There has been an increase in reports from guests that their credit cards have been fraudulently used after using the B&B booking system.
The B&B booking system is unlikely to be the cause due to the security measures that are in place and that are regularly updated. It is NOT likely to be an issue with the B&B Booking system for the following reasons.
- The B&B booking system is a dedicated SSL secure server - this means that ALL data between any guests PC / Laptop / Mobile phone and our servers is encrypted to military standards.
- The server is also certified fully PCI compliant - this means the server is tested regularly for security leaks to the very high standard required by the Payment Card Industry.
- We DO NOT store any credit card data on publicly assessable servers .i.e the data server is not connected to the Internet and is only accessible from a unique IP address.
- The passwords to access the server are changed regularly to deter hackers
- The fire wall on our server is monitored 24/7 and any hacker activity would be spotted and rectified if necessary.
The Most Likely Cause
Recently there has been a extremely virulent piece of Malware spreading called "the Zeus Trojan" - it can be spread via emails, phishing websites, facebook and other social media sites. This infects desktop PC and laptops and our best guess is that this is the Malware (Virus) that is causing the problem. Unfortunately we can do nothing to stop guest getting infected and "losing" their credit card details to these cyber criminals.
Many users of our booking system have PCs that are not protected against Malware and may have a Trojan keystroke loggers installed. Simple explanation: a keylogger trojan is malicious software that monitors keystrokes on a PC, logs them and sends them off to remote attackers (Cyber Criminals). These Trojan are most often propagated by spam email.
Keyloggers and trojans are forms of malware or malicious software. Keyloggers can record your PC’s key strokes, even access information saved to your computer's clipboard (like your account name and password) and Trojans are a type of program that can send information to 3rd parties or allow them unauthorized access to your computer remotely.
Failure to detect and remove a keylogger or trojan from your PC can result in continued security risks. Fortunately, there are many different types of software available to help you identify and remove such malicious programs from your computer system.
- Do not send credit card details by fax or email - these services are NOT secure.
- Make sure your PC / laptop is scanned regularly using up to date antivirus and malware software.
- Make sure your computer is checked for keylogger Trojans - you may need a special tool for removing them completely.
- DO NOT click on attachments to emails unless you expecting them.
- DO NOT leave you PC switched on when there are guests that could see details in your "My B&B" admin panel