[CQ-Contest] Dayton Crown Plaza Credit Card flaw

David Siddall hhamwv at gmail.com
Fri May 26 11:54:09 EDT 2017


My understanding is that IHG caused their own problem because they used
old-fashioned "swipe" terminals instead of modern chip terminals.  (Chip
information is encrypted.)

But don't feel overly safe.  Even credit card chip technology in the U.S.
is less secure than elsewhere.  A lost U.S. credit card with chip can be
used anywhere by anyone until canceled.  A European credit card, however,
cannot be used without the owner's 4-digit PIN in addition to the chip
(same as debit cards, but not credit cards, in the U.S.).

73, Dave K3ZJ


On Fri, May 26, 2017 at 6:02 AM, jpescatore--- via CQ-Contest <
cq-contest at contesting.com> wrote:

> Here's what happened - it happened to me and I work in Internet security:
>
>
> The Intercontinental Hotel Group (parent of Holiday Inn, Crowne Plaza,
> etc) was hacked back in February and continuing through April. Over 1,100
> of its hotels were impacted. If you are interested, details here:
> http://www.computerworld.com/article/3190175/security/1-175-
> hotels-listed-in-payment-card-breach-of-holiday-inn-parent-company.html
>
>
> I checked in to the Crowne Plaza on Friday afternoon. Later that day I got
> a potential fraud alert from Mastercard that a "card not present" charge of
> $377 was made to my card by something called IHG. I checked online, my
> charges that day for gas and for the hotel I stayed on on Thursday night
> were there and legit - and there was an IHG charge of $377.
>
>
> When I checked in, they physically swiped my card so it should *not* have
> shown up as card not present, and I didn't immediately connect IHG to
> Crowne Plaza. I called Mastercard, they connected me to the fraud folks and
> I asked "Do you show more information about IHG?" they said no. So, I said
> that must be a fraudulent charge and they cancelled that card and are
> sending me a new one.
>
>
> I went down to the desk to tell them I would switch the charges to another
> card and they said "Yes, we are having a lot of that because of the hack."
> Bells went off in my head, but too late to stop the card from being
> cancelled. The clerk said "let me check the list of disputed charges,
> because the system will shut your room card access off." I'd come down
> quickly enough, wasn't on that list but it was several pages long.
>
>
> Because of the hack and exposure, IHG apparently was centrally processing
> card swipes until they could validate that all impacted hotels had cleaned
> up there local systems. So, the charge showed up as "card not present" - I
> have no idea why it showed up when I checked in, as on business travel it
> usually shows up on checkout.
>
>
> When I was checking in, two hams sharing a room came down and said their
> room cards didn't work. They might have had the disputed charge thing
> cancel happen to them, don't know.
>
>
> Advice: no reason to worry about fraud to your card from your Dayton stay,
> but if you stayed in any of the 1,100 hotels between February and April and
> haven't been contacted, good idea to at least check your credit records if
> not change that card number.
>
>
> 73 John K3TN
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest at contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
>


More information about the CQ-Contest mailing list