When your credit card gets compromised at a hotel

David Eviston/Shutterstock
David Eviston/Shutterstock
A day after Sheilah Reardon checked into the Bellagio Las Vegas, she received an e-mail alert from American Express warning that her credit card had been compromised. Among the fraudulent charges: a $67 bill from an online memorabilia store.

A day later, her friend Jennifer Henderson got a call from a MasterCard representative. Her card number had also been stolen. The thieves had made a $67 charge at the same online store moments after they hit Reardon’s account.

Elliott Advocacy is underwritten by Chubb. Chubb is the world’s largest publicly traded property and casualty insurance company, and recognized as the premier provider of insurance for successful individuals and families in the U.S. and selected international markets, offering coverage for high-value automobile, homeowners, recreational marine/aviation, valuables and umbrella liability coverage. As an underwriting company, Chubb assesses, assumes and manages risk with insight and discipline, and combines the precision of craftsmanship with decades of experience to conceive, craft and deliver the best insurance coverage and services to individuals, families and business of all size.

“We had checked into the Bellagio at the same time, side by side,” says Reardon. She and Henderson believe that their credit cards were targeted while they were at the resort — most likely while they were checking in — because it was the only time when their cards were used together. Reardon says that she hadn’t used her card, a “travel-only” Amex, since a trip to Florida last summer.

This kind of identity fraud cost American businesses and consumers $21 billion in 2012, the most recent year for which numbers are available, according to Javelin Strategy & Research. It found 12.6 million victims of identity fraud in the United States that year, the highest level since 2009. Javelin’s figures also include data breaches and other types of fraudulent purchases.

Identity fraud is a perennial concern for travelers, and particularly for hotel guests whose cards are frequently used on the road. But the problem seems to be getting worse, and there’s no quick or easy fix.

Bellagio claims that it takes “strict precautions” to maintain the security of its guests’ digital information. After Reardon complained of the breach, it contacted her multiple times in an effort to take a full report, but she declined to give one, according to the hotel.

“We regret we were unable to utilize our full resources to bring this matter to a more satisfactory conclusion, but maintain that our security measures are effective,” says Mary Hynes, a spokeswoman for the resort.

Reardon, a school administrator from Raynham, Mass., insists that she filed a complaint but didn’t have time for the lengthier debriefing, since she was on vacation. Besides, she says, she was left with the impression that the hotel was indifferent to her and her friend’s problems while they were staying there. “At least they could have pretended to care,” she says.

But Bellagio’s initial response as described by Reardon may be typical of the hotel industry, which is often careless about customer data and dismissive of fraud complaints, say experts and guests.

“Hotels are a massive source of credit card fraud,” says John Sileo, a digital privacy expert who runs the Web site Sileo.com. “In fact, the travel industry in general is ripe for the picking because of a variety of factors, including the distraction of travelers, high usage of credit and debit cards, high turnover of employees, and failure to perform employee background checks.”

Sileo believes that Henderson’s and Reardon’s breaches probably occurred at their hotel, but he can’t be sure who was behind the theft. Their cards may have been compromised while they checked in, with an employee swiping their cards and then feeding the information to someone else. Or someone else standing near the check-in area and using a smartphone could have recorded their card numbers and verbal data, leading to the compromise. “The chances of it not being internal to the hotel — either an employee or a thief standing nearby — is minuscule,” he says.

I checked in with a reader who works in the security department of a major chain hotel in New Orleans about the precautions hotels do and don’t take when it comes to their customers’ security. He said that guests might be shocked if they took a look at the computers being used to check them in. He recently inspected front-desk terminals at his hotels, even though information technology isn’t part of his job.

“They hadn’t been updated in years, with thousands of updates needed,” he says. “I discovered that one computer was filled with adware, which is bad enough, but the other had a full virus network, with keyloggers as well as worms. It had its own database and a way to send guests’ personal information off-site to its own servers.”

For the non-techies out there, keyloggers record passwords and other secure information and send it to a third party; a worm is a form of computer malware that replicates itself to spread to other computers.

How can hotel guests protect themselves?

“They can’t,” says Robert Siciliano, a security expert who publishes the site BestIDTheftCompanys.com. “Credit cards can’t be protected.”

The only way to minimize the damage is to monitor your credit card statement and report any suspicious activity. A longer-term solution, which is to upgrade credit cards to more expensive and secure chip-and-PIN technology, is on the horizon, but probably not in time for your next hotel visit.

Both Henderson and Reardon quickly verified the fraudulent activity on their cards. Their financial institutions removed the bogus charges, canceled their cards and promptly issued new ones.

The Bellagio, for its part, wasn’t entirely unsympathetic. Even though the guests didn’t complete a formal report, the hotel zeroed out their mandatory $25 a day “resort fee,” which includes in-room high-speed and wireless Internet, in-room local and toll-free calls, fitness center access and airline boarding pass printing.

