My understanding is that IHG caused their own problem because they used
old-fashioned "swipe" terminals instead of modern chip terminals. (Chip
information is encrypted.)
But don't feel overly safe. Even credit card chip technology in the U.S.
is less secure than elsewhere. A lost U.S. credit card with chip can be
used anywhere by anyone until canceled. A European credit card, however,
cannot be used without the owner's 4-digit PIN in addition to the chip
(same as debit cards, but not credit cards, in the U.S.).
73, Dave K3ZJ
On Fri, May 26, 2017 at 6:02 AM, jpescatore--- via CQ-Contest <
cq-contest@xxxxxxxxxxxxxx> wrote:
Here's what happened - it happened to me and I work in Internet security:
The Intercontinental Hotel Group (parent of Holiday Inn, Crowne Plaza,
etc) was hacked back in February and continuing through April. Over 1,100
of its hotels were impacted. If you are interested, details here:
http://www.computerworld.com/article/3190175/security/1-175-
hotels-listed-in-payment-card-breach-of-holiday-inn-parent-company.html
I checked in to the Crowne Plaza on Friday afternoon. Later that day I
got
a potential fraud alert from Mastercard that a "card not present" charge
of
$377 was made to my card by something called IHG. I checked online, my
charges that day for gas and for the hotel I stayed on on Thursday night
were there and legit - and there was an IHG charge of $377.
When I checked in, they physically swiped my card so it should *not* have
shown up as card not present, and I didn't immediately connect IHG to
Crowne Plaza. I called Mastercard, they connected me to the fraud folks
and
I asked "Do you show more information about IHG?" they said no. So, I
said
that must be a fraudulent charge and they cancelled that card and are
sending me a new one.
I went down to the desk to tell them I would switch the charges to
another
card and they said "Yes, we are having a lot of that because of the
hack."
Bells went off in my head, but too late to stop the card from being
cancelled. The clerk said "let me check the list of disputed charges,
because the system will shut your room card access off." I'd come down
quickly enough, wasn't on that list but it was several pages long.
Because of the hack and exposure, IHG apparently was centrally processing
card swipes until they could validate that all impacted hotels had
cleaned
up there local systems. So, the charge showed up as "card not present" -
I
have no idea why it showed up when I checked in, as on business travel it
usually shows up on checkout.
When I was checking in, two hams sharing a room came down and said their
room cards didn't work. They might have had the disputed charge thing
cancel happen to them, don't know.
Advice: no reason to worry about fraud to your card from your Dayton
stay,
but if you stayed in any of the 1,100 hotels between February and April
and
haven't been contacted, good idea to at least check your credit records
if
not change that card number.
73 John K3TN
_______________________________________________
CQ-Contest mailing list
CQ-Contest@xxxxxxxxxxxxxx
http://lists.contesting.com/mailman/listinfo/cq-contest
_______________________________________________
CQ-Contest mailing list
CQ-Contest@xxxxxxxxxxxxxx
http://lists.contesting.com/mailman/listinfo/cq-contest