CHICAGO (December 2, 2010) - The holiday season is typically seen as the most wonderful time of the year, full of family get-togethers, home-cooked meals and fireside story-telling. While many holiday travelers plan for the unexpected such as weather-related travel delays, many do not think twice about their personal information as they present a credit card upon checking into their hotel after a long day of travel. As holiday travel ramps up, Trustwave and Visa have unveiled a white paper that provides best practices every merchant should follow to manage data security threats, as well as travel tips for consumers to help ensure their personal information remains secure.
Earlier this year, Trustwave issued its Global Security Report that analyzed data gathered from nearly 1900 penetration tests and more than 200 security incident and compromise investigations throughout 2009. The findings showed that 38 percent of the breaches occurred in the hospitality sector. That was more than foodservice (restaurants) and financial institutions (banks) combined.
Both small and large hotel operations are an easy target for organized crime groups as many in the hospitality industry outsource most IT functions. With a low IT presence, the opportunity to install malicious software, or malware, onto a hotel management system is enticing to attackers. In addition, many hotels use the same management system across multiple locations and often do not segment the properties appropriately. Once malware is planted on one hotel property, attackers can replicate the attack on the additional properties with very little effort as those properties have the same security deficiencies.
"The goal of attackers and organized crime groups is to obtain mass amounts of credit cards for lucrative gain," said Nicholas J. Percoco, senior vice president and head of Trustwave's SpiderLabs, the advanced security team within Trustwave responsible for application security, incident response, penetration testing, physical security and security research. "Organized crime groups understand that nearly all consumers use credit cards to pay for hotel visits, which enables them to obtain new credit cards in large quantities every day."
"Almost every consumer that stays at a hotel uses a credit card for payment - it's one of the few industries so heavily dependent upon credit cards," said Robert J. McCullen, chairman and CEO of Trustwave. "The increase in holiday travel amounts to more cardholder data being run through hotel management systems, significantly increasing the opportunities of card theft."
After investigating more than 1000 cases of stolen credit card information over the past few years from businesses including hotels, Trustwave has developed a list of tips to help consumers stay secure during their travels this holiday season:
- Set aside one credit card to use for only for travel.
- Always have an extra credit card when traveling in case a card does get compromised.
- Keep every hotel receipt.
- Don't wait to get home to check credit card accounts - check them daily. And don't stop checking once home.
-
- Verify every charge. Attackers will check the viability of the credit card by charging something small, for a few dollars, to see if it works and if the cardholder is paying attention to its statements.
-
- Should a consumer experience a fraudulent charge on their credit card, they should call their card issuer immediately and tell them about the charge. More often than not, consumers are not held liable for those charges.
-
About Trustwave
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates and secure digital certificates . Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com/en-us/.