Over six days, that shaved $150 off each of their bills, which is almost better than an apology.

Do hotels do enough to protect your credit card?

View Results

Loading ... Loading ...

71 thoughts on “When your credit card gets compromised at a hotel

  1. 1) I’ve heard front desk clerks openly repeat back credit card numbers while on the phone making reservations.

    2) anyone who handles card can write down number + 3 to 4 digit ccv.

    Long story short, in Europe the customer swipes the card. Portable machines are brought and servers never have access. I think hotels do same where you swipe card.

    In US, we let too many people handle our cards out of sight. Servers, front desk clerks, etc.

    While there is never a 100% solution, ie online purchases, we make theft too easy in america.

    1. If you have a chip card (chip & PIN or Signature) you are correct about everyone in Europe using the machine right in front of you, at least that has been my experience.

      All great except when you make a phone reservation at the hotel that requires the card number. Then the chip does nothing for you.

      1. Agreed. There’s always a chink in the fence, but we don’t even attempt preventative measures in the U.S. Online purchases and reading off a credit card create situations where a third party has gained access.

        A solution to the problem is an added layer of security. Treat credit cards like “debit”. Businesses are issued a Pre-Authorization pin for circumstances where phone or online orders is necessary. – No charge made but checks Validity.
        Customers are then sent an email where logging into the Credit Card website is necessary to authorize and finalize purchases.

        Pin can be entered in keypad for physical purchases, but is kept secret from employees / business for transactions not performed in person over X amount $100? $200?

        Bit of a hassle, but would make fraud more difficult.

        1. One method I have seen used to cut down on the online issue are one time CC numbers for online use. I used to have a card that offered that. I specified a dollar and time limit the card was good for. Since the dollar limit would be for the actual amount of the purchase, after using the number, who cared if a thief got ahold of it. It was no longer any good. This is a feature I wish all card issuers would implement for online purchases.

          1. I like the idea of one time use numbers for online purchases. Solutions abound, the credit card industry appears to suck up the loss rather than inconvenience customers. The long term effects are higher rates and fees.

            Companies rarely eat losses.

      2. Well, the simple solution there is for hotels to learn they DON’T need my card number until I check in. Frankly I’m getting a little tired of the lodging industry thinking they are the airline industry. Hotels should NEVER be pre-paid or nonrefundable. The hotel is the end game and my getting there to use their service is dependent upon the rest of the providers, the flight could cancel or divert, weather, natural disaster, or even political instability may force a last minute change to another location, etc.

        1. And when you fail to show, the one night charge gets to them how? This would only drive up costs even more as people make bookings and never bother to cancel since THEY have nothing to lose.

          1. I suppose the ease of booking a room on the internet makes people more cavalier about bookings. That’s just a guess on my part. I remember prior to internet reservations, booking a hotel room was a serious affair. We only booked it after we were sure that we needed it. I think it is the lack of human contact which makes it easier to book and cancel, book and cancel

            As far as prepaid goes, that’s a real choice. Unlike airlines, there are usually many hotels to choose from and more importantly unlike airlines, getting a fully flexible rate rarely costs substantially more. I generally avoid prepaid rates unless the chances of me cancelling is remote. I’ve usually book prepaid rates from the lobby of the hotel.

            While it is true that a flight could cancel or divert, weather, natural disaster, etc, may cause you have to cancel your hotel stay, those are the exceptions, not the rule. The vast majority of your hotel reservations will not be cancelled because such occurrences.’

            Just my $0.02

          2. Mostly I agree with you. Just as you have noticed, so far it’s still fairly easy to find a fully flexible rate. My concern is that just as airlines started out with the deeply discounted 21 day out bookings being nonrefundable and today all but the most expensive are nonrefundable, and in at least Jet Blue’s case there is no such thing as a fully flexible booking, I fear some day the hotels will go the same way. In fact I am already seeing signs of this. Just last month in London for a single night midweek booking I was unable to find a fully flexible booking 2 days before my trip unless I wanted to use a chain hotel in the completely wrong part of London. Last year I learned the hard way when I had to arrange a last minute business trip to Honolulu that apparently Valentines week is huge in Hawaii. Hey, what did I know, I haven’t been to Hawaii in over a decade for either business or pleasure and I’m single so Valentines day to me is just another day on the calendar. That week every property wanted fully prepaid no changes, joy. It was a close call as I was leaving NYC the Monday after the 33 inch blizzard. I was lucky my flights all operated and I found a car service willing to come out to the burbs on still unplowed roads. I suppose I could see the point of prepay nonrefundable if I was booking a room months, or even weeks, out, but not when I am booking 1 to 3 days before the trip. Like most travelers I don’t travel on months notice, my trips are either business (get there now and fix this) or I finally have the down time to get away for a few days. Frankly I don’t know anyone who can say now at the end of January commit to a set plan and dates 3 weeks or more out and know nothing will change at all. So as a result I don’t even understand how airlines market those 21 day advance purchase nonrefundable tickets.

