[Dataloss] Best Western Response

Harris, Michael C. HarrisMC at health.missouri.edu
Tue Aug 26 18:41:57 UTC 2008 

There is something missing here, that doesn't true out with the
expectations in the PCI standard for a level one payer.  Smaller mom and
pop level four establishment may slip by, but the mandatory audits of
level one folks should be forcing some change across the hospitality
industry... Perhaps slowly.  It should have been identified as an audit
point with a remediation plan in the quarterly or yearly PCI audit.

So who was the last quarterly PCI auditor for Best Western? Is PCI that
broken or ignored?


Level One 6,000,000 transactions per year
Annual On-site PCI Data Security Assessment and Quarterly Network Scan 
Qualified Security Assessor or Internal Audit if signed by Officer of
the company Approved Scanning Vendor

Level Two  1,000,000 to 6,000,000 transactions
Annual On-site PCI Data Security Assessment and Quarterly Network Scan 
Merchant Approved Scanning Vendor

-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of
macwheel99 at wowway.com
Sent: Monday, August 25, 2008 9:10 PM
To: *Hobbit*; dataloss at attrition.org
Cc: macwheel99 at wowway.com
Subject: Re: [Dataloss] Best Western Response

Another hotel chain overcharged me a few days on my Master Card.

I had told them I planned to stay to a particular date, then I checked
out early, and the checkout paperwork correctly reflected the # days I
had stayed.

When I saw that my credit card bill was much bigger than the paperwork
they gave me on checkout, I called to get it fixed.  They fixed it.
They did not need me to give them my credit card # again.

I was calling them 2 weeks after I checked out, when I saw my credit
card bill.

The chain was Econo Lodge.

On Mon, 25 Aug 2008 20:00:24 +0000 (GMT), *Hobbit* wrote
> ... how come I can call Best Western and make a reservation on my
>    Visa card, without informing them of the number?  and I haven't
>    slept in a Best Western in 5 years?
> 
> And your card number hasn't changed in 5 years either??  Hmmm...
> 
> But I would be hard pressed to believe that any hotel chain large or 
> small ever destroys their records of people's card numbers.
> I would call bullshit on BW's "response" based on that alone.
> 
> _H*
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org) 
> http://attrition.org/dataloss
> 
> Tenable Network Security offers data leakage and compliance monitoring

> solutions for large and small networks. Scan your network and monitor 
> your traffic to find the data needing protection before it leaks out! 
> http://www.tenablesecurity.com/products/compliance.shtml


--
WOW! Homepage (http://www.wowway.com)

_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

More information about the Dataloss mailing list