Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Some Hotels had data attacks. What can you do?  (Read 2976 times)

0 Members and 1 Guest are viewing this topic.

Geek-9pm

    Topic Starter

    Mastermind
  • Geek After Dark
  • Thanked: 1026
    • Gekk9pm bnlog
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows 10
Some Hotels had data attacks. What can you do?
« on: November 23, 2015, 05:00:18 PM »
The full title is:
Customers at Sheraton, Westin, other hotels hit by data-stealing hack attack
Quote
If you stayed at a Sheraton, Westin or other Starwood hotel in the US or Canada this past year, you'll want to keep an eye on your credit or debit card account.
Starwood Hotels and Resorts Worldwide said this week that point-of-sale systems at more than 50 of its hotels had been infected with malicious software. The malware, installed at gift shops, restaurants and other locations, let hackers make off with payment card data, including cardholder name, card number, security code and expiration date.
Read More...
Question:
How can a traveler prevent this?

patio

  • Moderator


  • Genius
  • Maud' Dib
  • Thanked: 1769
    • Yes
  • Experience: Beginner
  • OS: Windows 7
Re: Some Hotels had data attacks. What can you do?
« Reply #1 on: November 23, 2015, 05:08:04 PM »
A traveler cannot prevent it...unless they pay cash for everything...

The issue and burden is not on the traveler...it's on the shirty POS systems being used.
" Anyone who goes to a psychiatrist should have his head examined. "

Itrenor



    Rookie

    Thanked: 1
    • Experience: Experienced
    • OS: Windows 7
    Re: Some Hotels had data attacks. What can you do?
    « Reply #2 on: November 24, 2015, 03:10:26 AM »
    As Patio correctly stated, it's not the traveler's responsibility. 

    Without getting too technical, and keeping in mind there are many factors involved so I am only stating the basics, card holders gets first priority on reversals. 

    Just to note, there's a distinction between a reversal and refund .  If you find a suspicious transaction on your statement, request a reversal immediately from the bank.  The bank has a fraud department that will investigate the situation and if the merchant account holder can't prove that it was a legitimate transaction, the bank is obligated to ensure that the funds is returned to the card holder and would then seek legal action against the merchant account holder.

    In this scenario, it is a clear cut case and the hotel is 100% liable, meaning the traveler's would most certainly be refunded by the banks as the banks themselves are insured against fraud.  In fact the hotel's system may very well be placed into a audit cycle pending recertification, which could take from three, to six months depending on the processing gateway.  The audit process has no bearing on the refunding of card holders though and would have no affect on when the funds are returned.

    By law, a POS system is not allowed to keep the credit card number in full on their records.  The first six and last four digits of the card is sufficient to identify a card for query purposes.  There is no reason for a restaurant to be able to call up your card for further transactions once you left the restaurant.  Any theft would occur between the swipe machine and the processing gateway ... i.e. through malware or physical card readers.  Never let your card out of your sight, if the waiter says his swipe machine is broken, follow him and make sure he is using a legitimate swipe and not a card reader.

    Greatly contested, the annoying habit that some stores has to make a carbon rubbing of your card is Illegal in some countries.  This gives them a full record of your card and, pre chip-cards, if they recorded your cvv number they would have carte-blanche with your bank account.  Do not allow anyone to make a photostat or carbon rubbing of your card ... ever.

    This is where it gets tricky.  Even though the same can be said for a hotel as for a restaurant, a hotel setting may be different due to online reservations...  Internet transactions ( or card not present transactions ) and traditional POS transactions follow two seperate routes and adhere to seperate rules.  Amazon, PayPal, Ebay ... etc ... all retain your full card number on their database but is still compelled by law to keep it encrypted.  In the event of card theft, it is up to the company to refund you in full and then take the matter up with the bank as either they themselves, or their gateway provider, essentially becomes the "card holder".

    Internet fraud can become fairly complex to resolve, for that reason most banks has a black list of specific countries and would refuse outright to honor any transactions coming from those countries due to the high risk of fraud.

    Suffice it to say, there is no way that a card holder can protect him or herself of becoming a victim of credit card fraud but there are measures in place to "protect" them in the sense that, generally speaking, the funds would be recovered.

    Again, these are broad strokes and there are many nuances and complications when it comes to internet transactions.

    P.S.  This does not apply when it comes to common sense ... protecting your credit card details, including online passwords or physical details outside of a transaction, is still the cardholders responsibility and how to protect you from that is an entirely different topic.
    « Last Edit: November 24, 2015, 03:44:39 AM by Itrenor »
    We all lack knowledge on some or another subject ... it's whether we choose to argue rather than learn that makes us ignorant...