Hackers Love Stealing Your Credit Card From Hotels

Make sure you check your credit card for suspicious charges after you use it at a hotel. A new study finds that 38% of credit card hacking cases involved hotels, way ahead of any other industry.

Thanks to lax and uneven adherence to security protocols at hotels, it doesn’t take very sophisticated methods to suck up gobs of customers’ credit card data. And the economic downturn has meant that some hotel operators have chosen to let security upgrades slide.

So, after you check out, make sure to check your credit card for any unwelcome guests on your billing statement.

Credit Card Hackers Visit Hotels All Too Often [NYT]

Comments

Edit Your Comment

  1. Dalsnsetters says:

    Happened when I moved from L.A. to New Orleans. My boyfriend used his card at the hotel and was the type that did not check his statements. About a year later, I was shredding our stuff at work and saw the cc statement from the trip and just before (I’m a woman, I had to look). There were our hotel charges for the first night (in Tempe, AZ), and then about $200 in charges to a phone sex line. I took the statement home and said, “Ummmm, I’m not trying to be a nosy parker but why in the world were you calling phone sex lines while we were on the road???”

    Long story short, it was beyond the timeline when he could dispute the charges so he had to suck it up but to this day admits that situation made him look at his cc bills when they come in every month!!

  2. tedyc03 says:

    I make my own hotels at home.

  3. packcamera says:

    Having worked on cruise ships and hotels, I can not stress enough how simple it is to view all of a guests personal and financial data with the guest management or reservation software used. Many years ago on one ship I was onboard, Fidelio (the system commonly used in bars with the touch-screen terminals,) was installed for the entire ship giving all terminals the same level of access to guest data. So a bartender could charge a drink to your room, then see your home address, passport number and credit card you have on file for the cruise.

  4. Oddfool says:

    From the article:

    “Meanwhile, credit card companies are pressuring merchants, including hotels, to adopt uniform security standards.”

    And yet, even though this would not help against online purchases, for in-person transactions, the most basic method a merchant could perform is to check the ID, which is apparently not allowed in the Merchant Agreements.

    • ShruggingGalt says:

      No, they’re not talking about that. You can’t just check ID because of the merchant agreement.

      They’re talking about PCI Security Standards which mandate certain network security systems be in place, DMZs, two factor authenication to see credit card #s, etc etc etc.

      It’s their way of taking the high-risk of an insecure payment system (16 digit CC # and 3/4 digit CVV) and pushing downhill to the merchants….because the merchants have to pay the losses if they’re not compliant.

    • strathmeyer says:

      So let me get this straight, you want the person stealing your credit card number to also see your driver’s license?

  5. pb5000 says:

    Back when I worked for Marriott, their reservation system was an old legacy system that plainly displayed cc numbers on the screen. It would have been very easy to steal them if you weren’t an honest person.

  6. peebozi says:

    No need for government involvement…the market will work itself out on this one.

  7. sweaterhogans says:

    I’m always amazed at how many people don’t check their bills before paying them. I scrutinize mine all the time, but good card companies will find them before you do if you’re lucky. Recently I had a charge at newegg for $1200 that I didn’t make. I shop their often enough, so I was surprised that my discover card caught it within 24 hrs.

    I’m also surprised that people don’t check their paystubs either. At an old job I noticed that they were paying taking out extra taxes. When I told HR they fixed it right away but said they were surprised I caught it since no one ever checks their stub. I just wonder how many people are getting the wrong salary!

  8. u1itn0w2day says:

    Hmmm, hotels a place where the hired help assumes you have money to spare and they nor their employers apparently do not.= breeding ground for theft.

  9. u1itn0w2day says:

    Hopefully time stamps and locations where the credit card information was pulled from can help lead to the capture of the theives.

    Alot of hotels,restaraunts and retailers seem to be very clickish and that’s because the present workforce doesn’t want anyone else in on their secret: they are theives, liars and crooks. I hear too many stories of how they got over on the customers and their boss.

  10. Hungry Dog says:

    Some of the door keys contain credit card information. Its also simple to use a hotel key to put credit card info on it for a cheap disposable way to copy a credit card.

    • kingofmars says:

      Hotel keys do not contain any credit card information. Why would the hotel lock need the information? Hotel locks work by moving to a new code, whenever a new code is presented. The lock starts with code A, and will accept code A, or B. But once code B is presented the lock no longer accepts code A.

      However you are right that a hotel room key can be used by criminals to copy credit card information. But hotels do not copy your credit card information onto a hotel key.

    • Charfahl says:

      Not true at all, go check that out at snopes… that is a myth…

    • Aleave says:

      kingofmars is right. All that is on the key is the info the door needs to unlock that particular room. At most hotels the computer isn’t hooked up to the key maker so that is virtually impossible for us to do right on the spot like that. (I work for a large chain of hotels and have for the past 4 years now) However if theives can get their hands on a stack of hotel keys they can put cc info on there. That strip on the back is basically the same as a credit card’s but MUCH weaker. Any least little thing can wipe them out. The hotel I work for does at least make it very hard for an employee to get your cc info. All we can see is the last 4 digits and what type of card it is. That is it. We still ID check though. Everything else only our corporate office can see. And for long stays that require more than about $800 to pay for they contact us by the following day to make sure the charge was a legit.
      Also no one can see your personal info execpt eployees. Everything is password protected now so at least it makes it a little less harder for outside thieves to see and would help narrow it down.
      A lot more hotels are doing a lot more to deter this than what they used to. Maybe people should stop going with the cheapest one. Cheapest hotel=lowest security standards=lowest paid employees who don’t care.

