Security blogger Brian Krebs has reported that multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims. Mark Bower, global director of product management, enterprise data security for HP Data Security commented on the hilton hotel breach.
[su_note note_color=”#ffffcc” text_color=”#00000″]Mark Bower, Global Director of Product Management, Enterprise Data Security for HP Data Security:
“Once again we see that resorts and hospitality service providers are having extraordinary challenges with payment card security.
Card-on-file transactions are common, meaning card data is often stored longer than typical, to maintain customer bookings and for resort service charges after check-in. Online booking systems often channel card data from various sources and third parties over the internet, creating additional possible points of compromise. Partner booking systems accessing the hotel platforms also present additional risks and malware paths for entry to data processing systems to steal sensitive information.
However, resorts and hospitality organizations can avoid the impact of these types of advanced attacks.
Proven methods are available to neutralize this data from breaches either at the card reader, at the POS, in person, or via web booking platforms. Leading travel-related organizations, airlines, and travel booking aggregators have adopted these data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.1 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organization handling card payment data.”[/su_note][su_box title=”About HP Data Security” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.