leader) organized the scheme by paying the defendants, who were employees at the various establishments, to skim credit card information of paying customers using a small credit card reader provided to them by Woods and Washington. The employees swiped identity theftapproximately 175 cards through the readers, enabling Woods to reproduce counterfeit credit cards and allowing Woods, Washington and Alex Houston to rack up thousands of dollars in charges…”

Sentences were handed down against seven defendants who illegally obtained personal banking information from patrons visiting Chicago area restaurants and attractions, including Wrigley Field and the Magnificent Mile’s RL Restaurant, according to Illinois Attorney General Lisa Madigan.

Defendants Joseph Woods, Britain E. Woods, Alex Houston, Jenette Farrar, Essence S. Houston, Kenyetta Davis and William Washington pled guilty and were sentenced for “skimming” personal banking information, which was used to make purchases of more than $200,000. The banking and credit card account information was stolen from customers who patronized Chicago area establishments, including Wrigley Field, RL Restaurant, a Chicago Taco Bell location and a McDonald’s restaurant in Berwyn.

Madigan said financial institutions with accounts that were compromised in the scheme include Chase, U.S. Bank, Citibank, Harris Bank, American Express, Bank of America and Fifth Third Bank. The banks assisted in the investigation and notified victims to secure their personal information.

Madigan said identity theft is a significant threat to Illinois consumers. Last year, more than 2,500 identity theft complaints were filed with her office’s Consumer Fraud Bureau. Consumers reported incidents of fraudulent charges on their existing accounts, thieves opening new accounts in their names (including credit card, utility and cell phone accounts) and instances of bank fraud, such as stolen checks or fraudulent withdrawals made to a victim’s bank account.

For more:  http://www.claimsjournal.com/news/midwest/2013/04/18/227236.htm

Comments Off on Hospitality Industry Theft Risks: Illinois Restaurant Employees Plead Guilty To “Skimming Credit Card Information Of Paying Customers”; Over $200,000 In Fraudulent Purchases Made By Ring Leaders

Filed under Crime, Guest Issues, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Theft Risks: East Coast Hotels Victimized By Man Who “Skipped Out On Hotel Bills” While Posing As Corporate Employee; $60,000 For A Presidential Suite

“…housekeepers found paperwork in the room belonging to (defendant)…a Residence Inn employee told police she received a call from Hotel Theft By DeceptionSerra in which he stated he would pay the bill if the Residence Inn would sign a waiver promising not to charge him with any crime. No agreement was made…Police then were notified the Residence Inn received an email from someone claiming to be a Raytheon employee, stating Serra would be staying there for 15 nights. The email address was identical to the one used in Serra’s February stay, police said…”

A Lowell man is accused of skipping out on bills in upscale hotels in seven states, running up charges while posing as an employee of major corporations.

In one case, prosecutors allege that in March, Michael Serra ran up a $60,000 bill for a stay in the presidential suite at the Ritz-Carlton in Boston under the name Dennis Colling. Serra allegedly said he worked for Citigroup, but does not.

When confronted by Tewksbury police and a U.S. Secret Service agent, Serra allegedly confessed to committing crimes up and down the East Coast for two to three years. The Residence Inn at 1775 Andover St., Tewksbury, reported that a person named Carter Whitmore, who represented himself as a Raytheon employee, skipped out on a $6,349 bill in February. Court documents state that Raytheon refused to pay for the room because it had no employee by that name.

For more:  http://www.lowellsun.com/local/ci_23010643/city-man-held-hotel-fraud

Comments Off on Hospitality Industry Theft Risks: East Coast Hotels Victimized By Man Who “Skipped Out On Hotel Bills” While Posing As Corporate Employee; $60,000 For A Presidential Suite

Filed under Crime, Guest Issues, Liability, Theft, Training

Hospitality Industry Crime Risks: Washington Hotel Manager And Staff Assist In Arrest Of “Identity Theft Ring”; Forged ID Cards, Computers And Printers Discovered In Room

…the hotel manager called the police to report suspicious men who had booked a room. As he was talking to officers, the identity theftsuspects ran out a back door of the hotel and left in a vehicle…the manager called back to report that his staff found “suspicious computer equipment” and documents strewn about a room they had been scheduled to clean. Detectives served a search warrant on the room…three suspects returned to the hotel that night to get the items they left in the room and were arrested…”

Mukilteo police arrested three men on Thursday in connection with an identity-theft ring after hotel cleaning staff found a room full of forged IDs and the equipment to manufacture them. The room at the hotel in the 8500 block of the Mukilteo Speedway was filled with computers, printers, mail and paperwork that didn’t belong to anyone registered for the room, said Cheol Kang, spokesperson for the Mukilteo Police Department.

