Hotel in Kaua'i, Hawaii
I told you as soon as the folks at Trustwave got back to me, I’d let you know what they had to say about how to protect your credit cards at hotels. They’re the ones behind that unsettling New York Times article about how lax computer security among hotels puts your credit card information at risk.
This is from Nicholas J. Percoco, senior vice president and head of Trustwave’s SpiderLabs, the advanced security team at Trustwave. A lot of it covers ground we’ve already touched on, but it won’t hurt to hear it again from an expert.
Note especially what he has to say about debit cards and also about hotel employees. It’s not just hackers you have to worry about:
“Hi Greg,
Your blog already offers pretty sound advice. Kudos for helping your readers stay informed.
We think it’s important to know that as a consumer, you are not liable for fraudulent charges with a credit card. Of course the faster you’re able to track a fraudulent charge and alert your issuer, the faster the money will be back in your account. Therefore, it’s important that you monitor your account daily or every other day. Again, while you’re not responsible for the charges, it will take less time to fix your account with only one or two small charges than four or five large charges. And if you’ve experienced fraudulent charges on your account, confirm that the issuer will send you a new card with new account information for free.
We would also advise consumers not to use debit cards as credit cards. Once your debit card has been swiped, the money is gone. It takes more evidence and time to prove the charge was fraudulent and you cannot be guaranteed that you’ll see the money back in your account again.
We also think it’s important to know how you can fall victim to such fraudulent activity. First, it is important for consumers to understand where and when they are using their credit cards. From a skimming perspective, consumers should pay close attention to the credit card after it leaves their hands (i.e. handed to a hotel employee). If that employee has to leave the desk and charge the credit card in a back room rather than in front of you, that is suspicious behavior.
From a hacking perspective, it is impossible for a credit-card using consumer to protect against the hacking of hotel systems. This is the hotel’s responsibility. A hotel must make sure that they have security controls in place, such as those defined by the Payment Card Industry Security Standards Council (PCI SSC), in order to protect cardholder data.
Bringing a lot of cash with you when you travel is likely not a safer option. Checking your monthly statement is also not enough. Monitoring your credit card account before, during and after your travels is mandatory. Report any unrecognized charges on your account immediately to the card issuer.”
I think Mr. Percoco is dead-on. Just like pickpockets, cyber-crooks prey on the unwary. Don’t let criminals mess up your travels.
And the hotel industry needs to get its act together on computer security — like, yesterday!
Comments
Powered by Facebook Comments