Tag Archives: Credit Cards

Hospitality Industry Theft Risks: Illinois Restaurant Employees Plead Guilty To “Skimming Credit Card Information Of Paying Customers”; Over $200,000 In Fraudulent Purchases Made By Ring Leaders

“…(the ring leader) organized the scheme by paying the defendants, who were employees at the various establishments, to skim credit card information of paying customers using a small credit card reader provided to them by Woods and Washington. The employees swiped identity theftapproximately 175 cards through the readers, enabling Woods to reproduce counterfeit credit cards and allowing Woods, Washington and Alex Houston to rack up thousands of dollars in charges…”

Sentences were handed down against seven defendants who illegally obtained personal banking information from patrons visiting Chicago area restaurants and attractions, including Wrigley Field and the Magnificent Mile’s RL Restaurant, according to Illinois Attorney General Lisa Madigan.

Defendants Joseph Woods, Britain E. Woods, Alex Houston, Jenette Farrar, Essence S. Houston, Kenyetta Davis and William Washington pled guilty and were sentenced for “skimming” personal banking information, which was used to make purchases of more than $200,000. The banking and credit card account information was stolen from customers who patronized Chicago area establishments, including Wrigley Field, RL Restaurant, a Chicago Taco Bell location and a McDonald’s restaurant in Berwyn.

Madigan said financial institutions with accounts that were compromised in the scheme include Chase, U.S. Bank, Citibank, Harris Bank, American Express, Bank of America and Fifth Third Bank. The banks assisted in the investigation and notified victims to secure their personal information.

Madigan said identity theft is a significant threat to Illinois consumers. Last year, more than 2,500 identity theft complaints were filed with her office’s Consumer Fraud Bureau. Consumers reported incidents of fraudulent charges on their existing accounts, thieves opening new accounts in their names (including credit card, utility and cell phone accounts) and instances of bank fraud, such as stolen checks or fraudulent withdrawals made to a victim’s bank account.

For more:  http://www.claimsjournal.com/news/midwest/2013/04/18/227236.htm

Comments Off on Hospitality Industry Theft Risks: Illinois Restaurant Employees Plead Guilty To “Skimming Credit Card Information Of Paying Customers”; Over $200,000 In Fraudulent Purchases Made By Ring Leaders

Filed under Crime, Guest Issues, Labor Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Payment Security: More Restaurants And Hotels Are Using “Mobile Credit Card Readers” To Increase Efficiency; FTC Report Cites Financial Information Security Issues

Mobile Payment Report FTC-page-001

The report encourages industry-wide adoption of strong measures to ensure security throughout the mobile payment process. The report addresses ways sensitive financial information can be kept secure during the mobile payment process, such as through end-to-end encryption. The possibilities for encryption listed in the report cover everything from the authentication of data during the transaction to the secure storage of information on a mobile device. Click on “Mobile” to read report.

“The Smelly Cat Coffee Shop in Charlotte is one of the nation’s top users of the Square card reader. The business uses the device for all of its credit card transactions…(the restaurant) says customers’ card info is safe because the program doesn’t allow cashiers to see customers’ information when they swipe…”

Mobile credit card readers like the Square and Intuit devices are growing in popularity around the country. The devices offer merchants the ability to accept credit card payments anywhere and are often less expensive than traditional card swiping technology.

But the Federal Trade Commission and consumer watchdog groups are urging consumers to be vigilant about protecting their financial information when using the devices. The FTC recently released a report on the growing popularity of mobile payment devices. The report did not name any specific threats that come from using mobile card devices.  The agency is urging consumers, as well as merchants, to make sure that financial data is protected in each transaction.

The Better Business Bureau said consumers should make sure they trust the merchants they allow to swipe their debit and credit cards using the devices. It is buyer beware. According to Janet Hart of the BBB, people should be careful how, when, and where they use their credit card; because, there is the chance data could be misused.

Staff at the shop said they have not had any negative reactions from customers using the device at the store.

