Scam of the day – February 12, 2017 – Data breach at InterContinental Hotels

InterContinental Hotels became the latest hotel chain to disclose that it had been hacked by cybercriminals stealing credit card and debit card information, joining Kimpton Hotels, Marriot Hotels, Hyatt Hotels, Trump Hotels, Hilton, Mandarin Oriental and White Lodging which all suffered data breaches during the past year.  Trump Hotels was hacked twice in the last year.

According to a statement released by InterContinental, credit card and debit card processing equipment was infected with malware at restaurants and bars at their hotels between August and December of 2016. The full extent of the data breach has not yet been determined.  For a list of the affected restaurants, you can go to this link. https://www.ihg.com/content/us/en/customer-care/protecting-our-guests

It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at the bars and restaurants at the InterContinental hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, InterContinental and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best thing we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

 

Scam of the day – August 16, 2016 – More hotel data breaches

Yesterday, HEI Hotels and Resorts, a company that manages hotels operating under  brand names such as Marriott, Hyatt and InterContinental, announced that 20 of its hotels suffered a data breach that resulted in hackers stealing customer names, credit and debit card account numbers, expiration dates and three digit verification codes for tens of thousands of transactions going back as far as March of 2015.

It is not known yet whether the data breach is related to the hacking by the Russian organized crime group Carbanak, that, as reported recently by Brian Krebs managed to install malware into the credit and debit card processing equipment manufactured by MICROS used in hotels around the world.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at HEI’s hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Kimpton and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Here is a link to which you can go to find out which hotels were affected by the data breach and when the data was compromised.  http://www.heihotels.com/list-of-properties

Scam of the day – August 14, 2016 – Kimpton Hotels investigating possible data breach

Kimpton Hotels,  a chain of 62 boutique hotels is looking into a possible data breach, which essentially means that they were indeed hacked and they are just trying to confirm this fact.  Almost in every instance when companies are hacked, it is the credit and debit card processors that notice a pattern of fraudulent card use and then trace it back to the hacked companies, which in this instance appears to have occurred in almost half of the Kimpton hotels in the  United States. When this is confirmed, Kimpton will just be the latest of a long line of hotels including  Omni Hotels and Resorts, Hyatt, Hotels, Starwood Hotels, Hilton Hotels and Trump Hotels (twice) that all suffered similar data breaches in the last year in which credit card and debit card information of their customers was stolen by unknown hackers.

The primary reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandated credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Kimpton Hotels, the card information that was stolen would have been worthless, but since they still used the old fashioned magnetic strip cards, Kimpton and its customers face financial problems from this data breach.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted  more than a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  You also should regularly monitor your credit card statements for indications of fraudulent use.

Scam of the day – May 25, 2016 – ATMs hit in Japan for 12.7 million dollars in under three hours

Using cloned credit cards with account numbers stolen from a South African based bank, thieves managed to steal 12.7 million dollars from 1,400 ATMs in Japan earlier this month although the theft was only recently disclosed.  The thieves used the counterfeit credit cards at 1,400 ATMs in each instance withdrawing the maximum 100,000 yen (approximately $913).  In just under three hours starting at 5:00 a.m. on Sunday, May 15th the criminals, using 1,600 phony credit cards managed to steal 1.4 billion yen (approximately 12.7 billion dollars).  The affected credit cards were issued by South Africa’s Standard Bank.

It isn’t known at this time whether the credit card numbers were stolen through skimming of legitimate cards or a data breach.  Customers whose credit cards were compromised are not liable for any of the illegally made charges on their cards.

TIPS

This type of theft may not have been possible if ATMs were using processing equipment for the more secure EMV chip cards, however, the deadline under the regulations requiring banks and others with ATM machines to switch to compatibility with EMV chip cards in order to avoid liability is not until October 1, 2017.  You can well expect similar type of ATM thefts to occur until banks and others with ATMs do a better job of protecting our security.  Fortunately, consumers will only be inconvenienced by these type of thefts, having to cancel cards and get new credit card numbers, but at least consumers will not be responsible for fraudulent charges and withdrawals made using their credit card accounts.

