Last week, I linked to a report from Consumer Reports that contained a somewhat startling allegation by the former director of security compliance for Wyndham:
Now, David Durko, former director of Wyndham’s security compliance management, says that many independently owned and operated Wyndham hotels doing business under the Super 8 brand name don’t comply with Payment Card Industry Data Security Standards.
Wyndham never responded to an inquiry from DataBreaches.net asking them to respond to Durko’s allegations.
Today, Adam Tanner has more on his concerns in a post on Forbes:
“The hospitality industry as a whole, and restaurants in particular, are rife with theft and misappropriation of consumer’s card data,” Durko said. “Our findings show that there is little to no training of employees on data privacy – insufficient or no policies in place for the protection of data, limited visibility of the point of sales systems beyond that provided by the POS manufacturer, and more often than not the POS systems are not configured in a PCI compliant manner.”
Durko has started a commercial site, PrivacyAtlas, to give consumers an idea of what restaurants and hotels are PCI compliant, but the site has its detractors in the industry.
Read more on Forbes.
Having just received NYS’s database of breaches reported in 2013, I can see that there were numerous breaches in the hospitality sector that were never reported in the media even though card issuers wound up replacing cards.
As a consumer, do you want to know if the restaurant you frequent was hacked or had a corrupt employee skimming your card, or does it not matter to you as long as you are not liable for any charges if the card is misused?