          3. You make some good points , paragraphs please though


            I’m not particularly worried about hotels. Hotels have infinitely more competition that airlines. They’re only three legacy airlines in the US. There are innumerable chains and independents.

            I would expect that the circumstances that you describe are not normative, but occurred because of extremely high occupancies, which causes hotels to behave more like airlines.

            The 21 day advance purchase makes sense for vacationers. My friends are teachers. Summer vacation is pretty much set in stone. The chance of something bad happening is remote enough that the risk is reasonable.

          4. Just a FYI. Depending on the way someone responds, Disqus may remove the paragraph breaks.

            It does it to me all the time when using mobile devices.

          5. You’re 110% correct. If I use IE, I have to save the post then edit the paragraph breaks back in. Just one of the many reasons I ditched IE

        2. Reputable hotels will waive the cancellation fee for a good reason. Reputable guests should pay the cancellation fee unless they have a good reason not to.

  2. “Besides, she says, she was left with the impression that the hotel was
    indifferent to her and her friend’s problems while they were staying
    there. “At least they could have pretended to care,””

    Wait a minute; they contacted her multiple times to get more information, she refused to respond (I can’t imagine it would have taken THAT long to do the paperwork), and they cut the resort fee off her bill, but she thinks they weren’t “pretending to care”? If she shuts up like a clam, how exactly are they supposed to do anything? Was she expecting a free stay?

    1. Agreed. My thought: Maybe the hotel was rude and only responded after her stay was put into dispute? Ie hotel wanted paid so stopped playing coy.

      People aren’t mind readers and I dislike the fact a rogue employee’s speaks for an entire company. So I’m on the fence here as to the “whole story”

      Did hotel immediately respond and offer to take action or was OP left to fend for herself?

      Gut feeling but OPs response is she was pissed, didn’t want to aid hotel, and thinks a solution is possible without her assistance

      1. I don’t know – I have stayed at that hotel and no person was ever close to rude. They were so helpful about every teeny tiny thing, it almost can be annoying! Sounds like she just didn’t want to kill her buzz.

        1. Staff change and so would the attitudes. Hopefully not for the worst, but it can happen.

          Also, during your stay, did you have the same issue the OP had? Could be the staff is more than friendly until they are accused of something like this.

          1. I had issues, prefer to not elaborate, they were extraordinarily helpful. Every single person – not just one or two – but nobody stopped – I was satisfied long before they were done helping and said so, but they insisted and insisted.

  3. Some will keep a printed copy of your entire card number, then claim they need it. Had it happen to us and found that many in that chain do so. We no longer stay with them for that reason.

      1. America’s Best Value. And I emphasize that SOME of their franchisees do NOT print the whole card number. We have not seen this with other chains and their franchisees, and we’ve stayed at a great many.

        We do pay close attention now, and sometimes will call beforehand to check, especially if we are unfamiliar with them.

    1. I have seen the booking.com fax have my whole number on it. I noticed it in Spain, but imagine their process is the same everywhere.

  4. I voted No but I do have doubts about these claims. Bellagio contacted her multiple times but she didn’t respond? She is also making an assumption that her credit card was stolen and immediately used.

    1. She is not making assumption. It was fact, both her and her friend were call by their credit card companies to tell them that their credit cards were fraudulently used.

      1. Yes the credit card company informed her that her card was fraudulently used. She does not know when her card was compromised. She is assuming that her card was compromised at the Bellagio. It could have been compromised earlier and the thieves didn’t use it until after she had checked into the hotel.

        1. I suppose it’s possible that a martian happened to be flying his space ship over the Bellagio at the exact moment she and her friend both used their cards at the same hotel, including a card that hadn’t been used for months and one owned by a totally unrelated person, and the martian used it for the exact same purchase amount at the exact same online store minutes after that one moment in time in which both those cards were used at the same hotel check-in desk.

          I suppose that’s one possible alternate explanation.

      1. Actually, it’s the merchants who would bare the majority of the cost since banks would require that they purchase new terminals. It’s not the big bank but the small business have to replace CC terminals and/or POS equipment.

        1. The chip cards do cost around $1 more each than the standard swipe card. When you have a bank that issues millions of cards, those dollars add up quick. And that cost exists every time a card is issued or replaced.

          The terminal cost is an issue for merchants, but it is relatively minor when compared to the cost of a non-chip terminal and is a one time expense.

