Lax Hotel Network Security Leads to Credit Fraud

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Have you ever wondered what happens to your credit card information after it’s swiped at the hotel front desk?  New York Times reporter Joe Sharkey knows. Sharkey told petergreenberg.com that he discovered a small unauthorized merchant charge on his credit card the same day he checked out of the Arizona Biltmore in Phoenix. It wasn’t the first time. Earlier, Sharkey reported in The New York Times that he and his wife had their credit card accounts compromised following hotel stays. In both cases, hackers made multiple small unauthorized purchases. Why were the charges small, you might ask? That’s how hackers check whether card holders are paying attention and whether credit card accounts are vulnerable.

Hackers Are the Hotel Industry’s Frequent Uninvited Guests

According to a 2011 Global Survey Report released by Trustwave SpiderLabs, Sharkey has plenty of company. The report shows that one in ten of the data breaches that Trustwave investigated in 2010 happened in the hotel industry. If you’re a frequent hotel guest, that’s not good news.

In 2010, the Wyndham Hotels – operators of The Days Inn, Ramada and Howard Johnson Hotel chains – reported that hackers had penetrated their computer system at as many as 31 hotels, stealing customers’ names and credit card numbers. It took the hotel nearly 150 days to discover the data breach. According to a 2010 Trustwave SpiderLabs study, that kind of delay is typical for the industry.

After the Doherty Hotel in Michigan was hacked, 150 hotel guests reported fraudulent credit card charges. According to ABC News, when hackers targeted Destination Hotels, a chain of 30 luxury hotels, 700 credit cards were compromised. Law enforcement officials said that losses totaled hundred of thousands of dollars.

Hotel hacking that leads to credit fraud seems to be as easy as shooting ducks in a barrel. The reasons: point of sale devices are vulnerable; there’s huge volume of credit card transactions; and credit card information is retained for reservations and loyalty programs.

Unsecured hotel wireless networks at hotels have also proven to be an ideal place for hackers to commit a variety of other crimes. At the luxury Thompson Hotel chain, a hacker captured embarrassing emails belonging to guests and staff members that were transmitted over its wireless network and threatened to make them public.

In many states across the country, hackers staying at hotels or parked nearby have used the anonymity of hotel wireless networks to download kiddie porn.

Guests looking to use their hotel’s wireless Internet may face another security threat.  In 2010, The CBS Early Show had an ethical hacker set up a fake wifi access point at a New York City hotel, calling it “Best Free Public WiFi.” Before long, dozens of unsuspecting wireless device users tried to log on. When an unsuspecting hotel guest connects to a rogue wifi access point like that, his sensitive financial information can be harvested by a hacker.

How to Hide From Hotel Hackers

Remember, staying at a nice hotel with good security doesn’t guarantee that your financial information will be safe from hackers. Here’s what you can do to protect your most valuable possession – your identity.

  • Find out what your hotel is doing to protect your credit card information.
  • Ask whether its wireless network uses WPA (Wifi Protected Access) encryption. It requires a password to get onto the network and encrypts all the information transmitted on it. This prevents eavesdropping over wireless. But it may not stop other guests connected to the same hotspot from stealing your information.
  • Watch out for Evin Twins. Some wifi networks you spot at hotels may look like the real thing. They may even contain your hotel’s name. But they can still be rogue access points created by hackers to steal your data.
  • Check with the establishment to make sure which network is the real one.
  • Always assume you’re not alone on any public wifi network. Disable file sharing; and never send Social Security numbers or financial information when over a wireless connection.
  • Use a credit card instead of a debit card at hotels so your bank account will be protected.
  • Use a VPN (virtual private network) like PRIVATE WiFi™ to ensure that the information transmitted over your wifi connection is invisible to hackers.

If you were hacked at a hotel, we’d like hear what happened to you. Drop us a line and tell us your story.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.