[CQ-Contest] Dayton Crown Plaza Credit Card flaw

Ria Jairam rjairam at gmail.com
Fri May 26 15:54:49 EDT 2017


I believe that European credit cards have mag stripes on them, so they can
be used overseas. US has begun to adopt chip cards but a large number of
places use swipe despite the liability shift that occurred in 2015. There's
also the good old fashioned knuckle buster that can read a card imprint.

The best security is NFC, such as Apple Pay. You get a different account
number from your actual card number and it is secured. It's also faster
than an EMV chip dip.

I wish more places would have it.

Ria
N2RJ
On Fri, May 26, 2017 at 2:42 PM David Siddall <hhamwv at gmail.com> wrote:

> My understanding is that IHG caused their own problem because they used
> old-fashioned "swipe" terminals instead of modern chip terminals.  (Chip
> information is encrypted.)
>
> But don't feel overly safe.  Even credit card chip technology in the U.S.
> is less secure than elsewhere.  A lost U.S. credit card with chip can be
> used anywhere by anyone until canceled.  A European credit card, however,
> cannot be used without the owner's 4-digit PIN in addition to the chip
> (same as debit cards, but not credit cards, in the U.S.).
>
> 73, Dave K3ZJ
>
>
> On Fri, May 26, 2017 at 6:02 AM, jpescatore--- via CQ-Contest <
> cq-contest at contesting.com> wrote:
>
> > Here's what happened - it happened to me and I work in Internet security:
> >
> >
> > The Intercontinental Hotel Group (parent of Holiday Inn, Crowne Plaza,
> > etc) was hacked back in February and continuing through April. Over 1,100
> > of its hotels were impacted. If you are interested, details here:
> > http://www.computerworld.com/article/3190175/security/1-175-
> > hotels-listed-in-payment-card-breach-of-holiday-inn-parent-company.html
> >
> >
> > I checked in to the Crowne Plaza on Friday afternoon. Later that day I
> got
> > a potential fraud alert from Mastercard that a "card not present" charge
> of
> > $377 was made to my card by something called IHG. I checked online, my
> > charges that day for gas and for the hotel I stayed on on Thursday night
> > were there and legit - and there was an IHG charge of $377.
> >
> >
> > When I checked in, they physically swiped my card so it should *not* have
> > shown up as card not present, and I didn't immediately connect IHG to
> > Crowne Plaza. I called Mastercard, they connected me to the fraud folks
> and
> > I asked "Do you show more information about IHG?" they said no. So, I
> said
> > that must be a fraudulent charge and they cancelled that card and are
> > sending me a new one.
> >
> >
> > I went down to the desk to tell them I would switch the charges to
> another
> > card and they said "Yes, we are having a lot of that because of the
> hack."
> > Bells went off in my head, but too late to stop the card from being
> > cancelled. The clerk said "let me check the list of disputed charges,
> > because the system will shut your room card access off." I'd come down
> > quickly enough, wasn't on that list but it was several pages long.
> >
> >
> > Because of the hack and exposure, IHG apparently was centrally processing
> > card swipes until they could validate that all impacted hotels had
> cleaned
> > up there local systems. So, the charge showed up as "card not present" -
> I
> > have no idea why it showed up when I checked in, as on business travel it
> > usually shows up on checkout.
> >
> >
> > When I was checking in, two hams sharing a room came down and said their
> > room cards didn't work. They might have had the disputed charge thing
> > cancel happen to them, don't know.
> >
> >
> > Advice: no reason to worry about fraud to your card from your Dayton
> stay,
> > but if you stayed in any of the 1,100 hotels between February and April
> and
> > haven't been contacted, good idea to at least check your credit records
> if
> > not change that card number.
> >
> >
> > 73 John K3TN
> > _______________________________________________
> > CQ-Contest mailing list
> > CQ-Contest at contesting.com
> > http://lists.contesting.com/mailman/listinfo/cq-contest
> >
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest at contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
>


More information about the CQ-Contest mailing list