“Repeated failures” to protect customer data have led the FTC to file a data breach lawsuit against hotel operator Wyndham Worldwide, whose brands include Ramada Days Inn, Travelodge, Super 8 and Howard Johnson. According to Reuters, the US regulator alleges that Wyndham’s slack security “led to hundreds of thousands of …
>> says it always notified customers when breaches occurred
Well that's the bare minimum they could do - I wouldn't go trumpeting that I rose to the level of inadequacy. If a youngster being toilet trained announces that they've peed on the floor for the third time today one tries to hold back critical remarks while cleaning up. When a great big company rolling in customer moolah does the technical equivalent then something more than encouraging smiles and hand-holding is called for.
Why were they storing credit card data?
I thought that credit card data was exchanged with the credit card provider, via HTTPS, who then gave a linked authorisation code to the hotel (retailer).
Re: Why were they storing credit card data?
Booking guarantee for pre-booking, card on check-in for expedited check-out, etc.
Standard practice in the hotel industry is to store the card at least for the duration of the stay. Now, did they go beyond that is something we do not know and the lawsuit will tell.
One more reason not to use them anyway (that is one hotel chain which I always filter out).
re: Why were they storing credit card data?
> Why were they storing credit card data?
Repeat bookings and the booking system is written in some ancient Delphi App.
Re: re: Why were they storing credit card data?
I thought they stored an authorisation code (from the credit card provider) that was time limited and unique. That way, only the hotel could steal from you (if they wanted to) and nobody else could.
Wouldn't be using those Hotel chains in future then.
Who did they bank with? RBS?
Major Fault, eh Basil?
Credit cards pilfered at hotel? Like that's never happened before.
We use the same software.
We use the same software as they do
Ours is up to date you can store CC data in the profile of the client, this is encrypted, masked from the workstation user after a given time.
The credit card is details are used for credit card guarantees to secure bookings and card holder not present transactions (where an interface is installed).
There is also an interface for credit card payments with card holder present which will simultaneously takes the payment from the client and posts the payment to the clients account in the system (again masked and encrypted).
Our software is PCI compliant.
However, I understand though that the earlier versions of the software did not encrypt and were not PCI compliant with regulations regarding safeguarding client credit card details – though I have seen a lot of middle ware systems still being sold that instantly fail PCI rules when handling client data..
Overall, I wish there was a better system of securing bookings (as you cannot take full payment on all bookings) – but without some form of commitment from the client- how else can you guarantee they will turn up on a rainy, miserable day!
Wyndham's security surrounding credit card details was so crappy, how'd they pass their PCI DSS audits in 2008, 2009 and 2010?
We couldn't possibly be talking about a sloppy or compliant PCI auditor here, could we?
- Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Researcher sat on critical IE bugs for THREE YEARS