Research and Statistics

Study: Hotels a hot spot for credit card fraud


Hackers looking to steal card data checked into the hospitality industry more than any other — even more than financial service companies — according to a study by Trustwave’s SpiderLabs, an information security company.

The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. Please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

If you’re a hotel hopper, akin to George Clooney in “Up in the Air,” your credit card details may be in danger.

Hotel services are targeted the most — even more than financial service companies — by hackers looking to steal your payment card information, according to Trustwave’s SpiderLabs. The chart below shows which services are hacked the most.

Hackers steal card data from the hospitality industry more than any other — even more than financial service companies — according to a study by Trustwave’s SpiderLabs, an information security company.

Out of the 218 data-breach investigations from 24 countries the company studied, 38 percent of the attacks occurred on hotels. And once the attack occurred, it took an average of 156 days for the business to realize it.

The crooks knew what they were after, too: 98 percent of targeted data was payment card information. Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs, said that card information is constantly under fire because it’s the fastest way for thieves to grab real cash.

Here’s a breakdown of the industries most targeted for security breaches, as indicated in the report:

  • Hospitality industry (38 percent)
  • Financial service companies (19 percent)
  • Retail stores (14.2 percent)
  • Food and beverage (13 percent)
  • Business services (5 percent)
  • Technology (4 percent)
  • Other (4 percent)
  • Education (1.4 percent)
  • Manufacturing (1.4 percent)

Half of the attacks were conducted with remote access applications, which allow hackers to take control of a computer from an off-site location. Of the breaches that used remote access, 90 percent exploited default or weak passwords to steal data. About 42 percent of the attacks used third-party connections as a means to gain access, and less than 1 percent used e-mail-based malware.

“Attackers are using old vulnerabilities to get in and out,” Percoco said. “They know they aren’t going to be detected [in many cases], so they are camping out and not trying to hide because no one’s watching.”

SpiderLabs’ report did not single out which hotels have been breached.

According to a February 2009 report by Javelin Strategy and Research, 9.9 million people were victims of identity fraud in 2008, and about 8.4 million people were victims of identity theft in 2007, or one person every four seconds.

If you suspect your card data has been hacked, request a credit report from one of the three major credit bureaus — Equifax, Experian and TransUnion — by using the free Review the report carefully to ensure all the charges are accurate. If you find errors, file a dispute immediately with the credit bureau that reported it, then alert your creditor and have the account frozen or closed.

See related:States’ weapon of choice against ID theft: Transparency, 10 ways to protect yourself from data breaches, Identity theft booms, even as thieves rely on old-fashioned methods, Personal finance predictions for 2010: ID theft, Identity theft on the Oregon Trail

Editorial Disclaimer

The editorial content on this page is based solely on the objective assessment of our writers and is not driven by advertising dollars. It has not been provided or commissioned by the credit card issuers. However, we may receive compensation when you click on links to products from our partners.

What’s up next?

In Research and Statistics

‘Emergency PINs’ won’t summon help at ATMs

It’s not true: Punching your ATM’s PIN in reverse won’t summon the cops. But Congress liked the urban myth enough to mandate a study of the idea.

See more stories
Credit Card Rate Report
Cash Back

Questions or comments?

Contact us

Editorial corrections policies

Learn more