Data Breach at Madison Square Garden.

  It was revealed recently that the Madison Square Garden Company (MSGC) has suffered a data breach at five of its venues. In a statement, the company wrote that it has notified customers that an investigation found “external unauthorized access to MSG’s payment processing system” at Madison Square Garden, the Theatre at Madison Square Garden, Radio City Music Hall, Beacon Theatre, and the Chicago Theatre in the past year. The data breach appears to have originated through compromised ‘swipe card’ machines, the older version of PED (Pin Entry Devices)  – as the use of ‘Chip and Pin’ is still not widespread in the United States. According to the MSGC statement “Data contained in the magnetic stripe on the back of payment cards swiped in person to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater between November 9, 2015 and October 24, 2016 may have been affected, including credit card numbers, cardholder names, expiration dates and internal verification codes. Not all cards used during this time frame were affected. This incident did not involve cards used on MSG websites, at the venues’ Box Offices, or on Ticketmaster.” That’s nearly a year before the compromise was detected, and during that period those venues hosted hundreds of  concerts and sporting events. Madison Square Garden alone held three Kanye West ‘events’, six sell-out concerts by Adele, two Radiohead concerts, and a long term residency by Billy Joel. And every card used to purchase merchandise, hot dogs or popcorn at those events might be compromised. It’s easy, here in...

Data breach hits Hilton Worldwide hotel chain

Point of Sale terminals may have compromised customers’ card details. Computer Weekly has today reported that Hilton International has identified malware on its Point of Sale (PoS) terminals that may have compromised customers’ card details. This isn’t unique to Hilton Hotels, similar data compromises have recently been identified at the Mandarin Oriental Group, the Las Vegas Hard Rock Hotel & Casino, the LAs Vegas Sands Casino and Trump Hotels. As a precautionary measure, the Hilton hotel group advised customers to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel between 18th November and 5th December 2014, and between 21st April and 27th July 2015. We at Compliance3 don’t often speak about Point of Sale (or ’Customer Present’) fraud, according to the UK Cards Association “Card Fraud losses in in 2012 were down 75 per cent since the peak losses of £218.8 million in 2004, prior to the roll out of Chip & PIN in the UK.” But payment streams are inextricably linked – the criminals won’t be going away any time soon – and as ‘Chip & Pin’ gets rolled out across the United States it is expected that ‘Customer Present’ fraud will follow the UK experience and fall significantly. However as ‘Customer Present’ fraud falls, it is anticipated that ‘Customer Not Present’ fraud will increase – to an estimated $6.4bn in 2018 across the United States. And contact centres – payments by telephone – continue to be seen as a target for criminals. According to Detective Chief Inspector Derek Robertson of Strathclyde Police ”We know of organised crime groups...