[CQ-Contest] Crowne Plaza Credit Card transaction
ac0w at charter.net
ac0w at charter.net
Fri May 26 11:53:55 EDT 2017
Apparently you don't travel a lot. A lot of hotels will do a
fictitious charge to the credit card to confirm the credit card is
good. At some point during your stay a cancellation of the charge will
be issued, which you will never see. None of these charges show up on
your monthly statement.
Most times this comes through under some other name and not the name
of the Hotel, such as the name of the hotel management group or in
this case the name of the chain. Crowne Plaza is part of the IHG chain
of hotels. The charge is typically for some value greater than one
night stay.
For some reason the way the transaction is run it typical shows as
card not present despite them swiping the card at check-in.
My practice when I get notified of the charge such as this after
checking into the hotel is to check the name to make sure it makes
sense for the hotel I check into. Many times the name of the
management group is in the lobby somewhere. But a quick search on the
web quickly gives me the answer I need.
BillAC0W
Message: 5
Date: Fri, 26 May 2017 06:02:12 -0400
From: jpescatore at aol.com
To: CQ-Contest at CONTESTING.COM
Subject: [CQ-Contest] Dayton Crown Plaza Credit Card flaw
Message-ID:
Content-Type: text/plain; charset=utf-8
Here's what happened - it happened to me and I work in Internet
security:
The Intercontinental Hotel Group (parent of Holiday Inn, Crowne
Plaza, etc) was hacked back in February and continuing through April.
Over 1,100 of its hotels were impacted. If you are interested, details
here:
http://www.computerworld.com/article/3190175/security/1-175-hotels-listed-in-payment-card-breach-of-holiday-inn-parent-company.html
/>
I checked in to the Crowne Plaza on Friday afternoon. Later that day
I got a potential fraud alert from Mastercard that a "card not
present" charge of $377 was made to my card by something called IHG. I
checked online, my charges that day for gas and for the hotel I stayed
on on Thursday night were there and legit - and there was an IHG
charge of $377.
When I checked in, they physically swiped my card so it should *not*
have shown up as card not present, and I didn't immediately connect
IHG to Crowne Plaza. I called Mastercard, they connected me to the
fraud folks and I asked "Do you show more information about IHG?" they
said no. So, I said that must be a fraudulent charge and they
cancelled that card and are sending me a new one.
I went down to the desk to tell them I would switch the charges to
another card and they said "Yes, we are having a lot of that because
of the hack." Bells went off in my head, but too late to stop the card
from being cancelled. The clerk said "let me check the list of
disputed charges, because the system will shut your room card access
off." I'd come down quickly enough, wasn't on that list but it was
several pages long.
Because of the hack and exposure, IHG apparently was centrally
processing card swipes until they could validate that all impacted
hotels had cleaned up there local systems. So, the charge showed up as
"card not present" - I have no idea why it showed up when I checked
in, as on business travel it usually shows up on checkout.
When I was checking in, two hams sharing a room came down and said
their room cards didn't work. They might have had the disputed charge
thing cancel happen to them, don't know.
Advice: no reason to worry about fraud to your card from your Dayton
stay, but if you stayed in any of the 1,100 hotels between February
and April and haven't been contacted, good idea to at least check your
credit records if not change that card number.
73 John K3TN
More information about the CQ-Contest
mailing list