Nothing Can Save You From Hotels Stealing Your Credit Cards

A call with Washington Mutual confirms that besides vigilance, there’s nothing you can do to stop hotels from stealing your credit card information.


powered by ODEO
Though we were pretty sure of the answer, we wanted to follow up last week’s story about Illinois hotels reselling guest’s credit card numbers. Investigators said the scam could be repeated elsewhere, and evidence points to it already being underway.

Many of the stolen credit cards were used over a year after the guest visited the hotel, making tracking difficult.

We suggest that banks allows consumers to generate temporary credit card numbers which would expire after a month or so.

Previously: Hotel Workers Arrested For Stealing Guest Credit Cards

Comments

Edit Your Comment

  1. Kornkob says:

    My American Express card used to let me generate one-use credit card numbers so that I could charge things on websites and over the phone. Then one day the feature disappeared without a whimper. :(

  2. acambras says:

    Apparently, it’s a very doable thing, because Citibank has some sort of system that lets you do that (mainly for online shopping, I think). The retention specialist was just telling me about it the other night.

    Anything to get you to spend more money with them, I guess.

  3. Mike_ says:

    I’ve said it before, but it bears repeating: Your maximum liability under federal law for unauthorized use of your credit card is $50. If the loss involves your card number, but not the card itself, you have no liability. The rules are different for debit & ATM cards, but even then, you are generally safe if you review your statement and promptly report any problems.

    Credit card fraud is a big problem for merchants and the payment card industry. For consumers, it’s a small nuisance. It is wise to be mindful of security risks when using your payment cards. But really, there’s no reason to go overboard here.

    More than anything else, temporary card numbers protect your bank from excessive losses when your account is used illegitimately (and they are unable to recover funds from the merchant through the chargeback process). If covering your bank’s ass is worth the extra effort, more power to you. As for me, I’ll just be using my regular account, thank you.

  4. John Stracke says:

    You’d think one-time numbers would be more common. Since the law puts banks on the hook for credit card fraud, they’ve got a strong interest in antifraud features.

  5. nweaver says:

    Just don’t bother. JUST USE REAL CREDIT CARDS, not debit cards, check your bill at the end of the month, and just don’t care otherwise.

    There is effectively no user cost in credit card fraud, almost all/all the cost is born by the bank and the merchant who accepted the fradulent transaction.

    The only real use from a consumer viewpoint for one-time-only numbers is to make sure you don’t get rebilled. So you might want to use one-time-only numbers for porn sites, but other than that, why?

  6. FLConsumer says:

    If the credit card cos have such a “strong interest” in anti-fraud, why don’t we use PIN numbers with credit cards like they do in some Euro countries? The systems seem to be able to handle it already with debt cards, shouldn’t be that much more to hack it to work for credit cards. Methinks it is more profitable for them to write off the bad charges than deal with it.

  7. orielbean says:

    What I see now w/ credit cards is that the point of sale asks for some other piece of info, like your billing zipcode. Noticed it on a Hess gas pump the other day. I like that, not bulletproof, but better than swipe n pray.

  8. Kornkob says:

    Why would I want to give a business a one-use number besides to protect the credit card company’s interests?


    In the event that hotel or website or other business double bills me, incorrectly bills me or otherwise adds additioanl billing to my card I’d rather not have to go through the trouble of challenging it. I’d rather that incorrect charges never show up on my bill than ‘not be liable’ for them when they do show up. It took me seconds to generate a one-use number on Amex’s website when they offered it. A damn sight less time than it takes me to get the CC company to fix a mistake or fraudulent charge.

  9. ummm… am I the only one that tries to lsiten to the pghonecall and hears it at double speed? Ben sounds pretty funny chipmunk-ified, but I can’t understand the words very well.

  10. Mike_ says:

    Kornkob, if they bill you incorrectly, it’s not going to matter whether they billed your main account number or one of those sub-accounts. You’re still going to have to dispute it, either with the merchant or your credit card company.

    The point of the single-use numbers is to make you feel warm and fuzzy about using your credit card when you might normally feel uncomfortable doing so. The point I was trying to make is that you should almost never feel uncomfortable using your credit card. The whole system is set up to shift liability away from you in the event that your account is compromised.

  11. Ben Popken says:

    Oh fuck. I will fix that.

  12. Kornkob says:

    Mike–No, they won’t. A one use number on Amex was good for one and only one transaction. The second time they try and charge against it the charge would be rejected by Amex.

    There’s nothing to dispute if the transaction is rejected in the first place.

  13. Mike_ says:

    Kornkob, I’m talking about cases where you have a reason to dispute the original transaction. Let’s say you reserve a hotel room online, and the hotel calls you back and says there are no rooms available. A few days later, you find that they charged you anyway. How does your magic single-use card number save you from notifying your bank of the unauthorized transaction?

    It’s not a feature that substantially benefits you in any real way, but if it makes you happy, go ahead and create single-use account numbers. I, for one, am not impressed by such things.

    By the way, Bank of America has a “dispute this transaction” link attached to every charge on the account activity page. I’ve never had a reason to use it, but I’m guessing it’s pretty painless. Probably even easier than creating a new account number every time I want to buy something.