A search warrant also recovered numerous ID cards with different names but the same photo of one of the men, as well as a printer with pages of blank check paper.

A 32-year-old from Lake Stevens, a 31-year-old from Renton and a 28-year-old from Everett were booked into Snohomish County Jail for investigation of financial fraud and forgery. Kang said the three men were already under investigation by other law-enforcement agencies for identity theft, fraud and other financial crimes.

For more:  http://mukilteobeacon.villagesoup.com/p/identity-theft-ring-busted/983738

Comments Off on Hospitality Industry Crime Risks: Washington Hotel Manager And Staff Assist In Arrest Of “Identity Theft Ring”; Forged ID Cards, Computers And Printers Discovered In Room

Filed under Crime, Guest Issues, Management And Ownership, Risk Management, Theft

Hospitality Industry Data Security Risks: Hotels Are At Significant Risk Of “Large-Scale Hacking” Of Guest Personal Information, Including Information In Reservation Systems

“Data security is becoming an issue of significant importance in the hospitality industry…(because of) an increase in hacks and malware attacks, which frequently target hotel systems because they’re a rich source of cybercrime in hotelspersonal information… hackers aren’t just targeting data on hotel systems but also the information passed along to reservations systems…credit card theft is much easier — and more likely — through large-scale hacking…another reason hotel guests are vulnerable to having their personal information stolen: They’re easily distracted.”

Several days after Traci Fox visited a small independent resort in the Catskill Mountains, she received an unexpected call from a shoe store. Where did she want it to ship the $400 worth of pricey sneakers that she’d ordered?

Fox believes that her hotel may have compromised her credit card information. At least one government agency shares her concerns. Last summer, the Federal Trade Commission sued Wyndham Hotels, alleging that the company had failed to protect its customers’ personal information. As a result, the FTC claims, hundreds of thousands of credit card numbers fell into the wrong hands, leading to millions of dollars in fraud-related losses. Wyndham denies any wrongdoing and is fighting the suit.

The problem may run deeper than the theft of credit card numbers, however.

The personally identifiable information in your guest profile, such as your home address, your license plate number and your date of birth, which is attached to your reservation, can end up in the hands of a third party that offers little or no warranties about how it will protect your data. “These kinds of areas are more worrisome than some huge Visa bill,” says hotel consultant Marion Roger. “Once your identity has been cloned, you can easily spend years and hundreds of thousands in legal and other fees.”

For more:  http://www.washingtonpost.com/lifestyle/travel/the-navigator-when-you-check-in-your-private-information-may-be-checked-out/2013/03/28/07cb90ca-9599-11e2-bc8a-934ce979aa74_story.html

Comments Off on Hospitality Industry Data Security Risks: Hotels Are At Significant Risk Of “Large-Scale Hacking” Of Guest Personal Information, Including Information In Reservation Systems

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Crime Risks: Arizona Hotel Guest Reports $2,000 Stolen After Front Desk Accidently Gives Out Victim’s Room Key

“…The hotel front desk worker told police he accidentally gave the suspect the victim’s room key after forgetting the room was already Hotel Theft Surveillanceassigned…a short time later, the suspect and an unidentified man checked out, saying the room was dirty, according to the police report. By the time the victim came back to her room, her purse and clothes bag were gone…”

A 24-year-old Arizona woman had an interesting response when given the wrong room key at an Oak Creek hotel last week: Steal the clothes and purse of the person staying there. According to a police report, the woman took advantage of a mix-up at the Days Inn front counter and got off with more than $2,000 worth of valuables and clothes belonging to a woman staying at the hotel with co-workers.

The purse contained a phone, credit cards, social security card, $30 in cash, a diamond ring valued at $1,500 and a check made out to her for $1,500. The check and credit cards were canceled.

Clothes, an iPad, sunglasses, an umbrella and more jewelry were also stolen, according to the report.

The front desk worker told the victim that Days Inn is responsible for paying to replace the items stolen, according to police.