Scam of the day – December 30, 2015 – Hyatt Hotels suffers a data breach

Just before Christmas,  Hyatt Hotels announced that it had become the latest hotel chain to become the victim of a data breach joining Starwood Hotels, Hilton Hotels and Trump Hotels who all announced recently that their hotel chains had been the victims of data breaches in which the personal information of their customers was stolen by unknown hackers.  At this point in time, although Hyatt has confirmed that its payment processing system was infected with malware, it has not yet determined how long the data breach has been going on, which of its 627 hotels were affected and what specific information was stolen.  The data breach was discovered by Hyatt on November 30th, but it did not alert the public of the data breach until December 23rd.  Hyatt is still investigating the data breach and will release more information as it becomes known.

Two of the main reasons for the continuing problem of data breaches at hotel chains are the weak cybersecurity of many hotel chains coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1, 2015  mandate credit card issuers and retailers switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have been slow to switch to the new card processing equipment.  If smart EMV chip cards had been used at Hyatt hotels, the information that it appears may have been stolen in such a hacking would have been worthless, but since they still used the old fashioned magnetic strip cards, Hyatt and its customers face financial problems from this data breach.  Target, which learned its lesson the hard way has already switched to the new EMV chip cards as has WalMart.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted a year ago, continue to occur again and again.  As for us, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.

Certainly if you have been a Hyatt customer within the past year, you should carefully review your credit and debit card statements for indications of identity theft and fraudulent charges.  Hyatt will be posting updates on its investigation on the website http://www.hyatt.com/protectingourcustomers/  You also can call Hyatt at 877-218-3036.

Scam of the day – November 21, 2015 – Starwood hotels discloses major data breach

Starwood hotels announced today that it has joined a long line of hotels that have suffered a significant data breach involving credit cards and debit cards.  Just in the last year, major data breaches have occurred at The Trump Hotel Collection, Hilton Hotels and the Mandarin Oriental.  The hacking involves fifty-four of its hotels including its Sheraton, Westin and W brands.  According to Starwood, the data breach resulted in the theft of credit and debit card information including card numbers, the names of the card holders, security codes and expiration dates of the affected cards.  The malware used to gather the data, consistent with some of the more recent hotel data breaches, was found in the payment systems at the hotels’ restaurants, gift shops, bars and other retail shops within the various hotels, but not at the front desk card processors.   The hacking started in November of 2014.   This type of data breach is something about which I wrote a column for USA Today a year ago in which I explained the pattern of these data breaches and why they occur.  Here is a link to that column, entitled “Coming Soon:  Another Major Retailer Hacked.”  http://www.usatoday.com/story/money/personalfinance/2014/09/27/hacking-target-home-depot-credit-card/16221427/

Here is a link to the explanation by Starwood of the data breach.  http://www.starwoodhotels.com/html/HTML_Blocks/Corporate/Confidential/Letter.htm?EM=VTY_CORP_PAYMENTCARDSECURITYNOTICE

Here is a link to a list of the affected hotels so that you can determine if you stayed at one of the affected hotels since November of 2014. http://www.starwoodhotels.com/Media/PDF/Corporate/Hotel_List.pdf

As is so often the case in these types of data breaches, Starwood is offering a year of free credit monitoring to those affected by the data breach although it is certainly late to be counting on this to provide significant assistance.  Here is a link to information as to how to apply for the free credit monitoring.  http://www.starwoodhotels.com/Media/PDF/Corporate/Reference_Guide.pdf

The problem continues to be one of weak cybersecurity of many companies coupled with these companies still using credit card and debit card processors for cards with magnetic strips rather than the safer smart EMV chip cards.  Regulations effective October 1st mandate credit card issuers and retailers to switch over to the new smart EMV chip cards or risk increased legal liability, but unfortunately, many companies have not switched over and are not expected to do so for some time.  If smart EMV chip cards had been used at the Starwood hotels, the information stolen in such a hacking would have been worthless, but since they still used the old fashioned magnetic strip cards, Starwood and its customers face financial problems from this data breach.  Target, which learned its lesson the hard way has already switched to the new EMV chip cards as has WalMart.

TIPS

Until credit card issuing companies and brick and mortar stores and businesses that take credit cards switch to the new smart EMV chip cards, this story will, as I predicted a year ago, continue to occur again and again.  As for we, as consumers, the best we can do is to refrain from using our debit cards for anything other than an ATM card because consumers whose debit card security has been breached are not protected as much as when a credit card is used for fraudulent purchases.  In addition, if you do not already have a new smart EMV chip card, you should demand one from your credit card company.  They are easy to use and they will provide you with much greater security.  If you used a credit card or debit card at any of the above-mentioned Starwood properties since November of 2014 you should carefully monitor your credit card account and bank account for any indication of a problem.