Tag Archives: Cybercrime

by | April 14, 2010 · 5:41 am

Hospitality Industry Risk: “PCI Security Standards” Should Be Implemented By Hotels And Restaurants To Protect Customer Data

The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.

(From a PCIsecuritystandards.org posting)   The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.

Ongoing development of the standard will provide for feedback from the Advisory Board and other participating organizations. All key stakeholders are encouraged to provide input, during the creation and review of proposed additions or modifications to the PCI DSS.

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

Build and Maintain a Secure Network

Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security

To further the adoption of the PCI DSS, the PCI Security Standards Council defines credentials and qualifications for QSAs and ASVs. The PCI Security Standards Council also manages a global training and certification program for QSAs and ASVs, and will publish a directory of certified providers on this Web site.

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

4 Comments

Filed under Crime, Liability, Theft, Training

Tagged as , , ,

by | April 7, 2010 · 6:37 am

Hotel Cybercrime: Debit Cards Do Not Offer Same Protections As Credit Cards If Account Information Is Stolen

Jacque Tiegs of Clair Shores, Mich., had a similar experience a few years ago. She used her debit card at a hotel in Milwaukee for incidental charges and found out on her next month’s bank statement that someone had run up a $3,500 bill at another hotel of the same brand in Chicago. Her bank couldn’t (or wouldn’t) solve the problem, and the hotel claimed she had run up the charges. Only by threatening to go to the police and offering proof that she had been out of town on a work assignment was she able to get the charges reversed.

(From a WalletPop.com article)   Don’t think that the same protections you get from your credit card apply to your debit card. If someone steals your credit card number and runs up a big bill, you won’t be responsible for the fraudulent charges — at least not until the card company completes its investigation and probably not at all if they find evidence of fraud. But if someone steals your debit card information and starts charging away, you’re on the hook. The money comes straight out of your bank account. Not only are they your funds — with no one there to cover for you — but getting the money back can be a huge hassle that can easily take a month, if not more, to resolve.

Even if your money is only locked up temporarily, as Greg Meyer’s was, it can still be devastating, especially if you don’t have a large balance to tide you over. Not only that, but if the hold is greater than your balance, it can trip an overdraft protection and subsequent transactions can be denied or add to your overdraft woes.

So how do you protect yourself – and your debit card? “Be alert when there’s an opportunity for so-called ‘skimming’ or where people can look over your shoulder to track your PIN number,” says Tim Lukens, a senior vice president at Affinion Security Center, a company that makes anti-cybercrime software for big banks. Also, think twice before using your debit card at a restaurant, where you don’t actually see the server swiping it, or at gas stations, where surveillance cameras can record you keying in your PIN.

http://www.walletpop.com/blog/2010/03/31/debit-card-disasters-what-to-do-when-you-get-burned/

Comments Off on Hotel Cybercrime: Debit Cards Do Not Offer Same Protections As Credit Cards If Account Information Is Stolen

Filed under Crime, Liability, Theft

Tagged as , , ,

by | March 31, 2010 · 6:03 am

Hospitality Industry Cybercrime: The 10 Riskiest Cities For Cybercrime Include Major Hotel Destinations Such As #1 Seattle, San Francisco And Boston

The 10 Riskiest Cities for Cyber-Crime identified in the The Norton Top 10 Riskiest Online Cities report make up a laundry list of the most famous places in the country.

The top 10 listed are:

  1. Seattle
  2. Boston
  3. Washington, D.C.
  4. San Francisco
  5. Raleigh, N.C.
  6. Atlanta
  7. Minneapolis
  8. Denver
  9. Austin, Texas
  10. Portland, Ore.

(From a GovTech.com article)   Other notable cities in the remaining 40 include Honolulu (11), Las Vegas (13), San Diego (14), New York (24), Los Angeles (30), Houston (32), Phoenix (34) and Chicago (35). Rankings were determined from Symantec data on cyber-crime, third-party data on online behavior and demographic data from Sperling.

These cities have been ranked based on the numbers of malicious attacks received; potential malware infections; spam zombies; bot-infected machines; and places that offer free Wi-Fi, per capita. They were also ranked based on the prevalence of Internet use; computer use, based on consumer expenditures for hardware and software; and risky online activity, like purchasing via the Internet, e-mail and accessing financial information.

Seattle ranked in the top 10 of all categories, which is how it wound up as No.1 riskiest city in the survey.

“When you look at the data, they are way ahead on all these measures, so you’ve got a concentration of heavy usage of technology engaging in the kinds of activities that we know increase your risk of being a victim of cyber-crime,” said Marian Merritt, Norton Internet Safety Advocate.

http://www.govtech.com/gt/articles/750409

Comments Off on Hospitality Industry Cybercrime: The 10 Riskiest Cities For Cybercrime Include Major Hotel Destinations Such As #1 Seattle, San Francisco And Boston

Filed under Crime, Liability, Theft

Tagged as , , , ,

by | March 11, 2010 · 8:45 am

Hotel Industry Risk: Cybercrime Has Targeted Hotel Wireless Networks To Steal Credit Card Information

Travelers staying in hotels might want to carefully check their credit card statements for fraudulent charges in the months following the stay. According to recent reports, cybercriminals across the globe have a new favorite target: the wireless networks of hotels.

(From a CreditCardGuide.com article)  While financial services companies used to receive the bulk of hacker attacks, last year hotels emerged as the new choice target among hackers-out of 218 breaches in a total of 24 countries, 70 of those breaches took place through hotel networks, according to a report by security firm Trustwave SpiderLabs.

