Is Your Campus Hotel Targeted?

If you have a hotel on your campus, you should have a look at Visa's Alert on Targeted Hospitality Industry Vulnerabilities. I've blogged about campus hotel PCI issues before (see here and here), but this release highlights two particular attack vectors that should get your attention.

In one case, hackers in which they install debugging software on POS systems to extract full magnetic stripe data from volatile terminal memory. As Visa explains, this method of data
extraction from memory is of particular concern since unencrypted data is commonly written to volatile memory during the transaction process. Best of all, hackers may utilize tools to execute the program remotely.

Another attack is when which hackers with full access to the system enable debug mode on payment applications to obtain full magnetic stripe data from the system. For this type of attack, debugging software is not necessary since the payment application has the option to enable debug mode for troubleshooting purposes. A solution is to ensure you set administrative and all privileges properly.

Hotels are a particularly challenging PCI environment. They also are, apparently, targeted. Don't wait to be a victim. Act now to ensure you and your institution are protected.