For more:  http://oakcreek.patch.com/articles/room-key-mix-up-leads-to-theft-of-purse-clothes

Comments Off on Hospitality Industry Crime Risks: Arizona Hotel Guest Reports $2,000 Stolen After Front Desk Accidently Gives Out Victim’s Room Key

Filed under Crime, Guest Issues, Labor Issues, Risk Management, Theft

Hospitality Industry Theft Risks: South Dakota Restaurant Account Manager Charged With Stealing More Than $100,000; Deposited Checks Into Personal Account Over 7 Month Period

“…(the defendant) is accused of depositing money into her own bank account on 12 occasions, mostly through checks, with the thefts targeting Minervas of Bismarck, N.D. and the Phillips Avenue Diner in Sioux Falls totaling $97,477…(she) also reportedly deposited hospitality industry employee theftmoney electronically three other times, for a total loss to the business of $101,600. All the thefts took place between February and September last year…”

A former account manager for Minervas and the Phillips Avenue Diner has been charged with stealing more than $100,000 from the company last year. Bobbie Sue Davis, 28, worked for WR Restaurants Management when the thefts began, according to court paperwork. The company manages restaurants across North and South Dakota.

During an interview with an SFPD detective on Nov. 19, Davis allegedly admitted to stealing the money, saying she’d been having “personal financial issues” that year.

Davis was arrested on a charge of aggravated grand theft by embezzlement of $100,000 or more on Feb. 5 and released on bond. A grand jury indicted Davis this week. If convicted, she could spend up to 15 years in prison.

For more:  http://www.argusleader.com/article/20130322/UPDATES/130322021/Woman-accused-embezzling-more-than-100K-from-area-restaurant-chain

Comments Off on Hospitality Industry Theft Risks: South Dakota Restaurant Account Manager Charged With Stealing More Than $100,000; Deposited Checks Into Personal Account Over 7 Month Period

Filed under Crime, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Theft Risks: Maine Restaurant Owner Convicted Of Stealing Over $67,000 From Customers By “Double Billing Credit Cards”

“…(the defendant) stole money from her customers by double billing their credit cards, the prosecutor said…(she) took credit card slips from sales at her restaurant during the summer of 2010 and later that year, and ran them through for payment a second time after the employee theftrestaurant had closed…may have stolen as much as $80,000 through the fraudulent credit card charges.”

A former local restaurant owner who stole more than $67,000 from banks and customers through check and credit card fraud, but who has since paid it back, has been ordered to spend 60 days in jail for her crimes. Having pleaded no contest last fall to two felony theft charges, Jennifer Lozano, 43, on Thursday received an overall sentence of five years with all but 60 days suspended and will have to serve two years of probation upon her release.

As part of a plea deal, prosecutors had agreed to cap the unsuspended part of the sentence at nine months if Lozano paid $67,399 in restitution to people and financial institutions she stole money from. She did so, paying off the final $18,000 she owed in restitution just as the sentencing hearing was about to begin Thursday afternoon in Hancock County Superior Court.

Kellett said an investigation revealed that Lozano conducted 1,488 fraudulent duplicate credit card transactions in the fall of 2010. She repaid many customers who complained, and many were repaid by their credit card companies, but she did not repay everyone who lost money through the scheme before police learned about it. As part of the restitution order, Lozano had to repay $15,300 to a credit card company that had lost money through the fraud and to customers whom she had not already repaid.

But Kellett said that restitution amount does not reflect the full scope of the illegal credit card transactions that Lozano made. Investigators believe that not all the double-billed customers complained, and so were not repaid either by Lozano or by their credit card firms.

For more: http://bangordailynews.com/2013/03/21/news/hancock/former-mdi-restaurant-owner-gets-60-days-for-67000-theft/?ref=polbeat

Comments Off on Hospitality Industry Theft Risks: Maine Restaurant Owner Convicted Of Stealing Over $67,000 From Customers By “Double Billing Credit Cards”

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

“…Just before the 2012 festive period, a new piece of malware surfaced and was found in hundreds of POS systems in hotels, restaurants, retailers and private parking providers. The malware was discovered by Israel-based security cybercrime in hotelsfirm Seculert: ‘Dexter’ (which comes from the string ‘BKDR_DEXTR.A’) is a data-theft tool used to target and attack POS systems. The program, which is Microsoft Windows-based, uses common techniques to search the memory of running processes to identify credit-card track data, but with the uniqueness of the attacker having full control…”

Connected point-of-sale (POS) systems – that’s the checkout to you and me – are the most recent targets of the cybercriminal, and a specially-crafted malware, dubbed Dexter, is further indication that now all kinds of connected devices may be vulnerable to attack.

