[youtube=http://www.youtube.com/watch?v=iCmZ9DlrI9o]
Sue Zloth, is a member of the HFTP PCI Compliance Roundtable, provides key tips for securing guests’ credit card data at the 2011 Hospitality Industry Technology Exposition and Conference (HITEC) conference.
Comments Off on Hospitality Industry Guest Credit Card Security: Tips For Securing Hotel Computer Systems Against Credit Card Data Theft (Video)
Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Technology, Theft, Training
“…Authorities said Jones and another man, Randy Ray Flaharty, 31, took boxes of monthly credit card receipts of hotel guests from a storage room…”
“…The receipts, officials say, were used to manufacture counterfeit credit cards in document “boiler rooms†and card “chop shops,†which they then used to buy $300,000 worth of merchandise in Texas, Oklahoma and Louisiana...”
“…The cardholders never realized their credit card accounts had been compromised until months, even years, after they stayed at the hotel. But the damage made it hard for some of them to get loans and left lingering headaches in trying to straighten things out, officials said…”
A San Antonio man was sentenced Friday to more than five years in federal prison for stealing thousands of credit card receipts from the Emily Morgan Hotel. The theft allowed conspirators to buy hundreds of thousands of dollars worth of merchandise in three states, authorities say.
Cody Quincy Jones, 34, pleaded guilty in April to ID theft fraud, access device fraud, and aggravated ID theft. Chief U.S. District Judge Fred Biery gave him 41 months for the ID theft fraud charge and 41 months for the access device count, to run concurrently. The judge imposed 24 months on the aggravated ID theft charge, to run consecutively.
The merchandise, which included trailers, televisions, all-terrain vehicles and tires, then was resold or pawned.
The hotel didn’t learn of the thefts until August 2008, and since then, a Secret Service-led task force has ascertained it was San Antonio’s largest identity theft case, with at least 17,000 receipts stolen.
Comments Off on Hospitality Industry Credit Card Risks: Man Who Stole Texas Hotel Guests' "Credit Card Receipts" And "Manufactured Counterfeit Cards" To Purchase Merchandise Sentenced To Five Years In Prison
Filed under Crime, Guest Issues, Insurance, Management And Ownership, Privacy, Risk Management, Technology, Theft
“…what about when the hotel desk calls your room because of a problem processing your credit card? Would you know better than to give the “receptionist” your number?…”
That’s just one of the 350-plus scams exposed and explained in Scam Detector for iOS, an informative fraud database that can help you avoid getting ripped off.
The app doesn’t “detect” scams so much as educate you about them. The data is divided into five categories: Auto, Face to Face, Internet, Telephone, and Travel. Within Internet you’ll find five sub-categories: Social Networking, Financials, Employment Online, Houses & Properties, and Online Auctions & Tech.
In other words, it covers all the bases–and reveals a lot of scams I guarantee you’ve never heard of. For example, you know the guy standing in line behind you at the register, the one who looks like he’s texting on his phone? He might actually be snapping photos, trying to get a readable shot of your credit card as it passes back and forth between you and the cashier.
Comments Off on Hospitality Industry Information Security Risks: New "Informative Fraud Databases" Explain And Expose The Latest Scams Designed To Steal Credit Card Data
Filed under Crime, Guest Issues, Liability, Risk Management, Technology, Theft
“…A man is accused of staying at a Midtown hotel for a week and not paying his bill….and has been charged with theft of service…”
“…The owner of La Maison told investigators that Aragon gave her a credit card that was declined…”
 According to court documents, Aragon stayed at the La Maison in Midtown bed and breakfast from March 14 through March 21 and did not pay for his hotel room. The owner of La Maison told investigators that Aragon gave her a credit card that was declined. When the owner questioned Aragon, he told her that he was having a house built and that the builder would be taking care of the bill. The owner alleges Aragon left the hotel without paying the $1,675 bill.
Investigators say Aragon told them the builder was supposed to pay the bill and that there was some misunderstanding about the bill. Aragon said he had placed a money order in the mail and that the owner should have received it in the mail. The owner told investigators that she never received payment.
For more:Â http://abclocal.go.com/ktrk/story?section=news/local&id=8111479
Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Theft, Training
Cyber criminals are systematically attacking systems that store credit card data, including Point-of-Sale and Property Management Systems. The criminal organizations are highly structured and integrated with the world’s organized crime rings. 
Detailed forensic analysis by law enforcement agencies and specialized private-sector security practices, as well as by security departments at major hotel groups around the world, leave little doubt that the attacks on hotels are highly targeted and effective.
Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards. Unfortunately this is far from the case. Even such validated systems can be vulnerable if the hotel operates them in an unsecured manner. Leading forensics firms agree that the most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place. Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.
Comments Off on Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls
Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft
 
Three major hotel industry associations, including the American Hotel & Lodging Association (AH&LA), Hotel Technology Next Generation (HTNG), and Hospitality Financial and Technology Professionals (HFTP) today issued the following joint statement to hotels regarding organized cyber crime attacks on credit card data. It identifies actions that hotels — and not their system vendors — need to take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached.
The three actions are:
For more:Â http://www.hospitalitynet.org/news/154000320/4050609.html
Comments Off on Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime
Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Training
“…criminals can steal credit cards, debit cards, passports and other valuable information…This crime is referred to as “electronic pickpocketing”. The technology used to perform this type of theft is called radio frequency identification or “RFID”….
