Tag Archives: Identity Theft

Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

 Three major hotel industry associations, including the American Hotel & Lodging Association (AH&LA), Hotel Technology Next Generation (HTNG), and Hospitality Financial and Technology Professionals (HFTP) today issued the following joint statement to hotels regarding organized cyber crime attacks on credit card data. It identifies actions that hotels — and not their system vendors — need to take immediately in order to minimize their vulnerabilities and to avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached.

  • Cyber criminals are systematically attacking systems that store credit card data
  • Criminal organizations are highly structured and integrated with the world’s organized crime rings
  • Attacks on hotels are highly targeted and effective
  • Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards.
  • The most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place
  • Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

The three actions are:

  1. Eliminate EVERY default password on EVERY machine on your network — server, workstation, router, firewall, and any other device that has a password.
  2. Eliminate holes in remote access to systems inside your network
  3. Get a firewall and configure it properly. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall

For more:  http://www.hospitalitynet.org/news/154000320/4050609.html

Comments Off on Hotel Industry Credit Card Security Risks: Major Hotel Industry Associations Issue "Joint Statements" On Actions To Prevent Cyber-Crime

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Training

Hospitality Industry Technology Issues: Hotel Management Will Feel Increased Pressure In 2011 To Offer "Free Wireless Internet Access" With Resultant Needs To Secure Network

A comfy mattress and a hot breakfast are still important to hotel guests, but free wireless Internet access is the most desired amenity, according to a new survey of 53,000 travelers.

Hotels are likely to feel more pressure to offer the service at no charge, said Stuart Greif, vice president and general manager of the global travel and hospitality practice at J.D. Power.

The survey by J.D. Power & Associates found that free Wi-Fi was the most important feature for guests in nearly every segment of the hotel industry.

  • The most expensive hotels were the least likely to offer free Wi-Fi.
  • Of guests staying at midscale hotels, 96 percent said they got free Wi-Fi, as did 64 percent of guests at budget hotels, according to the survey of guests who stayed in hotels from May 2009 to June 2010.
  • None said they got free Wi-Fi at luxury hotels.
  •  Free Wi-Fi is available at many businesses.

At the Ritz-Carlton luxury hotel chain, the fee for Wi-Fi access is a top complaint among guests, said spokeswoman Vivian A. Deuschl. (The new Ritz-Carlton in downtown Los Angeles charges $12.95 a day.) Some Ritz-Carlton hotels offer free Internet access in the lobbies and other public spaces. “We have no immediate plans to change the policy, but it’s an ongoing subject of discussion,” Deuschl said.

For more:  http://www.dallasnews.com/sharedcontent/dws/fea/travel/thisweek/stories/DN-guestswant_0102tra.ART.State.Edition1.1481b10.html

4 Comments

Filed under Guest Issues, Management And Ownership, Risk Management

Hospitality Industry Information Security Risk: Study Finds Indentity Fraud Increased by 12% In 2009 To $54 Billion

Javelin Strategy & Research, a group that does studies on identity theft and fraud, released its 2010 Identity Fraud Survey Report toward the beginning of the year. It found that the top two types of personal identification being compromised in a data breach were:
  • Victim’s full name (63%)
  • Physical address (37 percent).
  • Social Security numbers being compromised in data breaches decreased from 38 percent in 2008 to 32 percent in 2009.

It also reported that the number of identity fraud victims in the United States had increased by 12 percent to 11.1 million adults in 2009, the annual fraud amount increased by 12.5 percent to $54 billion.

But the study also found that an increasing number of consumers are fighting back against identity theft and taking necessary precautions to preserve their personal information.

The average fraud resolution time dropped 30 percent to 21 hours, and nearly half of all victims were reported to have filed police reports that ended up doubling the reported arrests, tripling the prosecutions, and doubling the percentage of convictions in 2009.

“The 2010 Identity Fraud Survey Report shows that fraud increased for the second straight year and is at the highest rate since Javelin began this report in 2003,” said James Van Dyke, president and founder of Javelin Strategy & Research.

“The good news is consumers are getting more aggressive in monitoring, detecting and preventing fraud with the help of technology and partnerships with financial institutions, government agencies and resolution services.”

Javelin researchers believe the increase in fraud is due in part to the economic downturn, when historically fraud increases.

