Tag Archives: Cybercrime

by | September 20, 2010 · 10:39 am

Hospitality Industry Cybersecurity Risk Management: Hotel And Restaurant Management Must Protect The Privacy Of Company And Employee Emails From Unauthorized Viewing (Audio)

Think no one else is reading your work email? Think again. A new survey by Cyber-Ark Software found more than 40 percent of IT administrators have indulged in a little snooping around inside their own network, using administrative passwords to view sensitive or confidential information. Adam Bosnian is the executive vice president for the Americas and corporate development at Cyber-Ark Software. He says many snoop simply because they have the access. (Click on the microphone above to hear interview with him.)

Comments Off on Hospitality Industry Cybersecurity Risk Management: Hotel And Restaurant Management Must Protect The Privacy Of Company And Employee Emails From Unauthorized Viewing (Audio)

Filed under Labor Issues, Liability, Privacy, Risk Management

Tagged as , , ,

by | September 9, 2010 · 3:46 am

Hospitality Industry Information Security: The Key To Cyber-Security Is Adopting Encryption AND Tokenization, But Payment Processors Must Adopt Standards First

“Encryption is a process that jumbles personal data into unreadable letters and numbers every time a credit card is swiped….

…Any info about that credit card going forward … none of the credit card information is stored, it’s the token that is stored.”

“Encryption fundamentally is a math algorithm, but it’s a very complicated math algorithm,” Roman said during a recent telephone interview. The information can only be deciphered with a key.

“When an encrypted signal is sent to the intended party, the intended party’s encryption has a key to decrypt and read the message and display it on the screen in readable alpha numerics,” Roman said. “It’s built into the receiving end of each encryption software.”

Encryption jumbles information as it’s transmitted from one system to the other, but it doesn’t necessarily account for data that’s being stored. That’s where tokenization comes in, said Chainrai Waney, an IT consultant who’s worked in data center operations for more than 25 years.

When that card is swiped there’s some sort of a front-end application that generates a token (a line of random numbers) that has nothing to do with that credit card number,” he said. “Any info about that credit card going forward … none of the credit card information is stored, it’s the token that is stored.”
 
A token is a globally unique identifier, generated randomly, and it only has meaning to the sender who provides it and to the processing center that’s purchased it, Roman said.

Noble has yet to adopt tokenization, Garrido said. The company is waiting for payment processors to make the next move.

“They’ve talked about being able to take the data out of the property,” he said. In other words, the processing companies would store the data and send a token back to vendors. No definitive solution has yet been approved, however.   ‘

For more:  http://www.hospitalitynet.org/external/4048209.html

Comments Off on Hospitality Industry Information Security: The Key To Cyber-Security Is Adopting Encryption AND Tokenization, But Payment Processors Must Adopt Standards First

Filed under Crime, Insurance, Liability, Risk Management, Theft, Training

Tagged as , , ,

by | August 20, 2010 · 5:40 am

Hospitality Industry Cybercrime Risk Management: “Cloud Computing” Providers Will Carry “Cyber Insurance To Mitigate The Risk Of Data Breaches Or Unexpected Downtime”

The manager of a fine hotel would never allow an electrician or plumber to work without being insured; it’s standard fare on service contracts in the physical world. Not so in cloud computing, where provider coverage in the form of cyber insurance is far from a given. This undoubtedly will change as businesses push providers to share the risks of a data breach or unexpected downtime, experts said.

Such large cloud computing providers as Salesforce.com Inc. do carry cyber insurance to mitigate the risk of data breaches or unexpected downtime, but “smaller providers are not carrying insurance and have no plan to [do so] until the larger customers push back and say, ‘You’re in our risk profile now,'” said Drew Bartkiewicz, vice president of technology and new media markets at The Hartford Financial Services Group, a cyber insurance company based in New York.

For the cloud computing model to work, cloud customers, as well as cloud providers, need to share the risk, according to Drue Reeves, director of research for the Burton Group in Midvale, Utah. If a provider were wholly responsible for the data of hundreds or thousands of tenants, it simply wouldn’t be able to buy enough insurance to cover the liability. To protect themselves in this risky situation, cyber insurers generally cap their policies at $10 million or $15 million, forcing providers and large customers to keep shopping, experts said.