Internet security experts believe that hotel hacking attacks started to catch on at the end of 2008, when a sophisticated cybercrime organization broke into a hotel network to steal information and discovered just how easy it was to do. Even larger hotel chains are often poorly protected against cybercrime dangers, making it very easy for hackers to gain access to one computer and then use it as a doorway into the hotel’s central computer system, from where they can lift the credit card data of guests staying at the hotel along with other sensitive information.

Once hackers have retrieved the data they need, the cybercriminals waste no time turning the lifted credit card information into profit. Using high-tech equipment, hackers can easily clone credit cards, complete with a magnetic strip containing the stolen data. The cards are indistinguishable from the real thing and can be used in physical stores leaving behind few traces that can be used to track down the fraudsters.

It often takes hotels months before they notice the hack-last year, the average time between a security breach and discovery was over five months. In many cases, it is credit card companies, as opposed to the hotel chain, who first notice the unauthorized activity. Long after hackers make off with their bounty, credit card companies triangulating fraud reports discover that multiple individuals affected by fraud stayed at a specific hotel just prior to the credit card theft.

As awareness of hotel data breaches rises, many of the larger chains are stepping in to step up security. However, consumers should remain on alert: hacker’s aren’t about to give up this new lucrative target. Just this week, Wyndman Hotels, which operates chains including Days Inn, Ramada, and Howard Johnson reported its third breach in the past 12 months.

If you travel often or frequent hotels, make sure to monitor your credit card accounts. If strange activity shows up, contact your card issuer immediately. While credit card companies, ultimately, are on the hook for fraudulent charges, you do have to report unauthorized activity, and catching credit card fraud early can save much time and hassle down the road.

http://www.creditcardguide.com/creditcards/travel/staying-hotel-watch-credit-cards-231/

Comments Off on Hotel Industry Risk: Cybercrime Has Targeted Hotel Wireless Networks To Steal Credit Card Information

Filed under Crime, Insurance, Liability

Tagged as , , ,

by | March 10, 2010 · 5:23 am

Hotel Industry Cybercrime: Los Angeles Westin Bonaventure Hotel Disloses Credit Card Security Breach At Four Restaurants

According to Westin, its four restaurants – Lake View Bistro, Lobby Court Bar, Bonavista Lounge, L.A. Prime – along with its valet parking operation may have suffered a data security breach between April and December last year.

(From a InfoSecurity-us.com article)  In further proof that the hospitality industry is becoming a prime target for hackers, The Westin Bonaventure Hotel and Suites has admitted a likely data security breach.

According to a statement issued by Westin, compromised data may include names printed on customer credit or debit cards, card numbers, and expiration dates.

“Guests who used or visited the affected businesses during the eight month-period and who used a credit or debit card to pay their bills directly to the restaurants and valet parking might have had such information compromised and are encouraged to review their statements from that time period,” Westin said.

Although the company gave advice on how to place a full alert on a credit file, it did not offer any credit protection services for potential victims in the statement.

According to the 2010 Global Security Report from Trustwave, hospitality companies became the most breached sector in 2009, representing just over a third of all breaches. That said, the majority of these cases stemmed from a single site breach, the company said at the time.

However, hospitality breaches appear to be mounting. Wyndham Hotels and Resorts also suffered a security breach between late October last year and January. It is not clear whether the Wyndham hack was the single site breach reported by Trustwave, but the hospitality firm said that a hacker went through centralized network connections. “The hacker was then able to access and download information from several, but not all, of the WHR hotels and remove payment card information of a small percentage of our WHR customers,” Wyndham Hotels and Resorts said at the time.

Westin said that although customers of its restaurants and valet operation may have been compromised, the hacker did not gain access to customer card data stored in the system that stored credit card information for its hotel guests.

The Westin Bonaventure Hotel and Suites is independently owned by Today’s IV, Inc. and operated by Interstate Hotels & Resorts, Inc. under a license issued by Westin Hotel Management.

http://www.infosecurity-us.com/view/7881/westin-is-latest-hotel-to-be-hit-by-hackers/

Comments Off on Hotel Industry Cybercrime: Los Angeles Westin Bonaventure Hotel Disloses Credit Card Security Breach At Four Restaurants

Filed under Crime, Liability

Tagged as , , , ,

by | March 1, 2010 · 6:20 am

Hospitality Industry Risk: Cybercrime Is Targeting Hotels And Resorts As Credit Card Information Is Relatively Unprotected

(From a BlackBookMag.com article)  According to Nicholas Percoco, a cybersecurity researcher for the security firm Trustwave, “The hospitality industry was the flavor of the year for cybercrime.”

In 38% of the security breach investigations Trustwave performed last year, hotels and resorts were the victims. That’s way up from 2008, when the hospitality industry wasn’t nearly so trendy for identity thieves and there were hardly any incidents.

Hotels and resorts tend to have a lot of data–like your credit card info–that is relatively unprotected, making them pretty dreamy for hackers. Last year, both Radisson and Wyndham Hotels reported hacking incidents, and who knows what other hotels got hacked but didn’t report it. So, fork over your personal credit card with care at check-in, or maybe use this as an excuse to charge any and all hotel stays on the company card.

http://www.blackbookmag.com/article/your-hotel-stay-stole-your-credit-card/15885

2 Comments

Filed under Crime, Liability

Tagged as , , , ,