Robert Siciliano, a researcher with McAfee Inc., identified the top 10 riskiest places for people to lose their Social Security numbers, with colleges and universities coming in at number one. Banking and financial institutions were second and hospitals were third.

According to identitytheftlabs.com, younger adults and small business owners tend to be the victims of identity theft because they often engage in “risky activities” that can lead to them being victimized more frequently.

Read more: The Daily Home – Fight back against identity theft

2 Comments

Filed under Guest Issues, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Identity Theft: Las Vegas Hotel Industry Is Target Of Cybercriminals Who “Skim Wireless Transmissions” And Intercept Credit Card Data And PIN Numbers On Low-Cost/High Tech Devices

Law enforcement officers learned last week how easy it is to have one’s identity stolen when a cybercrimes expert powered a $30 machine and intercepted some of the wireless transmissions coming from their smart phones as they sat in a UNLV conference room.

“It’s absolutely an arms race,” said Feffer, who also investigates cybercrime for the Los Angeles County district attorney’s office. “You see vulnerabilities in software exploited by criminals. Then you see the software companies patch those vulnerabilities and then the criminals develop new ones. That’s why you have to make sure everything is up-to-date and currently patched. What was good last year is by no means safe this year.”

As cybercriminals seek new ways to outsmart police and the public, crime-fighting agencies are increasingly turning to cyber-experts to show them the latest high-tech equipment used in identity theft scams.

One of those experts is Justin Feffer, who conducts seminars for identity theft detectives nationwide on behalf of the FBI and LifeLock, an Arizona company that specializes in identity theft protection.

“It’s absolutely an arms race,” said Feffer, who also investigates cybercrime for the Los Angeles County district attorney’s office. “You see vulnerabilities in software exploited by criminals. Then you see the software companies patch those vulnerabilities and then the criminals develop new ones. That’s why you have to make sure everything is up-to-date and currently patched. What was good last year is by no means safe this year.”

That’s the reason nearly 100 officers from Metro Police, North Las Vegas, Henderson, the state Gaming Control Board and other agencies attended the conference.

It included a demonstration of skimming devices that criminals use to steal credit and debit card information, including PIN numbers, from card-swiping machines that have become increasingly present at Las Vegas restaurants and retail outlets.

Speaking outside the conference room, LifeLock spokesman Mike Prusinski emphasized the importance of training. “Most of the individuals in that room have absolutely no idea what a skimming device looks like or what the wiring looks like. We’re opening their eyes to these things.”

The interview took place outside the room because the FBI and LifeLock don’t want the public — including the media — to know what law enforcement is learning about the tricks of identity thieves.

Nevada has been a hotbed of identity theft for years. The state last year ranked fifth in the nation with 106 complaints per 100,000 residents — 2,802 complaints total — that were fielded by the Federal Trade Commission. That’s down from 130.2 complaints per 100,000 residents in 2005, when Nevada ranked second. The agency did not explain why the numbers for Nevada are down.

The FTC data paint only a partial picture of the problem because many victims file complaints only with police instead of also with the commission. But the number of identity theft crime reports filed with Metro from January through Nov. 13 — 2,063 — is down from the 2,440 filed during the same period in 2009.

For more:  http://www.lasvegassun.com/news/2010/dec/15/pickpockets-strike-through-ether/

2 Comments

Filed under Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Credit Card Risks: Hotel Owners And Management Must Store “Credit Card And Guest Receipts” In Secure Locations To Prevent Identity Theft

“… (the defendents) found boxes of monthly credit card receipts from previous hotel guests. Box by box, they and others lifted them from the hotel, officials allege…”

The receipts, officials say, helped the men manufacture counterfeit credit cards in document “boiler rooms” and card “chop shops,” which they then used to buy $300,000 worth of merchandise in Texas, Oklahoma and Louisiana.

The merchandise, which included tow trailers, televisions, all-terrain vehicles and tires, then was resold or pawned.

The hotel didn’t learn of the thefts until August 2008, and since then, federal investigators have learned at least 17,000 receipts were stolen in what they say is San Antonio’s largest identity theft case.

Details had remained sketchy until the ringleader, Ruben “Hollywood” Costello, 36, recently pleaded guilty to ID theft fraud conspiracy, access device fraud, and conspiracy to launder money, and documents in the case were unsealed.

