March 4, 2010
-
Hotels Hospitable for Cybercrime, Pt.3
Mark Twain.Seriously folks, just how serious is this hotel credit card cybercrime anyway? According to Trustwave's analysis, hotel credit card cybercrime is not only at the top of the list. It doubles the runner-up industry. Their breakdown by industry on credit card cybercrime is something like this:
· Hospitality: 38% of the cases
· Financial services: 19%
· Retail: 14%
· Food and beverage: 13%When Mr. Percoco assesses that the trend (or "wave") really picked up in 2008, I find this a very plausible analysis. I was, puzzled that it wasn't already rampant, as I learned the ropes in 2007 and was so perplexed by, what appeared to be gaping security flaws. Then started the clampdown in early 2008. The industry was getting serious about this and even went so far as to set up "social-engineering stings". No more, "Mr. Niceguy". People were being fired for just trying to help someone in trouble. What was the social norm one month became the hangman's noose the following month. Wyndham were one of the first victims (and have been many times since).
To be fair, Wyndham have as good of security as anyone else (and better then most). My take from the observations would be that Wyndham generally cater to those with more plum credit card clientele. The good people at Trustware surmise that it all began on the petty level. After a few cyberduffers stumbled on the fact that hotels not part of a huge network, don't create a formidable IT staff of their own and generally contract to the lowest bidder. When it comes to credit card security, the old industry regs were pretty lax about contractor credentials and there were more "geeks" then "watchmen".
Where nature abhors a vacuum, greed abhors money that isn't stolen yet. It didn't take long before adventurers were pioneering horizons with more lush credit cards, like Windham's.