Customer Paying Credit Card Punching Pic Number


With each passing year, we see a significant hike in data breaches, security incidents, and point-of-sale concerns.  This year is no

Recently, a number of hotels from across the country discovered that their point-of-sale terminals were infected with a string of malware.  This malware swiped the credit card data pushed through the terminals set up at these hotels, and it was capable of swiping everything from the account number to the 3-digit verification code.  So far, this malware has been detected on the terminals of 20 different hotels, and in some cases, it has been present since March of 2015.

When it comes to cases like this, it’s important to practice caution and to remain diligent.  Here’s what we recommend as proper next-steps.Ceoec

Typically, when a chain is part of a security incident, the company will release a list of known sites affected.  Here’s the list from the recent hotel incident (which involved Marriott, Sheraton, Westin, and Hyatt resorts), and here’s one from Wendy’s (which was released at the beginning of 2016).

If you discover there’s been a breach at a company you’ve been involved with in the last year or two, then you should check their affected site list no matter what.  For both of the hacks listed above, the breach goes back to the previous year.  So even if you had a milkshake at Wendy’s six months ago, you should still check.

If you do feel like you’ve visited an affected site in the given time period, then you should consider turning off the credit card you used during that visit.  Even if you haven’t noticed any suspicious activity, you should still turn it off.  There’s a chance the hacker just hasn’t gotten to your card yet or that they’ve been charging little amounts to your card at a time to see if you’ll notice.

You should also consider requesting a new card from your bank if you’ve been to an affected site within a few months of the infection.  Just because there’s a time period listed doesn’t mean it’s accurate.

Whether or not you decide to shut down your card, take the time to look over your bank statements.  Go back to a few months before the incident occurred and account for every charge (even the small ones).

Like mentioned previously, hackers have been known to charge little amounts to a credit card to see if the account holder will notice.  This activity could lead up to an account-draining charge, or they might just continue to charge small amounts to the card until the owner notices.  Nonetheless, two dollars here and there can eventually add up to something pretty large.

If you’ve reviewed your accounts and you haven’t seen anything out of place, that doesn’t mean you’re in the clear.  And if you haven’t visited an affected site within the given time period, that also doesn’t mean you’re in the clear.

You’ll have to remain diligent and keep a close eye on your accounts for quite some time.  Just as we saw with the LinkedIn breach from earlier this year, sets of data that was hacked years ago can pop up when you least expect it.  If you’re at all concerned and if you’d like to avoid the uncertainty, just request a new card.

Leave a Reply

Your email address will not be published. Required fields are marked *