Hundreds of Finns struck by Hotels.com credit card fraud

The Finnish Police is investigating credit card fraud targeted at finns that have used the popular Hotels.com online service. In the first months of the year there have been a record number of reports related to the service that is a popular Hotel reservation service.

By April 17th, the police had received 302 reports mentioning Hotels.com. In 2015 the number was 179 and in 2014 it was just 45. The Finnish Police Academy, responsible for collecting and maintaining crime statistics confirms that in most cases consumers had entered their credit card information to Hotels.com.

Timo Piiroinen, the cyber security centre manager agrees that the authorities are aware of issues possibly related to the online service:

There are a lot of cases. In this case it is plausible that Hotels.com or their partners have an security issue.

It is typical that the credit accounts have been used without permission. In some cases the purchases are in the thousands of Euros. When the victims have discussed with the banks and the police, they have mentioned using the Hotels.com service.

The police does not have exact information on how and where the information has leaked to the wrong hands. The cyber criminals may have abused a vulnerability on the service itself, or alternatively some partner system that they are using. This is something that happened at Mossack Fonseca where Open Source CMSes were used as weapons for cyber attacks.

Hotels.com lacks evidence, Police means limited

Hotels.com itself has not found evidence to prove that their systems are the cause for the frauds. They advise consumers to contact the credit card issuers, banks and other credit agencies, directly. The series of fraud related to Hotels.com is extraordinary large. It's not common to have a single website be linked to so many fraud reports.

The total number of credit card fraud reports in Finland in 2015 was just over 10 000, but if the current rate continues the Hotels.com fraud alone will reach a whopping 1000 cases. At this point the authorities and credit card issuers are unaware of any other series relating to Hotels.com outside of Finland.

The Finnish Police can do very little to the frauds directly. They have been in contact with international authorities, including the Federal Bureau of Investigation (FBI). In the case that the reports continue to flow in the authorities' hands are tied; Hotels.com have no operating infrastructure in the country.

Written by Janita on Thursday April 21, 2016

Permalink -