HEI Hotels & Resorts has reported a possible compromise of payment card information at its point-of-sale terminals, the latest in a string of attacks on such systems at hotels, hospitals and retailers. The company, which manages close to 60 Starwood, Hilton, Marriott, Hyatt and InterContinental properties, said it appears that malicious software was installed on the payment processing systems at certain properties, with the aim of harvesting the card data as it was routed through the systems. The compromise may have possibly affected the personal information of some hotel customers who made payment card purchases at point-of-sale terminals, such as food and beverage outlets, at certain HEI managed properties. HEI in Norwalk, Connecticut, did not specify how many people were likely to have been affected. The data compromised may have included payment card data, including name, payment card account number, card expiration date, and verification code, it said.
The latest in a string of hacks against retail point-of-sale systems has hit the operator of a cloud-based service with about 38,000 business clients. Montreal-based Lightspeed reported the breach on Thursday and said it affected a system that retailers can use from tablets, smartphones and other devices. The incident occurs as a growing number of retailers and hotels have been targeted by hackers, who typically install malware into the point-of-sale systems to steal credit card numbers. The breach at Lightspeed targeted a central database that stores client information, the company said. The incident exposed data related to sales, products, and encrypted passwords that clients use to get on Lightspeed's system.
NCR, a large point-of-sale terminal maker, said it will acquire payment processor JetPay in a move that highlights competition from the likes of Stripe and Square as well as PayPal and its Venmo as credit card processors for businesses. JetPay also offers payroll and human capital management software. NCR said it will pay $5.05 a share for JetPay, or $184 million. For NCR, the move is part of a broader strategy to develop recurring revenue and offering software and services. NCR said it plans to integrate JetPay's cloud-based payments platform into its enterprise point-of-sale (POS) terminals for retail and hospitality.
Retailers, hotels and restaurants have all been victimized through the same Achilles' heel that cybercriminals continue to attack: the point-of-sale system, where customers' payment data is routinely processed. These digital cash registers are often the target of malware designed to steal credit card numbers in the thousands or even millions. This year, fast food vendor Wendy's, clothing retailer Eddie Bauer and Kimpton Hotels have all reported data breaches stemming from such attacks. Security experts, however, are encouraging a variety of approaches to keep businesses secure from point-of-sale-related intrusions. Point-of-sale malware can strike in a number ways.