For more:  http://searchcio.techtarget.com/news/2240021040/Cyber-insurance-mitigates-the-risk-of-data-breaches-in-cloud-computing

Comments Off on Hospitality Industry Cybercrime Risk Management: “Cloud Computing” Providers Will Carry “Cyber Insurance To Mitigate The Risk Of Data Breaches Or Unexpected Downtime”

Filed under Crime, Insurance, Liability, Theft, Training

Tagged as , ,

by | August 7, 2010 · 6:55 am

Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

“… remote attackers installed a malicious program into the card processing system of Englewood, Colo.-based hotel chain Destination Hotels & Resorts. Guests at 21 Destination properties may have been subjected to credit card theft…”

“..the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data…”

Cybercriminals last year targeted hotels more than any other industry for credit card theft, according to a recent report by data security company Trustwave. Hotels are being targeted because they have large amounts of credit card data and frequently neglect to implement the most basic security precautions, such as changing default passwords or ensuring programs are up to date, said Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs.

As a result, attackers commonly gain entry into a hotel’s network by exploiting default passwords on point-of-sale (POS) applications, added Dave Ostertag, manager of investigative response at Verizon Business. From there, customized malware is loaded onto the hotel’s transaction server that steals credit card information as a transaction occurs.

In March, the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data.

For more:  http://www.scmagazineus.com/rampant-hotel-data-theft/article/174579/

Comments Off on Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

Filed under Insurance, Liability, Privacy, Risk Management, Theft

Tagged as , , ,

by | July 18, 2010 · 12:13 pm

Hospitality Industry Cybercrime: Hotels And Restaurants Combine For Over 50% Of All Credit Card Data Theft Because Of Their Dependence On Credit Cards And Focus On Servicing Guests

“…According to a recent study, 38% of all credit card breaches occur in hotels…financial services industry accounts for 19% of breaches… Retailers 14%, and restaurants at 13%…”

Hotels are easy targets because they are all credit card-based. It is possible to reserve a room without providing a credit card number, but they don’t make it easy. And hotels themselves certainly aren’t fortresses designed to keep bad guys out. They’re designed to be open and inviting, with, at best, a bellman whose focus is assisting guests rather than guarding the front door. Maybe that mentality exists in hotels’ IT security departments, too.

The root of the issue is the hotel industry’s insufficient security measures to prevent data breaches. Many rely on older point of sale terminals and outdated operating systems, which are more vulnerable to hackers. When the recession hit, many hotels cut back and decided to hold off on upgrades.

While their defenses were down, hackers slithered into their networks to steal guests’ personal financial data. Once thieves have accessed this data, they can clone cards with the stolen numbers and use them to make unauthorized charges.

For more:   http://www.finextra.com/community/fullblog.aspx?id=4286

Comments Off on Hospitality Industry Cybercrime: Hotels And Restaurants Combine For Over 50% Of All Credit Card Data Theft Because Of Their Dependence On Credit Cards And Focus On Servicing Guests

Filed under Crime, Insurance, Liability, Theft

Tagged as , , , ,

by | July 8, 2010 · 11:46 am

Hotel Information Security Risks: Hotel Management Must Invest In Data Security Systems To Prevent Point-Of-Sale Theft Of Credit Card Data

“Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).

Why hotels? Well, to paraphrase the bank robber Willie Sutton, hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.

“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

For more:   http://finance.yahoo.com/news/Credit-Card-Hackers-Visit-nytimes-3300094848.html?x=0

2 Comments

Filed under Crime, Insurance, Risk Management, Theft

Tagged as , ,

by | June 24, 2010 · 11:39 am

Hotel Internet And Cybercrime Risks: Texas Hotel Management Company Is Targeted By Thieves Who Steal Dozens Of Customer Credit Card Accounts From Accounting System

“…the thieves made off with the credit card information of dozens of customers who ate at various Destination Hotels & Resorts properties, which are located in a total of 15 states…”

The Austin Police Department said thieves hacked intoThe Driskill Hotel management company’s accounting system and stole customer credit card information.

Authorities said they do not yet know exactly how many victims may have been affected, however, locally, police have received about three dozen complaints of fraudulent transactions, averaging $2,000-$3,000 each.

Losses are expected to total hundreds of thousands of dollars.  The United States Secret Service is also investigating.

