Hotels and resorts are the biggest targets of criminals intent on stealing card data. Trustwave released a 2010 Global Security Report which contains information drawn form the company’s investigations of over 200 security breaches in the past year.
For a period of time, restaurants were the most frequently targeted industry segment for criminals on the prowl for card data. Restaurants were particularly easy targets because card information was being stored on old point of sale systems. Restaurants are still targets of attacks, and account for 13% of breach investigations. Financial-services companies account for 19% of breaches, followed by retailers with 14.2%, business services at 5%,and technology companies at 4%.
But, hotels and resorts led the pack with 38% of card hacking investigations. Hackers commonly use what is know as remote-access application attacks. These attacks are targeted at vulnerability in internet channels. IT software for hotels and resorts which combines business and card data frequently are not strongly defended from external attacks. For example, many of the software programs being used by the hotels and resorts had weak password or no password protection at all, making it easy for a sophisticated cybercriminal to exploit holes in the system. Hackers also use other methods of accessing the applications.
Third-party connectivity can exploit data networks which are linked by physical telecommunications lines. And SQL injection is used to insert malicious code into the databases of software applications. Third-party vendors were involved in 81% of the security breaches. This demonstrates the need for companies to keep a close eye on all vendors and have internal security systems to protect against unscrupulous behavior.
Merchants should use a high risk payment processing gateway to add to protection against hackers.
Interested in secure payment processing accounts to protect your business?
Contact firstname.lastname@example.org today