“It’s a similar security that you would find on a receipt, on a printed receipt, that a waiter or waitress would be exposed to in a restaurant,” said Burleson. However, advocates said consumers should use the same caution when using the mobile readers that they would use when ordinarily swiping their credit cards.

For more:  http://centralny.ynn.com/content/top_stories/654110/mobile-card-readers-spike-in-popularity–groups-urge-concern-over-possible-id-theft/

Comments Off on Hospitality Industry Payment Security: More Restaurants And Hotels Are Using “Mobile Credit Card Readers” To Increase Efficiency; FTC Report Cites Financial Information Security Issues

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology

Hospitality Industry Data Security Risks: Hotels Are At Significant Risk Of “Large-Scale Hacking” Of Guest Personal Information, Including Information In Reservation Systems

“Data security is becoming an issue of significant importance in the hospitality industry…(because of) an increase in hacks and malware attacks, which frequently target hotel systems because they’re a rich source of cybercrime in hotelspersonal information… hackers aren’t just targeting data on hotel systems but also the information passed along to reservations systems…credit card theft is much easier — and more likely — through large-scale hacking…another reason hotel guests are vulnerable to having their personal information stolen: They’re easily distracted.”

Several days after Traci Fox visited a small independent resort in the Catskill Mountains, she received an unexpected call from a shoe store. Where did she want it to ship the $400 worth of pricey sneakers that she’d ordered?

Fox believes that her hotel may have compromised her credit card information. At least one government agency shares her concerns. Last summer, the Federal Trade Commission sued Wyndham Hotels, alleging that the company had failed to protect its customers’ personal information. As a result, the FTC claims, hundreds of thousands of credit card numbers fell into the wrong hands, leading to millions of dollars in fraud-related losses. Wyndham denies any wrongdoing and is fighting the suit.

The problem may run deeper than the theft of credit card numbers, however.

The personally identifiable information in your guest profile, such as your home address, your license plate number and your date of birth, which is attached to your reservation, can end up in the hands of a third party that offers little or no warranties about how it will protect your data. “These kinds of areas are more worrisome than some huge Visa bill,” says hotel consultant Marion Roger. “Once your identity has been cloned, you can easily spend years and hundreds of thousands in legal and other fees.”

For more:  http://www.washingtonpost.com/lifestyle/travel/the-navigator-when-you-check-in-your-private-information-may-be-checked-out/2013/03/28/07cb90ca-9599-11e2-bc8a-934ce979aa74_story.html

Comments Off on Hospitality Industry Data Security Risks: Hotels Are At Significant Risk Of “Large-Scale Hacking” Of Guest Personal Information, Including Information In Reservation Systems

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Theft Risks: Maine Restaurant Owner Convicted Of Stealing Over $67,000 From Customers By “Double Billing Credit Cards”

“…(the defendant) stole money from her customers by double billing their credit cards, the prosecutor said…(she) took credit card slips from sales at her restaurant during the summer of 2010 and later that year, and ran them through for payment a second time after the employee theftrestaurant had closed…may have stolen as much as $80,000 through the fraudulent credit card charges.”

A former local restaurant owner who stole more than $67,000 from banks and customers through check and credit card fraud, but who has since paid it back, has been ordered to spend 60 days in jail for her crimes. Having pleaded no contest last fall to two felony theft charges, Jennifer Lozano, 43, on Thursday received an overall sentence of five years with all but 60 days suspended and will have to serve two years of probation upon her release.

As part of a plea deal, prosecutors had agreed to cap the unsuspended part of the sentence at nine months if Lozano paid $67,399 in restitution to people and financial institutions she stole money from. She did so, paying off the final $18,000 she owed in restitution just as the sentencing hearing was about to begin Thursday afternoon in Hancock County Superior Court.