They identify Jones, 34, as his partner in the crimes and name him and Flaharty, 31, as two people who helped take the records from the Emily Morgan.

They also reveal Costello used a network of associates, methamphetamine addicts and others to maintain the scheme, and used an Elmendorf trucking company he ran, RD&N Hauling, to launder the money.

The cardholders never realized their credit card accounts had been compromised until months, even years, after they stayed at the hotel. But the damage made it hard for some of them to get loans and left lingering headaches in trying to straight things out, officials said.“When you look at these types of crimes, you may think the victim is the vendor or the credit card companies,” Assistant U.S. Attorney Tom McHugh said. “What we see is that the person whose identity is stolen, his problems may go on for years.”

For more:  http://www.mysanantonio.com/news/local_news/article/Ringleader-pleads-in-S-A-s-largest-ID-theft-case-859510.php

Comments Off on Hospitality Industry Credit Card Risks: Hotel Owners And Management Must Store “Credit Card And Guest Receipts” In Secure Locations To Prevent Identity Theft

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft

Hotel Industry Cyber-Crime Risks: Hotels Are #1 Target For Credit Card Data Theft As Centralized Processing And Economic Downturn Delay Encryption Software Upgrades

 “Because of the downturn in the economy, a lot of industries have stopped upgrading their software,” he said. “So they’re very open for being hacked at any point.”
A recent study shows the hotel industry is especially open for being hacked.
 
“The main reason is they’re such a central hub for where people run their cards,” Jones said.

 
Recent studies show hackers steal credit card data from hotels more than any other industry. 

“It’s not if it’s going to happen, it’s when it’s going to happen,” said John Sileo, a Denver resident who had his credit card information stolen on a recent business trip. “The Driskill Hotel had an entire database of customer information stolen. Mine was one of them.”

“Because of the downturn in the economy, a lot of industries have stopped upgrading their software,” he said. “So they’re very open for being hacked at any point.”

A recent study shows the hotel industry is especially open for being hacked.

Ryan Jones, a data-security consultant with Trustwave, has been watching a steady increase in hotel hacking.

Trustwave found that out of all the hacking cases they investigated last year, 38 percent involved hotels, well ahead of financial services (banks) at 19 percent and retail at 14 percent.

Destination Hotels and Resorts, headquartered in Englewood, is just one of the major chains that got hacked.

This summer, they told guests at 21 hotels across the country that their credit cards might be compromised.”Because of the downturn in the economy, a lot of industries have stopped upgrading their software,” he said. “So they’re very open for being hacked at any point.”

A recent study shows the hotel industry is especially open for being hacked.

Ryan Jones, a data-security consultant with Trustwave, has been watching a steady increase in hotel hacking.

“The main reason is they’re such a central hub for where people run their cards,” Jones said.

Trustwave found that out of all the hacking cases they investigated last year, 38 percent involved hotels, well ahead of financial services (banks) at 19 percent and retail at 14 percent.

Destination Hotels and Resorts, headquartered in Englewood, is just one of the major chains that got hacked.

This summer, they told guests at 21 hotels across the country that their credit cards might be compromised.

For more:  http://www.thedenverchannel.com/money/25881609/detail.html

Comments Off on Hotel Industry Cyber-Crime Risks: Hotels Are #1 Target For Credit Card Data Theft As Centralized Processing And Economic Downturn Delay Encryption Software Upgrades

Filed under Crime, Guest Issues, Liability, Maintenance, Management And Ownership, Risk Management, Theft

Hospitality Industry Cybercrime Risk Management: “Cloud Computing” Providers Will Carry “Cyber Insurance To Mitigate The Risk Of Data Breaches Or Unexpected Downtime”

The manager of a fine hotel would never allow an electrician or plumber to work without being insured; it’s standard fare on service contracts in the physical world. Not so in cloud computing, where provider coverage in the form of cyber insurance is far from a given. This undoubtedly will change as businesses push providers to share the risks of a data breach or unexpected downtime, experts said.

Such large cloud computing providers as Salesforce.com Inc. do carry cyber insurance to mitigate the risk of data breaches or unexpected downtime, but “smaller providers are not carrying insurance and have no plan to [do so] until the larger customers push back and say, ‘You’re in our risk profile now,'” said Drew Bartkiewicz, vice president of technology and new media markets at The Hartford Financial Services Group, a cyber insurance company based in New York.

