Card data exposed as Radisson Hotels becomes latest breach victim

Card data exposed as Radisson Hotels becomes latest breach victim

In the latest data breach to hit the headlines, Radisson Hotels & Resorts says its computer systems have been illegally accessed, putting customer card details at risk.

In an open letter on its Web site, the chain says some of its hotels in the US and Canada are affected by the breach, which happened between November 2008 and May.

Names on credit and debit cards, as well as numbers and expiration dates are exposed but not social security numbers. Radisson says it does not know how many people have had their data exposed.

"We recommend that you review your account statements and credit reports closely. To the extent there is any suspected unauthorized card activity, it should be reported to the bank that issued your credit card," says the letter.

The firm says it was made aware of the breach by Visa, MasterCard and payment processors and is now working with law enforcement and forensic investigators.

A review of the affected computer systems is underway and additional security measures designed to prevent a recurrence of such an attack have been implemented.

Earlier this week prosecutors charged a Miami man with hacking into the computer networks of several firms - including Heartland Payment Systems, 7-Eleven and Hannaford Brothers - and stealing the details of 130 million credit and debit cards.

Comments: (1)

A Finextra member
A Finextra member 20 August, 2009, 14:55Be the first to give this comment the thumbs up 0 likes

Over the past ten days, a string of card data thefts have been made public. Radisson Hotels & Resorts is the latest to announce that its computer systems have been illegally accessed, putting customer card details at risk. This follows the news that US authorities have charged 11 people in connection with the theft of credit card details in the country's largest-ever identity theft case. They are accused of stealing more than 40 million credit and debit card numbers before selling the information.

As fraudsters become ever more sophisticated and bold in their bid to steal credit and debit card data, financial institutions, merchants and industry players need to be confident that they have sufficient security measures in place to protect customers from fraud, even if their card details are compromised. Visa and MasterCard have been putting measures in place over the past few years to ensure that this is the case. VISA's Dynamic passcode authentication (DPA), like MasterCard's Chip Authentication Protocol (CAP), enables EMV IC cards (smart cards) to provide security in Internet transactions where the card cannot be presented to the merchant or bank. While this approach has been widely implemented for online banking, particularly in the UK, it now needs to be extended to e-commerce too. In fact, Visa has mandated that by June 2010, all Visa cardholders will need to use dynamic password strong authentication for all types of online transactions.

While security breaches and data theft instances are likely to occur regardless of how hard financial institutions and merchants try to protect their data and systems, the widespread roll-out of dynamic passcode authentication solutions in the form of personal Home Chip and PIN card readers for all online transactions will render such stolen data useless.