A number of people have recently posted comments on local forum Carvoeiro.com reporting that their credit card details have been compromised some time after booking airport transfer services with Resorthoppa and A2B, which is an international online airport-to-resort transport service based in the UK.
The information posted includes cases where unauthorised purchases were subsequently made using “cloned” credit card details, and other attempted purchases which were refused by banks.
Research undertaken by Associação Safe Communities Algarve (SCA) has found that similar postings have also been made on forums in Turkey in respect of the same company, with the total number of complaints from victims at around 40. In many of these cases, the unauthorised use of the credit card did not take place for some time after the booking was made with the company concerned.
It is emphasised, however, that no direct link between these instances and the company has been established, although in a few cases the credit card was not used by the holder for any other purchase.
On October 1, SCA contacted Resorthoppa drawing their attention to the complaints and a response has been received from their Head of Operations, Grainne Bradley. Although they were aware of the complaints on the Turkey forums, they were not aware of the postings on the Carvoeiro.com forum.
In her reply, she stated: “We take the issue of security very seriously and we have been in contact with the people on the forum since we became aware of the Turkey group, which then spread to other review sites. I would also point out that many clients on this forum have not booked with our group, therefore suggesting that there could be a leakage elsewhere. It could also be a local or global competitor trying to create problems for us. We are the market leader with over 10k people visiting our site daily, with no such previous issues or concerns.”
She added: “We have communicated to clients that we are taking it very seriously and we are investigating it. We have also asked any client affected by fraudulent activity to contact us direct and supply us with their reference number in order for us to investigate.
“Since we found out we have been in touch with our merchant suppliers and instructed an independent company to carry out an investigation and forensic report on our system.
“Due to the complexity and size of our IT infrastructure, this investigation can unfortunately take some time. However, with the independent investigators we should have more clarity if there was any breach or not. As far as we are concerned there wasn’t any breach and we use the highest security to avoid any fraud to ourselves and our clients.
“We are PCDI Complaint, we also use SLL on all payment pages and access to any sensitive information is limited to a handful of people. I would also point out that all data is encrypted.”
SCA recommends that those shopping online for products and services take simple precautions, and that it is incumbent on merchants to ensure that they offer secure payment systems.
Bank statements should be regularly checked for unauthorised credit card use. In this particular case, it appears from the company statement that they are compliant with the standards required by IT security experts.
Also read article ‘Cybercrime – identifying the threat’