Kellett said an investigation revealed that Lozano conducted 1,488 fraudulent duplicate credit card transactions in the fall of 2010. She repaid many customers who complained, and many were repaid by their credit card companies, but she did not repay everyone who lost money through the scheme before police learned about it. As part of the restitution order, Lozano had to repay $15,300 to a credit card company that had lost money through the fraud and to customers whom she had not already repaid.

But Kellett said that restitution amount does not reflect the full scope of the illegal credit card transactions that Lozano made. Investigators believe that not all the double-billed customers complained, and so were not repaid either by Lozano or by their credit card firms.

For more: http://bangordailynews.com/2013/03/21/news/hancock/former-mdi-restaurant-owner-gets-60-days-for-67000-theft/?ref=polbeat

Comments Off on Hospitality Industry Theft Risks: Maine Restaurant Owner Convicted Of Stealing Over $67,000 From Customers By “Double Billing Credit Cards”

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

“…Just before the 2012 festive period, a new piece of malware surfaced and was found in hundreds of POS systems in hotels, restaurants, retailers and private parking providers. The malware was discovered by Israel-based security cybercrime in hotelsfirm Seculert: ‘Dexter’ (which comes from the string ‘BKDR_DEXTR.A’) is a data-theft tool used to target and attack POS systems. The program, which is Microsoft Windows-based, uses common techniques to search the memory of running processes to identify credit-card track data, but with the uniqueness of the attacker having full control…”

Connected point-of-sale (POS) systems – that’s the checkout to you and me – are the most recent targets of the cybercriminal, and a specially-crafted malware, dubbed Dexter, is further indication that now all kinds of connected devices may be vulnerable to attack.

Seculert CTO and co-founder Aviv Raff explains that while the company is as yet uncertain as to who is behind Dexter, the author is fluent in English: Dexter mainly targeted English-speaking countries. The malware was located in 40 different countries, but notably 42 per cent of POS systems targeted were in North America and 19 per cent UK-based. “Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” Raff says.

The malware injects itself into the iexplore.exe file in Windows servers, through rewriting in the registry key. It then’ pinches sensitive credit-card data from the server, before transferring it through a remote command and control system. Windows-based POS systems are used increasingly in the industry, and according to Seculert’s findings, 51 per cent of targeted POS systems use the outdated Windows XP. The high percentage indicates Windows-based machines that process unencrypted track data are viable targets.

Microsoft Windows XP may be the ‘preferred’ choice for POS systems, especially among smaller retailers who feel that they cannot afford to upgrade, but with the operating system to be discontinued in 2014, the question is over what support will be offered for remaining XP users and if they will be able to handle the upgrade to Windows 7 or 8.

“Dexter only has three purposes in life,” says Trustwave’s security researcher Josh Grunzweig. “To always be running on the victims’ machine, to find any card, or track, data in any running program on the victim, and to communicate with the attacker who is controlling it.”

The latter is what makes the malware stand out and impresses Grunzweig. “I can’t remember the last time I saw a piece of malware that targeted POS systems that had a nice command and control structure to it,” adds Grunzweig.

He explains the hacker maintains control of the attack by using normal communication methods, but with the skill to hide what it was sending by encoding the data. This involved sending out a message to the attacker, by default, every five minutes and also checks the victim to see if there is any track data running every 60 seconds.

The magnetic strip on a credit card contains three tracks and the malware attempts to extract data from memory relating to tracks one and two, containing numeric or alphanumeric data that can be used to clone the card that was used in a transaction. If Dexter finds any of this track data, it alerts the attacker in the next message sent and the process is repeated. The attacker has the control to change the times and install additional malware or even remove Dexter altogether.

“The most unusual thing about Dexter is the small amount of public attention it has received,” says Trustwave’s Josh Grunzweig. “The issues that make POS-specific malware difficult to discuss in the industry also affects the ability of antivirus companies; without samples they are unable to provide detailed protections for specific threats.”

