TEXT OF INTERVIEW
Tess Vigeland: If you’re in Vegas this weekend, I hope you left your computer at home. ‘Cause you’re there with thousands of hackers attending a convention called Def Con, and they’re really good at what they do. But you might be surprised at where they’re practicing a good chunk of their craft these days. The information security group Trustwave says credit card hacking is happening at more and more hotels.
Nicholas Percoco is with the company and he joins us from Sin City. Welcome.
Nicholas Percoco: Thank you.
Vigeland: So, should I not be staying at hotels anymore?
Percoco: No, not necessarily. You can stay at any hotel you want. What we’re seeing is that hackers have been going after data that’s been stored within hotels.
Vigeland: And how does that work? I mean, when you check in, you give them your credit card, and somebody is standing nearby watching?
Percoco: When you check into a hotel, hand somebody your credit card, they then swipe it into a point of sale system, so the computer system the hotel uses to manage rooms and your final bill. That data then gets stored within the system and transmitted over to their bank for authorization. And the attackers are infiltrating those systems, and basically waiting for that data to be entered so they’re waiting for the swipe. And when the swipe happens, they’re recording that.
Vigeland: You know, the other thing that I have often wondered in travelling, is you know, when I hook up my personal computer, or my work computer to the hotel wi-fi system, if I’m doing any sort of financial transactions on that, I’ve wondered if that is safe? Is that part of this as well?
Percoco: Typically in hotels, the public network, so the wi-fi in the room Internet access that you plug into — typically, that is separate. They should not be the same network. Now, we have seen instances where those are the same network. So there could be risk there as well, where if the attackers are on that network they can now… If you leave your computer plugged in say, in your hotel room, and then you go to dinner, and you’re not up-to-date on your patches and you don’t have a personal firewall on that system, you could get attacked as well, with your computer just sitting there in your hotel room.
Vigeland: So then, for me as the consumer, what are they doing with my information? Is this pure theft, where they are taking my credit card numbers and using it to buy things? Or is there an element of identity theft here, where they are then creating my evil twin?
Percoco: Not necessarily identity theft. I think sometimes, credit card crimes are confused with identity theft. So if someone gets a hold of your credit card, they’re not going to be able to go get a new home loan with that. So it is a bit separated. But, they will go and they’ll go on a shopping spree with your information.
Vigeland: So, is there anyway to protect yourself from this? I mean, you can’t go up and demand that the hotel get a better security system right? How do you even know if they have a good security system or not?
Percoco: You really don’t, and actually, last fall I stayed at a hotel and a few hours after I checked in, my credit card issuer, I actually got a text message from my credit card issuer that said that we’ve identified some odd activity on your card.
Vigeland: Somebody hacked you?
Percoco: Yeah. I checked into a hotel and my credit card got taken. So as a consumer, from that perspective, of that happening to you, there’s really not much you can do. Now, from an awareness standpoint, you should review your statements. Look at all those charges. Many times, when someone gets a hold of your credit card, they may not go and charge the $4,000 plasma TV. They may only spend $2 just to see if it works.
Vigeland: Or go to the 7-Eleven.
Percoco: They may go buy a Slurpee, right? And they say, yep, the credit card works, and no one’s noticed that it has been stolen yet.
Vigeland: So now I’m going to head to the mall!
Percoco: Yep, and then they go to the mall and they buy a new wardrobe.
Vigeland: So I guess the lesson, as always with your credit card, is to pay super super close attention to your statements.
Percoco: Yeah, as a consumer, that’s basically the only thing you can do.
Vigeland: Nick Percoco is senior vice president at Trustwave. Thanks so much.
Percoco: Your welcome. Thank you.
As a nonprofit news organization, our future depends on listeners like you who believe in the power of public service journalism.
Your investment in Marketplace helps us remain paywall-free and ensures everyone has access to trustworthy, unbiased news and information, regardless of their ability to pay.
Donate today — in any amount — to become a Marketplace Investor. Now more than ever, your commitment makes a difference.