The latest Investing Matters Podcast episode featuring financial educator and author Jared Dillian has been released. Listen here.
Hotel sector faces ‘cyber crime wave’ Malcolm Moore in London and Hannah Kuchler San Francisco The hotel industry is the next big target for cyber criminals, experts have warned, after Hilton became the fourth major hotel group to have customers’ credit card details hacked. Hilton Hotels, Starwood Hotels & Resorts, Mandarin Oriental and the Trump Collection have all admitted that their payments systems were compromised this year as hackers hunting for credit card details switch their attention to the leisure industry. This week Hilton and Starwood said guests’ personal details had been taken after hackers gained access via payment systems. Hilton said customer data had been accessed over 17 weeks, from November 18 to December 5, 2014 or April 21 to July 27, 2015. “The reality is the sector as a whole is dealing with a cyber crime wave,” said Tom Kellermann, chief cyber security officer at Trend Micro, which sells security software. “Customers should be very concerned because in general the industry has insufficiently invested in cyber security.” Hackers managed to plant viruses into the hotel companies’ point-of-sale systems, and some of the data stolen may not have been encrypted, according to Mr Kellermann. Trend Micro identified one virus, called MalumPoS, which targets Oracle’s Micros platform, a system used at more than 330,000 sites throughout the hotel and leisure industry by companies including InterContinental Hotels, Travelodge, Hyatt, Wyndham, and Accor. “This type of virus can compromise 95 per cent of the POS systems on the planet,” said Mr Kellermann. The virus disguises itself as a legitimate program and then scrapes through systems to hunt for credit card details. Hilton, Starwood and Oracle declined to comment. The widespread use of the same strain of malware suggests that the attacks may have been carried out by organised criminals, who then either sell databases of customer credit card details on to fraudsters or conduct the fraud themselves. Credit card details sometimes are not used for months after they have been stolen or even until after the free credit monitoring often offered by companies expires to lull victims into a false sense of security. Hackers have turned their attention to hotels after retailers began improving their security following a series of high-profile attacks on US chains in late 2013 and 2014, including breaches at Target and Home Depot. Justin Harvey, chief security officer at Fidelis Cybersecurity, a US threat detection company, said customers would be worried because enough details may have been stolen to complete a purchase — and potentially in two separate incidents.
MIDAS SHARE TIPS UPDATE: Shares double as payments group Eckoh shields data from cyber attackers By Joanne Hart, Financial Mail on Sunday 22:01 21 Nov 2015 The recent cyber attack on telecoms group TalkTalk was a scary reminder of the ease with which determined hackers can access information ranging from bank details to dates of birth and use them for nefarious ends. Secure payments group Eckoh aims to stop such incidents, using technology that means companies do not need to store customers’ financial or personal details. Recommended by Midas in July 2013 at 20p, the shares have more than doubled to 46½p and strong half-year figures, announced last week, suggest the stock has further to go. Screened: Cinema group Vue uses Eckoh security software +2 Screened: Cinema group Vue uses Eckoh security software Eckoh’s customers include insurer Legal & General, in-store payment services provider PayPoint, Vue cinemas, joinery business Howdens and hotels group Premier Inn. In each case, the company provides secure payment software so that call centres can take card payments from customers without their agents seeing, being told about or accessing the data on those cards. Eckoh has also introduced a new service that works on websites and mobiles and instantly replaces people’s credit card details with tokens. Used when consumers want to buy products online, the system means call centre agents and other employees will see tokens rather than credit card numbers, so customer details are hidden from staff and hackers. Interim figures to September 30 showed strong growth in sales and profits alongside the acquisition of an American business, Product Support Solutions, for $5.6million (£3.7million). Eckoh already does business in the US but this deal will help it to expand there. Brokers expect the firm to deliver a 26 per cent rise in revenues to £21.7million for the year to March 2016, an 11 per cent increase in profits to £4million and a dividend of 0.5p, up from 0.4p this year. Even stronger growth is expected in 2017, as investments made this year bolster sales and profits. Chief executive Nik Philpot, at the helm since 2006, is very confident about the future. Protection of customers’ data is a growing problem and Eckoh’s software is effective, easy to use and inexpensive compared with the costs associated with a cyber attack. Philpot is also optimistic about Eckoh’s US prospects as Britain is apparently far more advanced in data security than America. Midas verdict: Eckoh investors have done well since our tip and they may want to sell 30 per cent of their shares to bank some profit. But the stock should continue to advance, so they should retain most of their shares. New investors could also have a dabble.
Register to get unlimited access to Citywire’s fund manager database. Registration is free and only takes a minute. Register Sign in Dodgy data: it's time to agree a set of cyber standards By Peter Smith 19 Nov, 2015 at 11:17 Dodgy data: it's time to agree a set of cyber standards Advisers must work closely with UK and EU regulators to agree protocols and standards that protect clients and their own reputations from the threat of cybercrime, writes Tisa's Peter Smith. Most people are aware of the term serendipity. However, few will be familiar with its antonym ‘zemblanity’, which means making unhappy, unlucky and totally predictable discoveries. This is exactly what happened to TalkTalk when its systems were breached in a cyberattack. It was going to happen some time. In a world where technology permeates advice firms, to speak nothing of robo-advice advances, there is an urgent need for an agreed set of safety protocols for financial firms. TalkTalk is just the latest company to fall victim to cybercrime; it joins esteemed company such as Vodafone, Sony, British Airways, JP Morgan, Carphone Warehouse and Ashley Madison. As John Chambers, chief executive of software firm Cisco, has said: ‘There are two types of companies: those who have been hacked and those who don’t know they’ve been hacked.’ Data protection Our digital lifestyle means there will be more attacks but we are unlikely to hear about them all. What can financial services companies do to protect themselves, and their clients’ data? According to the Department for Business, Innovation & Skills, 81% of large businesses and 60% of small businesses suffered a cybersecurity breach in the last year and the average cost of breaches to business has nearly doubled since 2013. The severity and importance of each of these materially impacts not only their ability to do business but also their brand and reputation as a customer, employee and partner. Creating standards As you would expect, cybercrime is top of the agenda at Tisa and our newly formed Technology Innovation Policy Council is working with organisations across the financial services and technology sectors to create standards. Standards are crucial at a time when the financial services industry is actively working on opening up cross-border access to customers and by the same token their personal details and data records through a digital ID. As a profession we have an opportunity to better educate the market on cyber-risks; to create adequate insurance capacity for this type of event; and ultimately to better prepare ourselves for the continuing advancement and frequency of attacks. The cost of getting it wrong can be significant. For instance, the cyberattack on US retailer Target has already cost it more than $100 million (£71 million). The World Economic Forum has identified cyber-risk as posing as much of a threat as water shorta