07 March 2014

Credit card (in)security at hotels

Identity fraud is a perennial concern for travelers, and particularly for hotel guests whose cards are frequently used on the road. But the problem seems to be getting worse, and there’s no quick or easy fix...

Hotels are a massive source of credit card fraud,” says John Sileo, a digital privacy expert who runs the Web site Sileo.com. “In fact, the travel industry in general is ripe for the picking because of a variety of factors, including the distraction of travelers, high usage of credit and debit cards, high turnover of employees, and failure to perform employee background checks.”..

Their cards may have been compromised while they checked in, with an employee swiping their cards and then feeding the information to someone else. Or someone else standing near the check-in area and using a smartphone could have recorded their card numbers and verbal data, leading to the compromise...

I checked in with a reader who works in the security department of a major chain hotel in New Orleans about the precautions hotels do and don’t take when it comes to their customers’ security. He said that guests might be shocked if they took a look at the computers being used to check them in. He recently inspected front-desk terminals at his hotels, even though information technology isn’t part of his job.  “They hadn’t been updated in years, with thousands of updates needed,” he says. “I discovered that one computer was filled with adware, which is bad enough, but the other had a full virus network, with keyloggers as well as worms. It had its own database and a way to send guests’ personal information off-site to its own servers.”
More details (but no solution) at the Washington Post

When I travel out of town I take extra cash to use in sleazy bars and other places where I don't want to flash a credit card.  But you can't even make a reservation at hotels without providing a credit card number.

6 comments:

  1. I find it amusing we've all come to accept the term "Identity theft" as if we ourselves are directly in danger. Guess what, the banks and credit card companies are in a lot more danger as they have to eat a lot of the expenses of illegal credit and debit use. Everyone seems to forget its the duty of the merchants, banks and the credit card companies to keep their clients from being robbed. Of course this expense is only short term for them as they pass it on to all of us with a host of fees and quickly rising rates.

    ReplyDelete
  2. Somehow, Stan, I don't picture you in a lot of dive bars.

    ReplyDelete
    Replies
    1. "Things You Wouldn't Know Include We Daily Barhop Incognito"

      Delete
  3. one man's dive bar is another man's local...

    ReplyDelete
  4. The US House of Representatives Financial Services Committee is considering mandating Chip & Pin (a.k.a. EMV) technology to prevent these types of attack.

    ReplyDelete
  5. If they just need a credit card for security (not charging it immediately) a cancelled card works fine. I carry one for this reason.

    ReplyDelete