We hear about compromises of credit card information all the time. The biggest headlines seem to be precipitated when financial indstitutions or large retailers are attacked. According to a study released eariler this year by the data-security consulting company Trustwave, though, the industry that sees the most compromises is actually hotels. According to the study – 38% of breaches involve hotels, 19% financial institutions, 14.2% retailing, and 13% restaruants and bars.
Why hotels? There are many possible explanations. Like car rental companies, hotels have a legitimate need to be able to add charges to your card after you leave (to cover damage or theft). This means their transaction systems must be able to store credit card information. The hospitality industry has been hit hard by the recession, resulting in budget cuts in security and delays in adopting newer and more secure technology. Employee turnover is this sector is high, making it difficult to ensure all employees are properly trained. Even within major chains, the security practices can vary widely. Consistent policies and policy eforcement are as important as the technology used to secure data.
What can travelers do to protect themselves? Here are some tips to help lower the risk.
1. The most important measure for preventing credit card fraud is vigilance. Check your statement as soon as you receive it. Do not ignore small charges that you do not recognize. Criminals will often test the waters with small charges to see if they go through before attempting large ones. If you see something suspicious, follow up immediately. Generally, you will not be held liable for fraudulent charges, AS LONG AS YOU NOTIFY THE CREDIT CARD COMPANY PROMPTLY.
2. Keep separate credit cards for business and personal expenses. If possible maintain a card with a low credit limted for routine travel expenses.
3. Keep your card in your possession as much as possible. If you must give up possesion of the card, try to keep an eye on it and watch for suspicious activity. “Card skimmers” are small, easily hidden devices that can be used to capture the data from the magnetic stripe on the card.
4. Don’t be afraid to ask about security practices. The CVV code (the last three digits of the number on the signature line on the back of the credit card) should NEVER be written down or stored with other credit card information (even in encrypted form). Make sure your full credit card number does not appear on any bills or invoices.
Dennis H in West Virginia, US
July 27, 2010