Seculert CTO and co-founder Aviv Raff explains that while the company is as yet uncertain as to who is behind Dexter, the author is fluent in English: Dexter mainly targeted English-speaking countries. The malware was located in 40 different countries, but notably 42 per cent of POS systems targeted were in North America and 19 per cent UK-based. “Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” Raff says.

The malware injects itself into the iexplore.exe file in Windows servers, through rewriting in the registry key. It then’ pinches sensitive credit-card data from the server, before transferring it through a remote command and control system. Windows-based POS systems are used increasingly in the industry, and according to Seculert’s findings, 51 per cent of targeted POS systems use the outdated Windows XP. The high percentage indicates Windows-based machines that process unencrypted track data are viable targets.

Microsoft Windows XP may be the ‘preferred’ choice for POS systems, especially among smaller retailers who feel that they cannot afford to upgrade, but with the operating system to be discontinued in 2014, the question is over what support will be offered for remaining XP users and if they will be able to handle the upgrade to Windows 7 or 8.

“Dexter only has three purposes in life,” says Trustwave’s security researcher Josh Grunzweig. “To always be running on the victims’ machine, to find any card, or track, data in any running program on the victim, and to communicate with the attacker who is controlling it.”

The latter is what makes the malware stand out and impresses Grunzweig. “I can’t remember the last time I saw a piece of malware that targeted POS systems that had a nice command and control structure to it,” adds Grunzweig.

He explains the hacker maintains control of the attack by using normal communication methods, but with the skill to hide what it was sending by encoding the data. This involved sending out a message to the attacker, by default, every five minutes and also checks the victim to see if there is any track data running every 60 seconds.

The magnetic strip on a credit card contains three tracks and the malware attempts to extract data from memory relating to tracks one and two, containing numeric or alphanumeric data that can be used to clone the card that was used in a transaction. If Dexter finds any of this track data, it alerts the attacker in the next message sent and the process is repeated. The attacker has the control to change the times and install additional malware or even remove Dexter altogether.

“The most unusual thing about Dexter is the small amount of public attention it has received,” says Trustwave’s Josh Grunzweig. “The issues that make POS-specific malware difficult to discuss in the industry also affects the ability of antivirus companies; without samples they are unable to provide detailed protections for specific threats.”

For more:  http://eandt.theiet.org/magazine/2013/03/turn-on-log-in-checkout.cfm

Comments Off on Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

Filed under Claims, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Payment Risks: Hotel Tech Trade Association Releases “Secure Payments Framework For Hospitality”; Best Practices Advocates “Tokenization” And “Removal Of All Guest Credit Card Data From Systems”

Hospitality Industry Secure Payment Framework-page-001

Click on “Hospitality” to view online

Hospitality Industry Secure Payment Framework Executive Summary-page-001

For more:  http://www.scmagazine.com/hotel-tech-trade-association-offers-best-practices-for-reducing-payment-card-risk/article/283129/

Comments Off on Hospitality Industry Payment Risks: Hotel Tech Trade Association Releases “Secure Payments Framework For Hospitality”; Best Practices Advocates “Tokenization” And “Removal Of All Guest Credit Card Data From Systems”

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

“…(the motel clerk) used his position to remove credit card information from 23 customers from the motel database and used 12 of the card numbers in a fraud scheme to steal cash from the business…the owner Hotel Credit Card Fraudadmitted that he did not do a background check prior to hiring this person…the background check was too expensive…”

Mobile police have arrested a man for credit card fraud and trafficking in stolen identities after they say he took credit card information from 23 motel customers. Police said Bryant Onell Niles, 28, worked as a desk clerk at the Baymont Inn Suites in Mobile, where the alleged crimes took place.

Police said he was found in possession of the 11 unused credit card numbers with names and expiration dates belonging to former customers of the motel. Mobile police said last year, Niles was working as a desk clerk at an unnamed hotel when he stole credit card information from a person who had stayed at the hotel.

Police said he used the guest’s information to book hotels for himself and his friends. That’s how authorities say they caught him.

For more:  http://www.fox10tv.com/dpp/news/local_news/mobile_county/mpd-hotel-clerk-stole-23-credit-card-numbers

Comments Off on Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Theft