For more:  http://eandt.theiet.org/magazine/2013/03/turn-on-log-in-checkout.cfm

Comments Off on Hospitality Industry Cybercrime Risks: Hotel And Restaurant “Connected Point-Of-Sale (POS) Systems” Attacked By New Malware Called “Dexter”; Steals Credit Card Data And Transmits It “Encrypted” Back To Attacker

Filed under Claims, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Payment Risks: Hotel Tech Trade Association Releases “Secure Payments Framework For Hospitality”; Best Practices Advocates “Tokenization” And “Removal Of All Guest Credit Card Data From Systems”

Hospitality Industry Secure Payment Framework-page-001

Click on “Hospitality” to view online

Hospitality Industry Secure Payment Framework Executive Summary-page-001

For more:  http://www.scmagazine.com/hotel-tech-trade-association-offers-best-practices-for-reducing-payment-card-risk/article/283129/

Comments Off on Hospitality Industry Payment Risks: Hotel Tech Trade Association Releases “Secure Payments Framework For Hospitality”; Best Practices Advocates “Tokenization” And “Removal Of All Guest Credit Card Data From Systems”

Filed under Crime, Guest Issues, Insurance, Labor Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

“…(the motel clerk) used his position to remove credit card information from 23 customers from the motel database and used 12 of the card numbers in a fraud scheme to steal cash from the business…the owner Hotel Credit Card Fraudadmitted that he did not do a background check prior to hiring this person…the background check was too expensive…”

Mobile police have arrested a man for credit card fraud and trafficking in stolen identities after they say he took credit card information from 23 motel customers. Police said Bryant Onell Niles, 28, worked as a desk clerk at the Baymont Inn Suites in Mobile, where the alleged crimes took place.

Police said he was found in possession of the 11 unused credit card numbers with names and expiration dates belonging to former customers of the motel. Mobile police said last year, Niles was working as a desk clerk at an unnamed hotel when he stole credit card information from a person who had stayed at the hotel.

Police said he used the guest’s information to book hotels for himself and his friends. That’s how authorities say they caught him.

For more:  http://www.fox10tv.com/dpp/news/local_news/mobile_county/mpd-hotel-clerk-stole-23-credit-card-numbers

Comments Off on Hospitality Industry Theft Risks: Alabama Motel Clerk Arrested For Stealing 23 Guests’ Credit Card Information; No Background Check Because It Was “Too Expensive”

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Theft

Hospitality Industry Payment Risks: Restaurants Can Utilize New “Smartphone Apps” To Reduce Credit Card Fraud, Increase Guest Satisfaction

“Tabbedout” is a new free app for smartphones. The credit card number is encrypted in the phone and tied to a tab…(the guest) can walk in, open (their) tab and show the phone to TabbedOut Merchant Payment Smartphone Applicationthe bartender (or waiter) and literally start ordering food and beer right away…when they feel like leaving the venue, press one button on (the) smartphone and leave…”

Crooks are constantly stealing credit card numbers. Often times it’s skimmers attached to credit card machines or some other crafty way to lift information. Now a new app may help reduce the chances of that and simplify the dining out experience.

Denver is a test market for a new service that makes paying a tab in a restaurant or a bar as simple as just one quick click. It’s a legal way of “dining and dashing.”

Who hasn’t been frustrated while waiting to pay a tab? And how safe is sending a credit card off with a waitperson? Now there are options. “Credit card fraud is the handing the cards back and forth. Someone will snap a picture of it and then steal your identity or take your credit card,” bartender Josh Finocchiaro said. “With this, it’s set up through your phone, so the card isn’t passed back and forth.”

Restaurants like the Ice House in LoDo like it because it means the wait staff can focus on serving good food and drinks without worrying about serving up a check at the end of a meal. Diners gain more control over their experience and there’s no waiting around to pay.

Tabbedout is now in 25 restaurants around Denver and some in the mountains as well.

