“It is a blatant ambush of personal credit card information”

By | June 1st, 2010

The pop-up ad Kathy Agosta says she saw after finishing a reservation on Travelocity recently looked like a confirmation screen from the online travel agency, and it offered $20 cash back if she signed up for a service. Although she never shared her credit card information with the advertiser, she found a troubling connection.

“As it turns out, merely clicking on the hyperlink to get more information about the offer apparently allows the advertiser to charge a fee on the same credit card just used to purchase the airline tickets from Travelocity’s website,” she told me. “There is no credit card approval step on this pop-up to warn the Travelocity customer that a charge will be placed by this advertiser on the credit card they just used.”

Is this a more sophisticated version of the opt-out scheme, which Travelocity and other online agencies practice? Or perhaps another shady post-transaction marketing scheme, which may be about to become illegal?

Maybe. Maybe not.

First, let’s listen to the rest of Agosta’s story.

Travelocity is either allowing advertisers to intercept their customer’s credit card information, which they assure consumers is secure and safe, or Travelocity is failing to monitor what their advertisers are doing.

Either way, it is a blatant ambush of personal credit card information.

Fortunately my bank called to verify the charge, which I declined, but now my credit card is blocked until the bank reopens [today]. They didn’t get my 20 dollars, but they do now have my attention.

Maybe contacting the BBB in Texas and a few more industry bloggers will get theirs.

Agosta also contacted Travelocity, but hasn’t heard back. So I got in touch with the company. Here’s what it had to say:

I have confirmed that we DO NOT pass credit card data. The link on the Travelocity.com confirmation pages will take a consumer to a landing page in which the consumer would be required to input her credit card information herself.

Furthermore, we do not promote Memberworks’ via pop-up advertising. We understand that other Web sites may use pop ups and the credit card data pass, so Kathy’s experience may arise from some other Web site that she has interacted with.

If you do report on these post-transaction marketing companies, I would greatly appreciate it if you don’t lump Travelocity along with companies
that pass credit card information – doing so would be factually inaccurate.

No problem.

So how do you prevent this? Easy. Go to your browser, download an ad blocking plug-in and disable pop-ups. Problem solved.

As for Agosta’s trouble with Travelocity, I have a feeling there’s more to the story. Stay tuned.

Update (June 7, 2010): Travelocity has asked me to update this story after a rather lively debate in the comments.

We never passed on credit card information. We do not promote Vertrue using pop-ups. And that we were removed from the Rockefeller

(Photo: barsen/Flickr Creative Commons)

We want your feedback. Your opinion is important to us. Here's how you can share your thoughts:
  • Send us a letter to the editor. We'll publish your most thoughtful missives in our daily newsletter or in an upcoming post.
  • Leave a message on one of our social networks. We have an active Facebook page, a LinkedIn presence and a Twitter account. Every story on this site is posted on those channels. The conversation ranges from completely unmoderated (Twitter) to moderated (Facebook and LinkedIn).
  • Post a question to our help forums or ask our advocates for a hand through our assistance intake form. Please note that our help forum is not a place for debate. It's there primarily to assist readers with a consumer problem.
  • If you have a news tip or want to report an error or omission, you can email the site publisher directly. You may also contact the post's author directly. Contact information is in the author tagline.