For the cloud computing model to work, cloud customers, as well as cloud providers, need to share the risk, according to Drue Reeves, director of research for the Burton Group in Midvale, Utah. If a provider were wholly responsible for the data of hundreds or thousands of tenants, it simply wouldn’t be able to buy enough insurance to cover the liability. To protect themselves in this risky situation, cyber insurers generally cap their policies at $10 million or $15 million, forcing providers and large customers to keep shopping, experts said.

For more:  http://searchcio.techtarget.com/news/2240021040/Cyber-insurance-mitigates-the-risk-of-data-breaches-in-cloud-computing

Comments Off on Hospitality Industry Cybercrime Risk Management: “Cloud Computing” Providers Will Carry “Cyber Insurance To Mitigate The Risk Of Data Breaches Or Unexpected Downtime”

Filed under Crime, Insurance, Liability, Theft, Training

Hospitality Industry Cybercrime: Hotels And Restaurants Combine For Over 50% Of All Credit Card Data Theft Because Of Their Dependence On Credit Cards And Focus On Servicing Guests

“…According to a recent study, 38% of all credit card breaches occur in hotels…financial services industry accounts for 19% of breaches… Retailers 14%, and restaurants at 13%…”

Hotels are easy targets because they are all credit card-based. It is possible to reserve a room without providing a credit card number, but they don’t make it easy. And hotels themselves certainly aren’t fortresses designed to keep bad guys out. They’re designed to be open and inviting, with, at best, a bellman whose focus is assisting guests rather than guarding the front door. Maybe that mentality exists in hotels’ IT security departments, too.

The root of the issue is the hotel industry’s insufficient security measures to prevent data breaches. Many rely on older point of sale terminals and outdated operating systems, which are more vulnerable to hackers. When the recession hit, many hotels cut back and decided to hold off on upgrades.

While their defenses were down, hackers slithered into their networks to steal guests’ personal financial data. Once thieves have accessed this data, they can clone cards with the stolen numbers and use them to make unauthorized charges.

For more:   http://www.finextra.com/community/fullblog.aspx?id=4286

Comments Off on Hospitality Industry Cybercrime: Hotels And Restaurants Combine For Over 50% Of All Credit Card Data Theft Because Of Their Dependence On Credit Cards And Focus On Servicing Guests

Filed under Crime, Insurance, Liability, Theft

Hotel Information Security Risks: Hotel Management Must Invest In Data Security Systems To Prevent Point-Of-Sale Theft Of Credit Card Data

“Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry. The sector was well ahead of the financial services industry (19 percent), retailing (14.2 percent), and restaurants and bars (13 percent).

Why hotels? Well, to paraphrase the bank robber Willie Sutton, hackers hit hotels because that is where the richest vein of personal credit card data is. At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.

“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”

For more:   http://finance.yahoo.com/news/Credit-Card-Hackers-Visit-nytimes-3300094848.html?x=0

2 Comments

Filed under Crime, Insurance, Risk Management, Theft

Hotel Industry Identity Theft Risks: Police Arrest Three At Oregon Hotel Who Used Fake ID’s And Stolen Credit Cards

“The name on the credit card, when they swiped it, didn’t come up on the display to match the id they had,” she said.

Hotel workers tried to verify the card with Visa, but they were unsuccessful.  Police arrested Patrick Marsden, Christopher Baker, and Arlene Goe for theft of services. Officers raided their room and seized credit cards, possible stolen property and equipment used to make fraudulent IDs.

Police arrested three identity theft suspects who rented a room at a downtown Portland hotel.

“For identity theft it’s pretty sophisticated,” said Detective Cheryl Waddell.

“Everyone denies ownership,” said Officer Clint Snodgrass.  “They say the stuff in the room is not theirs,” he added.

Detectives say the group also made purchases up and down the coast and at REI in the Pearl, all using fake id’s and fraudulent credit cards.

“They’ve gone pretty much exclusively digital,” said Waddell.

For more:   http://www.kgw.com/news/local/3-ID-suspects-arrested-at-Portland-hotel-94620904.html

Comments Off on Hotel Industry Identity Theft Risks: Police Arrest Three At Oregon Hotel Who Used Fake ID’s And Stolen Credit Cards

Filed under Crime, Insurance, Liability, Theft