Few other means of cyber crime get as much attention as identity theft. Yesterday’s Wall Street Journal notes how, contrary to general impression, the identity thieves of today use the stolen information to rack up small charges that makes prosecutors unwilling to spend as much effort as when a large amount is stolen. The article notes the various ways in which thieves steal data ranging from phishing scams to low-tech thefts to stealing post-office boxes (sic) to hotels.
Among the modus operandi in hotels is that hoary old chestnut, the night auditor. Long a focus of internal controls in the hotel industry, it remains a defiant sieve with malignant employees finding new ways to punch holes in the audit regimen. In the instance cited in the Journal article, a night auditor in a San Diego hotel merely used his access to stacks of receipts that included personal information of guests to create an identity theft nightmare that focussed on out of town visitors as, apparently, law enforcement officials are less inclined to pursue those. But there are plenty of other holes in a hotel environment that remain open for exploitation. Among the absurdly simple ones are folios left in waste baskets in the lobby which are then picked up by thieves lurking in the background; empty meeting rooms (often found in convention hotels) where meeting participants leave for a break with computers and personal effects lying around and business centers with internet access where cached data are not purged as well as print outs in waste baskets that lie waiting for identity thieves to exploit.
Among the many implications for hotels is not only a potential law suit but also a loss of goodwill when guests are subject to monetary losses on account of the hotel’s negligence. One way out is not only to educate employees but also guests on the need to safeguard personal information by not discarding material carelessly through discreet signage in areas and blurbs on printed matter.