For more:   http://www.news8austin.com/content/headlines/272023/driskill-hotel-customers-affected-by-credit-card-theft

Comments Off on Hotel Internet And Cybercrime Risks: Texas Hotel Management Company Is Targeted By Thieves Who Steal Dozens Of Customer Credit Card Accounts From Accounting System

Filed under Crime, Insurance, Liability, Theft

Tagged as , , ,

by | May 30, 2010 · 5:08 am

Hotel Information And Data Security Risks: Costs To Hotels Can Be High If Guests Personal Information And Credit Card Data Are Stolen

“…class-action claims will be brought against hotels. These are particularly problematic because while the actual damages may be low, the cost of settling is very high…”

…basis for a claim can be negligence—hotel guests can argue that even when a hotel did not overstep its promises, it is liable to a guest for negligence by not taking adequate steps to protect information. That is going to be even more important as state and federal governments pass laws and adopt regulations that require companies to take affirmative steps to safeguard personal information; these laws and regulations will form a road map for potential plaintiffs.

as we see larger and larger breaches (such as the recently announced Wyndham breach), it’s likely that class-action claims will be brought against hotels. These are particularly problematic because while the actual damages may be low, the cost of settling is very high. Second, governmental agencies—particularly states’ attorneys general and the Federal Trade Commission—are increasingly active in monitoring and investigating breaches. Even where no damages are incurred, responding to investigations is a costly, time-consuming process. I am currently working on a response to an informal FTC investigation that recently topped 1,000 pages—and we’re about half way through.

For more:   http://www.hotelnewsnow.com/Articles.aspx?ArticleId=3364&ArticleType=35&PageType=News

Comments Off on Hotel Information And Data Security Risks: Costs To Hotels Can Be High If Guests Personal Information And Credit Card Data Are Stolen

Filed under Crime, Insurance, Liability, Theft

Tagged as , , ,

by | May 25, 2010 · 2:51 am

Hotel Industry Identity Theft Risks: Police Arrest Three At Oregon Hotel Who Used Fake ID’s And Stolen Credit Cards

“The name on the credit card, when they swiped it, didn’t come up on the display to match the id they had,” she said.

Hotel workers tried to verify the card with Visa, but they were unsuccessful.  Police arrested Patrick Marsden, Christopher Baker, and Arlene Goe for theft of services. Officers raided their room and seized credit cards, possible stolen property and equipment used to make fraudulent IDs.

Police arrested three identity theft suspects who rented a room at a downtown Portland hotel.

“For identity theft it’s pretty sophisticated,” said Detective Cheryl Waddell.

“Everyone denies ownership,” said Officer Clint Snodgrass.  “They say the stuff in the room is not theirs,” he added.

Detectives say the group also made purchases up and down the coast and at REI in the Pearl, all using fake id’s and fraudulent credit cards.

“They’ve gone pretty much exclusively digital,” said Waddell.

For more:   http://www.kgw.com/news/local/3-ID-suspects-arrested-at-Portland-hotel-94620904.html

Comments Off on Hotel Industry Identity Theft Risks: Police Arrest Three At Oregon Hotel Who Used Fake ID’s And Stolen Credit Cards

Filed under Crime, Insurance, Liability, Theft

Tagged as , , ,

by | April 20, 2010 · 8:36 am

Hospitality Industry Risk: Cybercrime Is Targeting Smaller Companies Who Need To Employ Security Packages

“We are in an arms race with sophisticated, high tech enemies who are now concentrating on smaller business bank accounts in addition to their continued efforts to steal from large corporations.” To combat the risk, Conner suggests that small businesses employ a “triple threat” security package that would include

• Authentication 

• Fraud detection  

• “Out-of-band transaction verification and signing for high-risk transactions”

(From a USAToday.com article)    Authentication and fraud detection intuitively make sense – these sorts of products look at your transaction, and transaction history, and check for suspicious activity. Conner explained that while Entrust already offers the first two types of protection, to better serve its customers, it is adding that third, necessary layer, of protection with a new product being launched this week.

 “IdentityGuard Mobile” is an app for your smartphone. When a potentially suspicious activity begins to hit your account, this product sends you a text of the transaction details and asks you to authenticate and approve it before the bank can approve it.

 With the challenges to small business coming from all sides – decreased lending, tighter budgets, wary consumers – the last thing we need is to take a financial hit due to cybercrime, so we must be vigilant. Keep your security patches up to date. Make sure you have a robust antivirus suite. Change your pass codes frequently. Use the triple threat.

  http://www.usatoday.com/money/smallbusiness/columnist/strauss/2010-04-18-cyber-threats_N.htm

Comments Off on Hospitality Industry Risk: Cybercrime Is Targeting Smaller Companies Who Need To Employ Security Packages

Filed under Crime, Liability, Theft, Training

Tagged as , ,