Hundreds of millions of credit cards, debit cards and all passports issued since 2006 are embedded with a radio frequency identification chip—or RFID. RFID chips are also commonly used in hotel keys, cards that raise gates in parking garages and unlock doors at businesses. Government, military and port of entry ID cards are also vulnerable to this type of theft. You need only swipe the card in front of a reader. The RFID chip is always on, making consumers more susceptible to identity theft.Â
Thieves can steal this information by using a frequency reader. These readers are inexpensive and easy to obtain. The thief can simply walk next to you and acquire your credit card number and expiration date without any physical contact. While these cards are in your wallet or purse they can transmit your card or passport number and in some states, your digital drivers’ license information when placed near a reader. The information almost immediately appears on a computer screen without you ever knowing about it. Apparently U.S. passports are more difficult to read than cards with RFID chips because they require a password. However, hackers with enough knowledge can see everything on the passport’s front page.  A thief can be long gone before the consumer ever realizes his information has been stolen. This is “electronic pickpocketing”.
For more: http://www.ktnv.com/story/14225766/consumers-beware-of-electronic-pickpocketing
Comments Off on Hospitality Industry Information Security Risks: "Electronic Pickpocketing" Allows Criminals To Steal Credit And Debit Cards Containing RFID Technology
Filed under Crime, Guest Issues, Insurance, Liability, Maintenance, Management And Ownership, Risk Management, Theft
“…Network Security and Privacy Liability policies are generally designed to address first-party risks and third-party liability–sometimes in the same policies, sometimes separately…”
“…first-party losses. These might include business interruption, which could be caused by a flood or fire in a data center, or malicious hacking by a disgruntled employee or even a cyber-crook half a world away...”
There is also the risk of being sued by third parties for somehow allowing–or failing to prevent–unauthorized access to sensitive information.
When IT goes down, business screeches to a halt. Indeed, for businesses such as online retailers, brokerages and some financial firms, the IT and data assets are the entire business–every bit as critical as the factory and warehouse are to the hard-goods manufacturer, or the vehicle fleet to a trucking company.
As more and more companies–and their insurers–are realizing, this reliance on IT creates a hornet’s nest of risks that can result in crippling losses that conventional, turn-of-the-century P&C insurance coverages won’t respond to. These new issues call for a new category of coverage.
Perhaps even more ominous are the all-new liability exposures inherent in IT operations. A raft of relatively new regulations and legislation makes companies responsible for safeguarding personal and confidential data they collect as part of everyday e-commerce operations.
Companies are liable for customer credit card numbers, financial transactions, medical history, credit information and other sensitive data.
For more:Â http://www.propertycasualty360.com/2010/03/15/cyber-coverage-the-new-must-have-in-the-property#
Comments Off on Hospitality Industry Information Technology (IT) Risks: "Network Security and Privacy Liability" Insurance Is Available To Protect First-Party Risks And Third-Party Liability Involved In Cyber-Crime
Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology
The site contained manuals such as “14 ways of hacking credit cards” and “running cards on eBay” and information on staying anonymous. It sold hacking software and instructions on how to manufacture crystal meth and explosives.
Nicholas Webber, who masterminded the criminal website Ghostmarket.net, has been jailed for five years.
Three teenagers who founded and operated one of the world’s largest English-language internet crime forums, described in court as “Crimebook”, have been sentenced to up to five years in custody. Police estimate that losses from the thousands of credit details traded over the site, Gh0stMarket.net, amount to £16.2m. The web forum, which had 8,000 members worldwide, has been linked to hundreds of thousands of pounds of registered losses on 65,000 bank accounts.
Nicholas Webber, the site’s owner and founder, was arrested in October 2009 with the site’s administrator, Ryan Thomas, after trying to pay a £1,000 hotel bill using stolen card details. They were then 18 and 17. Webber was jailed for five years on Wednesday and Thomas for four years.
After seizing Webber’s laptop, police discovered details of 100,000 stolen credit cards and a trail back to the Gh0stMarket website. Webber and Thomas jumped bail that December, fleeing to Majorca, but were rearrested when they flew back to Gatwick airport on 31 January 2010.
Southwark crown court was told how public-school-educated Webber, the son of a former Guernsey politician, was using an offshore bank account in Costa Rica to process funds from the frauds. After his initial arrest, Webber threatened on a forum to blow up the head of the police e-crimes unit in retaliation, and used his hacking skills to trace officers’ addresses.
For more:Â http://www.guardian.co.uk/uk/2011/mar/02/ghostmarket-web-scam-teenagers
Comments Off on Hospitality Industry Information Security: British Courts Jail Operators Of World's Largest Internet Crime "Forum" Which Provided "Hacking Software" And Credit Card Theft Instructions
Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Technology, Theft
“…tokenization is a data security model that generates surrogate values, called tokens, to replace sensitive data—credit card numbers, for example—in applications and database fields. The sensitive data is simultaneously encrypted and stored in a central data vault, where it can be unlocked only with proper authorization credentials...”
In 2011…expect to see many more mid-sized to large enterprises adopt tokenization more broadly to protect many other types of sensitive information, including electronic health records (EHR).
It does this by removing sensitive data from applications and databases, which has the added benefit of reducing scope for Payment Card Industry Data Security Standards (PCI DSS) compliance audits. Over the past couple of years, the tokenization data security model has taken its rightful place alongside data encryption, and it is well on its way to becoming a commonplace solution for credit card protection.
What’s more, a particular version of tokenization—Format Preserving Tokenization™—is equally adept at protecting personally identifiable information (PII) and electronic health records (EHR) to help organizations comply with data privacy laws like the EU Data Privacy Directive and HIPAA.
For more:Â http://www.thetechherald.com/article.php/201107/6818/RSAC-2011-Data-Security-Wunderkind-Tokenization
Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology
