Luxury hotel chain owned by Donald Trump has been fined $50,000 for negligent cybersecurity practices after two separate attacks on its payment processing systems exposed more than 70,000 customer credit card numbers.
In light of this news, Jose Diaz believes that, as the hospitality industry becomes more of a target for POS-based malware, more has to be done to protect customers’ payment information. Jose Diaz, director of payment strategy at Thales e-Security commented below.
Jose Diaz, Director of Payment Strategy at Thales e-Security:
“The accommodation industry has been particularly vulnerable to POS-based malwares, with reports citing it as the sector with the highest number of POS breaches. And Donald Trump’s luxury hotel chain was no exception after two separate attacks on its payment processing systems exposing more than 70,000 customer credit cards. This can be largely attributed to the fact that most locations swipe your payment card on a simple mag-stripe reader attached to the POS system itself, and encrypt the data using software within the POS system, rather than on a payment terminal.
Here is the crucial difference – payment terminals are certified under PCI, and can encrypt the data ‘at point of capture’ – the very first opportunity you have to protect it – rendering it unreadable as it flows through the merchant’s POS and IT systems to the payment processor. Without this protection ‘from swipe to acquirer’, cleartext payment data is left vulnerable and open to attack. The migration to EMV is certainly helping update payment acceptance systems with certified terminals that support the use of PCI P2PE for protection of sensitive data. This, combined with the use of tokenization for payment data that merchants may need for their operation, will help address the ongoing major breaches we continue seeing at a variety of merchants.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…