I was ready to write another store about how hotels should stop storing our credit card data when I saw the headline. But then I read the letter to customers and it got interesting...
The Westin Bonaventure Hotel and Suites in Los Angeles is reporting that between April and December of 2009 they had a credit card data breach. They are advising that the breach affected customers who made purchases to as many as four of their hotel restaurants and their valet parking.
The report is specific to a breach of data by "outside hacker[s]" and was directed at the point of sale systems (those are the systems that they use to swipe your cards and take your money).
This is where I think this gets interesting:
The hotel chain is reporting that the loss of data includes "the names printed on customers' credit or debit cards, credit or debit card numbers, and card expiration dates." They also state that "the hacker did not obtain any information from the computer system used to store hotel guest information."
So, you may be wondering, why do I think that is the interesting part? If a "hacker" stole data, but did not get it from the systems that store hotel guest data, where did they get it?
My bet is that they discovered an employee using a card skimmer to copy data from the credit/debit cards of customers. (A card skimmer is a small device that someone can swipe a card through. The skimmer has a small memory card that will save a copy of the data stored on the card.) You hand your credit card to the waiter/waitress and they walk away. The perfect chance for them to skim your card and steal your data. What information can they get by skimming? Your name, your card number, and the expiration date. Note there is no mention about customer address, phone number or any other information.
Since handing over your credit card is common practice, the best way to protect your self from fraud is to:
- Review your credit card statement.
- Save your receipt so you can compare the amounts.
- Never, Never, Never hand over a debit card. Debit cards draw on your account while credit cards extend credit. Ask yourself, is it easier to dispute a charge or try to get your money back from a debit draw?
John "Mike" Wright