Data breach hits Hilton Worldwide hotel chain

Point of Sale terminals may have compromised customers’ card details.

Computer Weekly has today reported that Hilton International has identified malware on its Point of Sale (PoS) terminals that may have compromised customers’ card details.

This isn’t unique to Hilton Hotels, similar data compromises have recently been identified at the Mandarin Oriental Group, the Las Vegas Hard Rock Hotel & Casino, the LAs Vegas Sands Casino and Trump Hotels.

As a precautionary measure, the Hilton hotel group advised customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel between 18th November and 5th December 2014, and between 21st April and 27th July 2015.

We at Compliance3 don’t often speak about Point of Sale (or ’Customer Present’) fraud, according to the UK Cards Association “Card Fraud losses in in 2012 were down 75 per cent since the peak losses of £218.8 million in 2004, prior to the roll out of Chip & PIN in the UK.

But payment streams are inextricably linked – the criminals won’t be going away any time soon – and as ‘Chip & Pin’ gets rolled out across the United States it is expected that ‘Customer Present’ fraud will follow the UK experience and fall significantly. However as ‘Customer Present’ fraud falls, it is anticipated that ‘Customer Not Present’ fraud will increase – to an estimated $6.4bn in 2018 across the United States.

US Card Not Present Fraud Estimates

And contact centres – payments by telephone – continue to be seen as a target for criminals.

According to Detective Chief Inspector Derek Robertson of Strathclyde Police ”We know of organised crime groups who are placing people within the call centres so that they can steal customers’ data and carry out fraud and money-laundering. We also know of employees being approached and coerced, whether physically, violently or by being encouraged to make some extra money. And, of course, you also have the disgruntled employee who may turn their hand to fraud just to benefit themselves”.

We at Compliance3 work with our customers to take payment card data out of their contact centre environments, out of temptation’s way.

Get in touch, see how we can help you reduce your company’s cyber security risks.