BreachExchange mailing list archives
Re: Best Western Response
From: "Harris, Michael C." <HarrisMC () health missouri edu>
Date: Tue, 26 Aug 2008 13:41:57 -0500
There is something missing here, that doesn't true out with the expectations in the PCI standard for a level one payer. Smaller mom and pop level four establishment may slip by, but the mandatory audits of level one folks should be forcing some change across the hospitality industry... Perhaps slowly. It should have been identified as an audit point with a remediation plan in the quarterly or yearly PCI audit. So who was the last quarterly PCI auditor for Best Western? Is PCI that broken or ignored? Level One 6,000,000 transactions per year Annual On-site PCI Data Security Assessment and Quarterly Network Scan Qualified Security Assessor or Internal Audit if signed by Officer of the company Approved Scanning Vendor Level Two 1,000,000 to 6,000,000 transactions Annual On-site PCI Data Security Assessment and Quarterly Network Scan Merchant Approved Scanning Vendor -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of macwheel99 () wowway com Sent: Monday, August 25, 2008 9:10 PM To: *Hobbit*; dataloss () attrition org Cc: macwheel99 () wowway com Subject: Re: [Dataloss] Best Western Response Another hotel chain overcharged me a few days on my Master Card. I had told them I planned to stay to a particular date, then I checked out early, and the checkout paperwork correctly reflected the # days I had stayed. When I saw that my credit card bill was much bigger than the paperwork they gave me on checkout, I called to get it fixed. They fixed it. They did not need me to give them my credit card # again. I was calling them 2 weeks after I checked out, when I saw my credit card bill. The chain was Econo Lodge. On Mon, 25 Aug 2008 20:00:24 +0000 (GMT), *Hobbit* wrote
... how come I can call Best Western and make a reservation on my Visa card, without informing them of the number? and I haven't slept in a Best Western in 5 years? And your card number hasn't changed in 5 years either?? Hmmm... But I would be hard pressed to believe that any hotel chain large or small ever destroys their records of people's card numbers. I would call bullshit on BW's "response" based on that alone. _H* _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
-- WOW! Homepage (http://www.wowway.com) _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Best Western Response jkouns (Aug 24)
- Re: Best Western Response Domonick T. Weaver (Aug 25)
- <Possible follow-ups>
- Re: Best Western Response *Hobbit* (Aug 25)
- Re: Best Western Response Tom Mahoney (Aug 25)
- Re: Best Western Response macwheel99 (Aug 26)
- Re: Best Western Response Harris, Michael C. (Aug 26)
- Re: Best Western Response DAIL, WILLARD A (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Michael Hill, CITRMS (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response Daniel Clemens (Aug 26)
- Re: Best Western Response Jamie C. Pole (Aug 26)
- Re: Best Western Response security curmudgeon (Aug 26)
- Re: Best Western Response Jeffrey Walton (Aug 26)