March 4, 2010
-
Hotels Hospitable for Cybercrime, Pt.4
The tail of the mouse.It's a big world out there, Dorothy. Major strides have been made by credit card industry leaders but, there is a vast sea if smaller and independent lodging sites that just don't have the expertise nor resources to shore up the leaks like the "big boys" do. New credit card regs have become very comprehensive but getting them implemented universally has proven to be a daunting task. Aside from penalizing small business with rate increases (credit card transaction percentage hikes), there seems to be no easy way to force rapid PCI compliance.
For the larger chains, all it takes is one weak portal to get in the door. That little Weston overlooking Podunk Lake may seem friendly and lay-back. In a back storage room, however, may be the credit card skeleton key to the entire Weston chain worldwide. This was the case with Wyndham, so reported, where some little podunk-town in the Midwest hit all the resorts in Florida. Who'd-a-thunk-it? The average detection of a hotel credit card cyber-breach is 156 days.
Then too, we have those trusty Night Auditors. I remember getting in trouble one day when, I was PC-Anywhere'd into a large credit card system somewhere else in the world and was called away on another task. I forgot to log off that system for several hours when I returned to what I had been doing. Instead of having to call the administrator at the sight to log in again, I was able to just pick up where I had left off. All was fine I thought, until my connection was suddenly severed. Then I was forced to call the site to log in again. I wasn't prepared for the reaction at the site. The shift had changed and the departing administrator failed to tell anyone I was working in the system from another part of the country. Suddenly, the incoming administrator happened to look over at the control console only to find the mouse pointer moving on it's own and doing things to the system with no one setting in the chair. In panic, that administrator just turned off the power to the console. There are many ways in which a rat can set up a system to go in as a mole and commandeer the mouse (and all the other controls) on a system. Everytime there comes a better mousetrap, there comes a better mouse.