“It is a blatant ambush of personal credit card information”

The pop-up ad Kathy Agosta says she saw after finishing a reservation on Travelocity recently looked like a confirmation screen from the online travel agency, and it offered $20 cash back if she signed up for a service. Although she never shared her credit card information with the advertiser, she found a troubling connection.

“As it turns out, merely clicking on the hyperlink to get more information about the offer apparently allows the advertiser to charge a fee on the same credit card just used to purchase the airline tickets from Travelocity’s website,” she told me. “There is no credit card approval step on this pop-up to warn the Travelocity customer that a charge will be placed by this advertiser on the credit card they just used.”

Elliott Advocacy is underwritten by Seven Corners. Seven Corners has helped customers all over the world with travel difficulties, big and small. As one of the few remaining privately owned travel insurance companies, Seven Corners provides insurance plans and 24/7 travel assistance services to more than a million people each year. Because we’re privately held, we can focus on the customer without the constraints that larger companies have. Visit Seven Corners to learn more.

Is this a more sophisticated version of the opt-out scheme, which Travelocity and other online agencies practice? Or perhaps another shady post-transaction marketing scheme, which may be about to become illegal?

Maybe. Maybe not.

First, let’s listen to the rest of Agosta’s story.

Travelocity is either allowing advertisers to intercept their customer’s credit card information, which they assure consumers is secure and safe, or Travelocity is failing to monitor what their advertisers are doing.

Either way, it is a blatant ambush of personal credit card information.

Fortunately my bank called to verify the charge, which I declined, but now my credit card is blocked until the bank reopens [today]. They didn’t get my 20 dollars, but they do now have my attention.

Maybe contacting the BBB in Texas and a few more industry bloggers will get theirs.

Agosta also contacted Travelocity, but hasn’t heard back. So I got in touch with the company. Here’s what it had to say:

I have confirmed that we DO NOT pass credit card data. The link on the Travelocity.com confirmation pages will take a consumer to a landing page in which the consumer would be required to input her credit card information herself.

Furthermore, we do not promote Memberworks’ via pop-up advertising. We understand that other Web sites may use pop ups and the credit card data pass, so Kathy’s experience may arise from some other Web site that she has interacted with.

If you do report on these post-transaction marketing companies, I would greatly appreciate it if you don’t lump Travelocity along with companies
that pass credit card information – doing so would be factually inaccurate.

No problem.

So how do you prevent this? Easy. Go to your browser, download an ad blocking plug-in and disable pop-ups. Problem solved.

As for Agosta’s trouble with Travelocity, I have a feeling there’s more to the story. Stay tuned.

Update (June 7, 2010): Travelocity has asked me to update this story after a rather lively debate in the comments.

We never passed on credit card information. We do not promote Vertrue using pop-ups. And that we were removed from the Rockefeller

(Photo: barsen/Flickr Creative Commons)