[CQ-Contest] FW: Dayton Crown Plaza Credit Card flaw

N2TK, Tony tony.kaz at verizon.net
Fri May 26 10:08:37 EDT 2017

-----Original Message-----
From: N2TK, Tony [mailto:tony.kaz at verizon.net] 
Sent: Friday, May 26, 2017 10:08 AM
To: 'jpescatore at aol.com' <jpescatore at aol.com>
Subject: RE: [CQ-Contest] Dayton Crown Plaza Credit Card flaw

IHG (International Hotel Group) has several hotels including the Crowne,
Holiday Inn, Candlewood, Staybridge, etc.
It is typical to see a charge to IHG when checking in to their hotels. 
No problems here detected on my charge card.
N2TK, Tony

-----Original Message-----
From: CQ-Contest [mailto:cq-contest-bounces at contesting.com] On Behalf Of
jpescatore--- via CQ-Contest
Sent: Friday, May 26, 2017 6:02 AM
Subject: [CQ-Contest] Dayton Crown Plaza Credit Card flaw

Here's what happened - it happened to me and I work in Internet security:

The Intercontinental Hotel Group (parent of Holiday Inn, Crowne Plaza, etc)
was hacked back in February and continuing through April. Over 1,100 of its
hotels were impacted. If you are interested, details here:

I checked in to the Crowne Plaza on Friday afternoon. Later that day I got a
potential fraud alert from Mastercard that a "card not present" charge of
$377 was made to my card by something called IHG. I checked online, my
charges that day for gas and for the hotel I stayed on on Thursday night
were there and legit - and there was an IHG charge of $377. 

When I checked in, they physically swiped my card so it should *not* have
shown up as card not present, and I didn't immediately connect IHG to Crowne
Plaza. I called Mastercard, they connected me to the fraud folks and I asked
"Do you show more information about IHG?" they said no. So, I said that must
be a fraudulent charge and they cancelled that card and are sending me a new

I went down to the desk to tell them I would switch the charges to another
card and they said "Yes, we are having a lot of that because of the hack."
Bells went off in my head, but too late to stop the card from being
cancelled. The clerk said "let me check the list of disputed charges,
because the system will shut your room card access off." I'd come down
quickly enough, wasn't on that list but it was several pages long.

Because of the hack and exposure, IHG apparently was centrally processing
card swipes until they could validate that all impacted hotels had cleaned
up there local systems. So, the charge showed up as "card not present" - I
have no idea why it showed up when I checked in, as on business travel it
usually shows up on checkout.

When I was checking in, two hams sharing a room came down and said their
room cards didn't work. They might have had the disputed charge thing cancel
happen to them, don't know.

Advice: no reason to worry about fraud to your card from your Dayton stay,
but if you stayed in any of the 1,100 hotels between February and April and
haven't been contacted, good idea to at least check your credit records if
not change that card number.

73 John K3TN
CQ-Contest mailing list
CQ-Contest at contesting.com

More information about the CQ-Contest mailing list