For more:  http://denver.cbslocal.com/2013/03/02/tabbedout-app-helps-pay-restaurant-bill-avoid-credit-theft/

Comments Off on Hospitality Industry Payment Risks: Restaurants Can Utilize New “Smartphone Apps” To Reduce Credit Card Fraud, Increase Guest Satisfaction

Filed under Crime, Guest Issues, Labor Issues, Management And Ownership, Risk Management, Technology

Hospitality Industry Theft Risks: California Hotel Guest Arrested For Using Stolen Credit Card To Pay For Room; Used Laptop On Open Wi-Fi Network To Steal Account Information

“…(suspect) allegedly rented a room at the Montage by using a stolen credit card. The fraud went undiscovered for two days while Larson accrued a $2,134 tab, but he disappeared from the resort prior to the arrival of cyber securitypolice…he used a laptop to collect credit card information from people making purchases or checking their accounts…”

An admitted identity thief, apparently expert at stealing credit card account information over open wi-fi networks, was arrested last week after skipping out on a $2,134 bill at Montage Laguna Beach, police said. Police tracked Harold Eric Larson, 37, to his hometown of Orange and arrested him on Thursday, Dec. 27, on several theft related charges, Capt. Jason Kravetz said in a statement. He is accused of using stolen credit card numbers to rent hotel rooms to for himself and friends in Laguna Beach, Newport Beach and Costa Mesa, Kravetz said.

Coincidentally, on Dec. 26 police received a complaint about guests using drugs in a room at Laguna Cliffs Inn and arrested Edward Richard York, 40, of Tustin, allegedly for possessing methamphetamine and marijuana, Sgt. Louise Callus said. Officers learned the room was rented with a stolen credit card number provided by Larson, said Kravetz.

Larson was previously arrested by Laguna police last April on 23 felony counts of fraud and theft after he was caught using stolen credit card information to rent hotel rooms.  He pled guilty to the charges and was sentenced to three years probation, one year in jail and restitution.

For more:  http://www.lagunabeachindependent.com/2013/01/02/identity-thief-held-hotel-scam/

Comments Off on Hospitality Industry Theft Risks: California Hotel Guest Arrested For Using Stolen Credit Card To Pay For Room; Used Laptop On Open Wi-Fi Network To Steal Account Information

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Information Security Risks: Hotel's Guest's Credit Cards Are Targets For "Identity Thiefs" From "Mulitple Charges" During Stay

“…hotels have lots of employees — and many of them have access to the credit card and other personal information of guests. No matter how well trained and supervised, more personnel correlates to greater risk. The fact that low-level employees typically have access to key guest information, and that there is, historically, a high turnover in hotel employees, exacerbates the problem…”

Hotels are obvious targets for identity and financial theft for many reasons. Hotels transact business through credit cards, and those credit cards are kept on file and can be accessed multiple times during a guest’s stay. The possibility that a credit card charge will be recorded occurs with each night’s room charge, room service, bar or restaurant bill, spa charge, and so on. Every charge is another opportunity for an identity thief to access the information using sophisticated computer hacks and other malicious software, generally without the hotel’s knowledge.

The need to respond to guest demands is another source of insecurity. The Identity Theft Resource Center noted, “The ability to connect to the Internet is an integral part of many individuals daily life. This has led to the increased demand for public WiFi.” As a result, hotels find themselves compelled to offer wireless internet, and that service is almost always unsecured. But an unsecured wireless network is “just as dangerous as leaving files of your most important personal documents on a street curb for all to see. Hackers can easily get into an unsecured wireless network and get financial information, business records or sensitive e-mails.” (PC World, “Got Wireless Security”, http://www.pcworld.com/article/125040/got_wireless_security.html). At the same time, hotels have little say in the matter. Guests demand wireless internet service.

Some security researchers have described a wave of attacks against the hospitality industry. In 2010, the cybersecurity consultant Trustwave found that in 38% of its investigations, hotels and resorts were the victims of successful cyber intrusions, despite those firms only representing 3% of its customers.  Hotels represent a disproportionate number of security breaches.

For more:  http://hotellaw.jmbm.com/2012/10/liability_for_guest_information_.html

2 Comments

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft