McCaysville GA – September 25, 2015 (hospitalitybusinessnews.com) Krebs on Security just reported that “Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims.”
Krebs reported that “sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.”
Hilton has issued a standard statement concerning their security and how important it is to them, however, just like other hotel and restaurant companies it appears that the security was not enough.
“Hackers use different attack vectors to exploit businesses, and many recent breaches have involved malware that, once installed, exfiltrates sensitive data,” said managed security expert Kevin Watson, CEO of Netsurion, a Houston-based security firm. “There’s no silver bullet strategy to defend against every threat. However, a strong line of defense is making sure that data doesn’t leave the network without the admin’s knowledge and if data is sent out, it only goes to verified Internet addresses. Security must be layered with a properly managed firewall, data encryption, network segmentation, passwords and access controls, software updates and anti-virus/anti-malware software. Along with protecting incoming traffic and preventing access by malicious actors, it’s critical to limit outbound Internet traffic as well.”
Many hotels think that “Chip and Pin” will be the answer. But so far the implementation of this new system, throughout the USA, is in a sorry state. Come October 1, 2015 there will be few hotels that are up and running with this system.