Study: Hotels a hot spot for credit card fraud
Hospitality industry targeted more than financial service companies
By Tyler Metzger
If you're a hotel hopper, akin to George Clooney in "Up in the Air," your credit card details may be in danger.
|HOSPITALITY INDUSTRY UNDER ATTACK
Hotel services are targeted the most -- even more than financial service companies -- by hackers looking to steal your payment card information, according to Trustwave's SpiderLabs. The chart below shows which services are hacked the most.
Hackers steal card data from the hospitality industry more than any other -- even more than financial service companies -- according to a study by Trustwave's SpiderLabs, an information security company.
Out of the 218 data-breach investigations from 24 countries the company studied, 38 percent of the attacks occurred on hotels. And once the attack occurred, it took an average of 156 days for the business to realize it.
The crooks knew what they were after, too: 98 percent of targeted data was payment card information. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, said that card information is constantly under fire because it's the fastest way for thieves to grab real cash.
Here's a breakdown of the industries most targeted for security breaches, as indicated in the report:
- Hospitality industry (38 percent)
- Financial service companies (19 percent)
- Retail stores (14.2 percent)
- Food and beverage (13 percent)
- Business services (5 percent)
- Technology (4 percent)
- Other (4 percent)
- Education (1.4 percent)
- Manufacturing (1.4 percent)
Half of the attacks were conducted with remote access applications, which allow hackers to take control of a computer from an off-site location. Of the breaches that used remote access, 90 percent exploited default or weak passwords to steal data. About 42 percent of the attacks used third-party connections as a means to gain access, and less than 1 percent used e-mail-based malware.
"Attackers are using old vulnerabilities to get in and out," Percoco said. "They know they aren't going to be detected [in many cases], so they are camping out and not trying to hide because no one's watching."
SpiderLabs' report did not single out which hotels have been breached.
According to a February 2009 report by Javelin Strategy and Research, 9.9 million people were victims of identity fraud in 2008, and about 8.4 million people were victims of identity theft in 2007, or one person every four seconds.
If you suspect your card data has been hacked, request a credit report from one of the three major credit bureaus -- Equifax, Experian and TransUnion -- by using the free AnnualCreditReport.com. Review the report carefully to ensure all the charges are accurate. If you find errors, file a dispute immediately with the credit bureau that reported it, then alert your creditor and have the account frozen or closed.
See related: States' weapon of choice against ID theft: Transparency, 10 ways to protect yourself from data breaches, Identity theft booms, even as thieves rely on old-fashioned methods, Personal finance predictions for 2010: ID theft, Identity theft on the Oregon Trail
Published: February 8, 2010