Where Your Credit Card is Most Likely to Be Stolen
Credit card fraud thieves at hotels.
July 8, 2010— -- Your next hotel room might end up costing you more than you expected.
It turns out hotels have now surpassed restaurants for the top spot where your credit card data is most likely to be stolen, according to one firm that tracks such thefts.
Hackers are finding hotels and their booking centers prime targets. The reservation centers often have thousands of credit card numbers on file and one successful break can yield plenty of numbers for an illegal shopping spree.
Fraudulent charges might show up a few hours after a reservation is made, after check-out or even months later. And the problem is not limited to small hotels.
"It's certainly the top name brands," said Robert J. McCullen, chairman and CEO of Trustwave, a company that is hired by hotels and other merchants to protect their systems.
Stay Up to Date on the Latest Travel Trends from ABC News on Twitter
In a recent report, Trustwave said that 38 percent of all data breaches in 2009 came from hotels. Restaurants, once the leader, now account for just 13 percent of the thefts. McCullen said hotels have risen as targets in just the last 18 months.
Part of the appeal of hotels is the large number of points where credit card information is used. It's not just the front desk but the golf course, the restaurants, the spa, the gift shop and the pool bar. All of them, McCullen said, are tied into a central computer system. There are only a few vendors providing the credit card reading equipment and related software. Once the hackers figure out how one system works, McCullen said they take a "cookie cutter" approach to breaking into every hotel that has it.
For example, if the hackers can figure out the system for the Marriott in Salt Lake City, they could possibly break into the Marriott in New Orleans. Or if they crack the system Sheraton uses, they can get data from Westins too, since they are both part of the same parent company,Starwood Hotels.
The reason hotels are more vulnerable: they have a lot of workers with access to company computers.
"You have so many different employees going through the system that it allows them to either skim cards or put in malware that lets the bad guys hack into the system," McCullen said.