InterContinental Breach Fuels CNP Fraud

Hotels continue to be a favored target of hackers seeking payment card information as InterContinental Hotels Group confirmed a network security breach at 12 of its locations, first reported by security blogger Brian Krebs. In a statement, the global hotel operator of brands like Holiday Inn, InterContinental, Crowne Plaza and Staybridge Suites said it currently has not determined the extent of the breach but identified malware affecting the POS systems at restaurants and bars in the U.S., Canada and Caribbean from August 2016 through December 2016. It said the investigation is ongoing and could result in additional compromised locations being identified.

While personal information has gained favor recently as a target of mass data theft, hotel gift shops, restaurants and bars have been the source for multiple hacks over the past several years resulting in the loss of payment card information. Hyatt, Marriot, Starwood, Hilton, Mandarin and Trump hotels are just some of the brands that have been affected by recent data breaches.

In the past, a hack like this mainly would result in the stolen information being coded onto counterfeit cards and used at physical locations to buy products that could be sold easily for cash. The U.S. migration to chip cards and EMV-compliant POS systems has stemmed the tide of counterfeit card fraud in the U.S., as it has in other markets that have switched to EMV. A recent Visa report said counterfeit fraud is falling. Thirty-nine percent of merchant locations now have chip-enabled terminals representing 49 percent of total payment volume, Visa said. And, among those merchants, counterfeit fraud is down 52 percent. Another recent report explained where all that fraud went, however, indicating what kind of businesses are bearing the biggest fraud burden now. According to Javelin Strategy & Research, CNP fraud is up 40 percent in the last year.