Our properties that had secure payment solution not affected by card breach – InterContinental Hotels

Following a malware attack on its payment card processing systems towards the end of last year, InterContinental Hotels Group (IHG) hired a cyber security firm on behalf of its franchisees to coordinate an examination of the payment card processing systems of franchise hotel locations in the Americas region in order to ensure an efficient and effective response.
The cyber security firm’s investigation identified signs of the operation of malware designed to access payment card data from cards used onsite at front desks at certain IHG-branded franchise hotel locations between September 29, 2016 and December 29, 2016.
“Although there is no evidence of unauthorized access to payment card data after December 29, 2016, confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017,” stated IHG in a statement.
IHG said that before the incident began, many of its branded franchise hotel locations had implemented IHG’s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution, noting that properties that had implemented SPS before September 29, 2016 were not affected.
“Many more properties implemented SPS after September 29, 2016, and the implementation of SPS ended the ability of the malware to find payment card data and, therefore, cards used at these locations after SPS implementation were not affected,” the hotel chain said.
A number of independently owned and operated IHG franchises were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately used at their locations.

The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server. The investigation found that is no indication that other guest information was affected.

Since the breach was reported in February, IHG has been working closely with the payment card networks as well as with the cyber security firm to confirm that the malware has been eradicated and evaluate ways for franchisees to enhance security measures.

Leave a Reply

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.