Tag Archives: due diligence

Marriott Announces One of Largest Data Breaches in History

Marriott recently announced that hackers stole information on as many as 500 million guests over a four-year span, obtaining credit card and passport numbers and other personal data. This breach is one of the largest breaches in history.

What We Know

When the Marriott-Starwood merger was first announced in 2015, Starwood had 21 million people in its loyalty program. The company manages more than 6,700 properties across the globe, most in North America.

The affected hotel brands were operated by Starwood prior to the merger in 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points. Starwood-branded timeshare properties were also affected. None of the Marriott-branded chains were affected. Continue reading Marriott Announces One of Largest Data Breaches in History

OCC Issues Updated Booklet on Merchant Processing

The Office of the Comptroller of the Currency (OCC) issued (news release) the “Merchant Processing” booklet of the Comptroller’s Handbook, replacing the booklet of the same name issued in December 2001. The “Merchant Processing” booklet provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities.

The booklet includes updated guidance on:

  • selection of third-party organizations and due diligence.
  • technology service providers.
  • on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402).
  • data security standards in the payment card industry for merchants and processors.
  • member alert to control high-risk merchants (MATCH) list.
  • Bank Secrecy Act/Anti-Money Laundering compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity.