P2017-ND-157

Servus Credit Union

In January 2017, several franchisees were made aware by payment card networks of patterns of unauthorized charges occurring on payment cards after they were legitimately used at franchise locations. The franchisees reported this information to Intercontinental Hotels Group Company (IHG). IHG coordinated an examination of the payment card processing systems of franchise hotel locations in the Americas. The investigation found signs of the operation of malware designed to access payment card data from cards used onsite at certain hotel locations between September 29, 2016 and December 29, 2016. Before the incident, many franchise hotel locations implemented IHG?s Secure Payment Solution (SPS), a point-to-point encryption payment acceptance solution. Properties that implemented the solution before September 29, 2016 were not affected by this incident. Those properties that implemented SPS after September 29, 2016 ended the ability of the malware to find payment card data and therefore cards used at these locations after SPS implementation were not affected.

File Type: pdf
Categories: 2017
Tags: Unauthorized access