Hilton confirms hotel credit-card-snaffling sales till malware hit Hilton Worldwide has confirmed that malware found its way onto point-of-sale systems that targeted payment card information. Targeted data included cardholder names, payment card numbers, security codes and expiry dates. Addresses and PINs were not exposed, Hilton concluded, after an investigation that brought in third-party …
I use a pre-pay app (still had my card cloned... :-( ) , but they ask for a card at the desk to cover incidentals. I don't think it ever gets charged, but the POS machines, might be collecting card info just for swiping...
Anyone else think we are only getting half the story?
P.
I was flown to the US with everything pre-paid, and the hotel (though I don't recall which chain) refused to give me my key until I handed over a credit card - which they then used to try and bill me for what appeared to be a complimentary bottle of mineral water left in the room - which no-one had touched, even after assuring me when I checked out that there were no charges made. I figured this was typical business practice in such places.
I had the thankless chore of reading through the PCI DSS requirements the other day, not a task I want again. If malware gets onto what is supposed to be a very isolated and restrcited system, what can it get at? Without looking into it I had always assumed that card terminals would encrypt your CHD on the terminal itself before sending that data to bank/processor/jargonofchoice. I'm guessing if malware on the POS can get at it thats not true, or is it in ther terminal too. That or the stolen CHDs have been extracted from the booking system instead?
I think it's been close to 2 years since one of my CCs was last compromised. I use them at many places including hotels(usually best western or holiday inn), airlines, online(using BofA "shopsafe" virtual CCs). For a year or two it was getting nailed 2-3 times a year seemed like (with most of those being "shopsafe" compromises which doesn't matter to me because nobody else can use those numbers, but the BofA fraud system last I dealt with it anyway couldn't distinguish between a shopsafe compromise and a main card compromise, had to talk to a rep who would manually clear the fraud alert after verifying it was shopsafe).
Maybe just been lucky I don't know.. outside of a brief trip to europe Target is the only place I've been to that accepts the "chip" on my cards(that have no PIN), other places tell me their chip readers(the few that have them) don't work(yet). I like swipe still myself, much faster.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
