Feeds

back to article Hotelier faces FTC data breach lawsuit

“Repeated failures” to protect customer data have led the FTC to file a data breach lawsuit against hotel operator Wyndham Worldwide, whose brands include Ramada Days Inn, Travelodge, Super 8 and Howard Johnson. According to Reuters, the US regulator alleges that Wyndham’s slack security “led to hundreds of thousands of …

COMMENTS

This topic is closed for new posts.
Bronze badge
WTF?

>> says it always notified customers when breaches occurred

Well that's the bare minimum they could do - I wouldn't go trumpeting that I rose to the level of inadequacy. If a youngster being toilet trained announces that they've peed on the floor for the third time today one tries to hold back critical remarks while cleaning up. When a great big company rolling in customer moolah does the technical equivalent then something more than encouraging smiles and hand-holding is called for.

3
0
Silver badge

Why were they storing credit card data?

I thought that credit card data was exchanged with the credit card provider, via HTTPS, who then gave a linked authorisation code to the hotel (retailer).

2
0
Silver badge
Devil

Re: Why were they storing credit card data?

Booking guarantee for pre-booking, card on check-in for expedited check-out, etc.

Standard practice in the hotel industry is to store the card at least for the duration of the stay. Now, did they go beyond that is something we do not know and the lawsuit will tell.

One more reason not to use them anyway (that is one hotel chain which I always filter out).

2
0
Anonymous Coward

re: Why were they storing credit card data?

> Why were they storing credit card data?

Repeat bookings and the booking system is written in some ancient Delphi App.

1
0
Silver badge

Re: re: Why were they storing credit card data?

I thought they stored an authorisation code (from the credit card provider) that was time limited and unique. That way, only the hotel could steal from you (if they wanted to) and nobody else could.

0
0
Anonymous Coward

Wouldn't be using those Hotel chains in future then.

Who did they bank with? RBS?

2
0
Pirate

Major Fault, eh Basil?

0
0
Anonymous Coward

Credit cards pilfered at hotel? Like that's never happened before.

0
0

This post has been deleted by its author

Anonymous Coward

We use the same software.

We use the same software as they do

Ours is up to date you can store CC data in the profile of the client, this is encrypted, masked from the workstation user after a given time.

The credit card is details are used for credit card guarantees to secure bookings and card holder not present transactions (where an interface is installed).

There is also an interface for credit card payments with card holder present which will simultaneously takes the payment from the client and posts the payment to the clients account in the system (again masked and encrypted).

Our software is PCI compliant.

However, I understand though that the earlier versions of the software did not encrypt and were not PCI compliant with regulations regarding safeguarding client credit card details – though I have seen a lot of middle ware systems still being sold that instantly fail PCI rules when handling client data..

Overall, I wish there was a better system of securing bookings (as you cannot take full payment on all bookings) – but without some form of commitment from the client- how else can you guarantee they will turn up on a rainy, miserable day!

0
0

If

Wyndham's security surrounding credit card details was so crappy, how'd they pass their PCI DSS audits in 2008, 2009 and 2010?

We couldn't possibly be talking about a sloppy or compliant PCI auditor here, could we?

0
0
This topic is closed for new posts.