Banks link credit card fraud to Marriott hotels

A number of financial institutions have found fraud on customer credit and debit cards that were all recently used at Marriot hotels, says KrebsOnSecurity.

The compromises appear to be connected with cash registers at food and beverage establishments within the hotels. These are believed to be the same sources that were compromised back in January 2014 at the same chain of hotels.

White Lodging Services Corporation, the hotel franchise firm that runs Marriott properties, has said that it is investigating but has found no signs of a new breach.

According to White Lodging spokesperson, Kathleen Sebastian, the company has implemented a number of new security measures since its breach in January 2014, including a third-party-managed firewall system and dual-factor authentication for critical systems.

This news comes after Marriott was recently in the headlines for its app that had been left vulnerable for four years, allowing unauthenticated access to customer reservations.

Marriott is said to be nearly finished fitting its cash registers with tokenization, a technology that takes placeholder information instead of card data, meaning it has no exploitable value for hackers.

According to a January 2015 report by Gartner, Inc., 50% of Level 1 through Level 3 US merchants have already or will adopt tokenization in the next year. This is because it’s relatively cheap to install, less complicated to install in the short run, and significantly simplifies the process of complying with the Payment Card Industry Data Security Standard (PCI DSS).

Any organization that stores, transmits, or processes card holder data must comply with the PCI DSS, or risk suffering a data breach and paying non-compliance or data compromise fines.

Click here for more guidance on complying with the PCI DSS.


One Response

  1. Jay Becker April 3, 2018