“You can check out any time you like, but you(r credit card) can never leave.” You won’t be alone if you hear that haunting Eagles tune, Hotel California, while you’re on the road this summer. Hotels and travelers alike are under siege across the globe as hackers continue compromising hotel point of sale (PoS) payment systems. An additional 37,000 locations joined the breach list in the past month.
InterContinental Hotels Group (IHG), whose brands include Holiday Inn, Candlewood Suites, Crowne Plaza, and Staybridge Suites, recently announced a breach that ran from September 2016 until year’s end. It compromised the credit card data of cards used to pay charges at the front desk of more than 1,000 of IHG’s 5,000 locations.
Last month, Sabre Corporation joined the list of the breached. Sabre handles reservations for over 36,000 hotels according to its website. On May 2, it disclosed a new data breach to the Security and Exchange Commission (SEC).
“We are investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system. The unauthorized access has been shut off, and there is no evidence of continued unauthorized activity at this time,” the company stated.
How Big Is the Problem of Hotel Breaches?
The problem has become so pervasive that Verizon’s 2017 Data Breach Investigation Report (DBIR) released last month showcased the accommodations nightmare. Verizon reported that 96 percent of the data loss came from external sources. RAM-scraping, a method used in the 2013 Target breach, compromised the largest number of credit cards.
“Most of (these breaches) are opportunistic and financially motivated and involve primarily malware and hacking threat actions. Time-to-compromise is quick but time-to-discovery and containment remains in the months category,” the report’s authors wrote.
On a more positive note, Verizon found that 85 percent of the attacks in the hospitality industry were revealed by fraud detection efforts rather than outsider notifications.
What Data Is Traveling with You?
Before you travel, look at the data traveling with you. A 2015 Experian study indicated that 25 percent of travelers surveyed bring their Social Security card on vacation! On the flip side, 53 percent of travelers pared down the number of credit cards they carried while on vacation.
Roughly one in five travelers lost sensitive data while traveling according to that study; men were three times more likely than women to lose info. Over 50 percent of those who experienced identity theft on vacation said it took weeks to remedy the problem; 11 percent reported it took months or years.
Sign up for ID Watchdog’s Lost Wallet service; it’s part of your membership. Lost Wallet Replacement will assist with cancelling and replacing contents from the Lost Wallet Vault. Otherwise, make a copy of the credit cards you take on vacation and leave it with a trusted friend or in a safe place so someone can locate your account numbers if you lose a card. If possible, use one credit card for travel expenses and another for other expenditures. Then check those monthly statements carefully when you return.