  11. Sparkstalker says:

    Happened to a bunch of friends and me at a La Quinta in Atlanta. About a month after our get together, people started having their cards declined, or worse, overdraft fees on their debit cards.I happened to be on vacation at the time, and suddenly only had the cash in our checking account for the rest of the trip. Still not as bad as those who used a debit card though…

  12. thatotherguy says:

    When I worked at a Holiday Inn in college one summer, our reservation system showed all of the customer data on one screen in plain text. Guest’s full name, address, phone number, names of all guests in their party, complete credit card information, etc. What was worse, was that every night we would print all of this information out (in case of data loss or catastrophic event) and keep it in a stack in the back room. When the stack got big, we would cut the pages into 4ths and use it for scrap paper. It was the only scrap paper provided for us at the front desk. I would go though my stack and pull out all the ones that still had a complete address, phone number and credit card shown and shred them. No other associate did this though. We routinely wrote notes on these scraps and gave them to guests.

    I complained about the utter lack of concern for our guests private information, but no one cared. The hotel would literally give guests slips of paper that contained other guests names, address and credit card info on very common basis (20+ times a day).

  13. thatotherguy says:

    When I worked at a Holiday Inn in college one summer, our reservation system showed all of the customer data on one screen in plain text. Guest’s full name, address, phone number, names of all guests in their party, complete credit card information, etc. What was worse, was that every night we would print all of this information out (in case of data loss or catastrophic event) and keep it in a stack in the back room. When the stack got big, we would cut the pages into 4ths and use it for scrap paper. It was the only scrap paper provided for us at the front desk. I would go though my stack and pull out all the ones that still had a complete address, phone number and credit card shown and shred them. No other associate did this though. We routinely wrote notes on these scraps and gave them to guests.

    I complained about the utter lack of concern for our guests private information, but no one cared. The hotel would literally give guests slips of paper that contained other guests names, address and credit card info on very common basis (20+ times a day).

  14. thatotherguy says:

    When I worked at a Holiday Inn in college one summer, our reservation system showed all of the customer data on one screen in plain text. Guest’s full name, address, phone number, names of all guests in their party, complete credit card information, etc. What was worse, was that every night we would print all of this information out (in case of data loss or catastrophic event) and keep it in a stack in the back room. When the stack got big, we would cut the pages into 4ths and use it for scrap paper. It was the only scrap paper provided for us at the front desk. I would go though my stack and pull out all the ones that still had a complete address, phone number and credit card shown and shred them. No other associate did this though. We routinely wrote notes on these scraps and gave them to guests.

    I complained about the utter lack of concern for our guests private information, but no one cared. The hotel would literally give guests slips of paper that contained other guests names, address and credit card info on very common basis (20+ times a day).

  15. thatotherguy says:

    When I worked at a Holiday Inn in college one summer, our reservation system showed all of the customer data on one screen in plain text. Guest’s full name, address, phone number, names of all guests in their party, complete credit card information, etc. What was worse, was that every night we would print all of this information out (in case of data loss or catastrophic event) and keep it in a stack in the back room. When the stack got big, we would cut the pages into 4ths and use it for scrap paper. It was the only scrap paper provided for us at the front desk. I would go though my stack and pull out all the ones that still had a complete address, phone number and credit card shown and shred them. No other associate did this though. We routinely wrote notes on these scraps and gave them to guests.

    I complained about the utter lack of concern for our guests private information, but no one cared. The hotel would literally give guests slips of paper that contained other guests names, address and credit card info on very common basis (20+ times a day).

  16. thatotherguy says:

    When I worked at a Holiday Inn in college one summer, our reservation system showed all of the customer data on one screen in plain text. Guest’s full name, address, phone number, names of all guests in their party, complete credit card information, etc. What was worse, was that every night we would print all of this information out (in case of data loss or catastrophic event) and keep it in a stack in the back room. When the stack got big, we would cut the pages into 4ths and use it for scrap paper. It was the only scrap paper provided for us at the front desk. I would go though my stack and pull out all the ones that still had a complete address, phone number and credit card shown and shred them. No other associate did this though. We routinely wrote notes on these scraps and gave them to guests.

    I complained about the utter lack of concern for our guests private information, but no one cared. The hotel would literally give guests slips of paper that contained other guests names, address and credit card info on very common basis (20+ times a day).

    • thatotherguy says:

      Oops. Sorry guys. The page kept freezing and then I would get an error. I didn’t realize I had posted successfully. I now sit firmly in group who think there should be an edit button for comments….

  17. jj_hippie says:

    This would explain how my government travel card got hacked a few weeks ago. I only use it for airline tickets, rental cars, and hotels when I travel, and the government pays all costs directly to the card so I don’t have to do anything (I still check the statement once a month). But someone got the number and started charging things in the Phillipines. So now I have a new card.