Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hotels Lead the Industry In Credit Card Theft

Posted by kdawson on from the shred-everything dept.

katarn writes "A study released this year found that, of the credit card hacking cases last year, 38 percent involved the hotel industry. At hotels with inadequate data security, the greatest amount of credit card information can be obtained using the simplest methods. It doesn't require brilliance on the part of the hacker. Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to store or transmit this kind of data properly, and that starts with the point-of-sale credit card swiping systems."

4 of 135 comments (clear)

  1. People with too much time on their hands by Tisha_AH · · Score: 4, Insightful

    What was not mentioned in the article is that some of this may be caused by the hotel staff. The folks who work the night shift are frequently underpaid and have a bunch of spare time to browse through the credit card numbers and transactions of the folks who have checked in that evening.

    --
    Tisha Hayes
    1. Re:People with too much time on their hands by Yvanhoe · · Score: 3, Insightful

      So yeah, some employees truly do suck--always have and always will.

      And should not be trusted with consumer financial data, which is a management error that is totally avoidable.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  2. Why do merchants need to retain CC info? by JSBiff · · Score: 4, Insightful

    Obviously, at the time of transaction, the CC info is needed to make the transaction, but why do they retain the info after that? Don't the credit card networks issue a transaction ID for every transaction? If, after a transaction, the hotel needs to do something like refund part or all of the charge (e.g. returning a deposit), it would seem like they should be able to do that with just the transaction ID. Is there something I'm missing?

    This, it seems to me, applies to almost every merchant - retail, dining, entertainment, services, hotels, whatever. Why do they need to retain the info?

    If the end-user is not responsible, and this all becomes the responsibility of the credit card networks and banks, then I suppose I don't care too much, but if this can end up adversely affecting the credit reports of the victims, then I think the credit card industry needs some reform, beginning with mandates that info not be retained by merchants. A hacker can't steal what isn't there (although, a hacker could still potentially capture the CC info in real-time at the moment of the transaction, but at least you've reduced stored-data attacks).

  3. Re:I read the article by Hijacked+Public · · Score: 3, Insightful

    That is an inversion of purposes, between the headline and the article.

    The Slashdot editors have dug down past simpleton level grammar and emerged not at the bottom of the scale, but somehow at the top, and turned the industry on its ear.

    Which industry? I have no idea.

    --
    "Sacrifice for the good of The State" - The State