          1. So, my bank is not willing to pay $1 for my chip and pin card in order to collect thousands of $$$$ off my future transactions?

          2. The issuer’s cost/benefit analysis shows it is cheaper for them to eat the fraud charges than to invest in better security.

          3. You have to compare the $1.00 extra cost per card cost to what it costs a bank every time a card’s security is compromised. There is the cost of time spent by bank employees to investigate the fraud and the cost of reimbursing the card holder for fraudulent charges made using the card.

  5. She didn’t have time to make a full report because she was on vacation. Lovely. You get what you want in the form that you deserve.

  6. “I have a problem but I’m too busy/self-important/stupid to file a full report!”


    If someone was scamming me, I’d be all over them like a stripper on a mechanical bull.

    $67 is an odd amount, too. Hrm.

    1. There is a value attached to many credit cards by the issuing bank called the floor limit. This is the minimum amount at which an actual authorization is required vs. just assuming the card is good. $67 is high enough to be more than the floor limit without getting into the higher level transactions that might set off alarms in the fraud detection systems. So by using this amount, the thief was able to prove the card was active and useable.

    2. Yeah, no time to file a report but plenty of time to contact a consumer advocate to complain…smells like she’s looking for a few comp nights in Vegas!

    3. Yup, it was probably a small charge to see if the account was active. My credit union called me to alert me to fraudulent activity on my account. Even though I check my accounts religiously, I would’ve never caught this one – the scammers sent through a charge to my debit card for $14 from a bogus hotel in China.

      When the charge went through, they immediately reversed the charge so that it never showed up in the online banking system. Luckily, our credit union is awesome and caught the activity right away. They were actually in the process of alerting me and taking care of getting me a new card, etc. when the second charge for multiple thousands of dollars came in (which of course, it denied). If my credit union hadn’t smelled something funny about that $14 charge, we’d have been dealing with a much larger headache.

  7. I’d like to point that, for internet transactions, it doesn’t matter if the cc is Chip&Pin or MagStrip.

    Americans tend to believe that will be safer with C&P cards. Sorry, no – only in the case if someone physically stoles the card, and even so, in several places in Europe and US my C&P card worked without the need to enter the Pin.

    In Brazil, I need to enter the Pin even for an one cent purchase. In France, I bought a 30-days metro card (about 70 euros) just swiping the credit card…

  8. I voted no, but the hotel’s ability to cut down on such
    fraud is limited to threatening employees with dismissal if they are caught
    stealing card data.

    Story to illustrate the sophistication of some thieves: My wife was traveling in Asia and first
    presented her AMEX card to the first hotel the day she arrived. A few hours later, I received a phone call from American Express asking to talk with my wife.
    It seems their computer system picked up a charge for a call from
    California to South America. I explained that she was in Asia and the call had to be fraudulent.

    The problem is a dishonest employee stealing all the information and quickly passing this along to a confederate… or perhaps just receiving payment for the information.

    Hat’s off to American Express… for a more recent story: Again I received a call from American Express asking if we purchased some electronics for $300 in Michigan. We hadn’t. Their computers picked up the fact that the card had been used that same day here in Miami for gas and at a local supermarket and the incongruity of purchases with vastly different geography alerted them to possible fraud.

    Here’s another cute one:
    Waiter takes the credit card and copies the information down. The next week, the waiter enters the same information for another charge and at the same time removes cash for the same amount. The paperwork at the restaurant balances out and the restaurant doesn’t realize their customer has been

    Closed circuit TV at the desk, monitoring phone calls are probably some of the ways businesses can monitor their employees.

    1. My experience with AmEx is that they go WAY overboard in deciding whether a charge was questionable. In fact, as a card carrier since 1984, I almost cancelled a few years ago. You used to be able to tell AmEx if you were traveling abroad so they would anticipate charges from those countries. Now they won’t take that information. It’s such a joy to get off a transatlantic flight, turn on the cell to listen to messages, and there is message after message from AmEx to call them urgently. So, jet lagged, I’m calling AmEx first thing to tell them the charges were legitimate, when I tried to tell them beforehand. A few years ago I ordered a William & Kate commemorative plate from a shop in London. They didn’t even call me – they cancelled my card outright!!! I was livid.

      1. We were in Switzerland last August/September and prior to leaving called American Express. They welcomed the advance notice. As I write, my wife is is Asia and called Amerian Express to tell them which country she was visiting and for how long. I don’t know if the different type of card would make any difference. I’ve been a member since 1959 and it’s a Premire Reward card.

        1. I had a Gold card and the last time I travelled with it when I called Am Ex to let them know I would be traveling they basically told me not to bother them because they would know when my card was being used for fraud.

      2. I always call or email AMEX and they take the info and respond favorably. I have two, a corporate and a personal (Blue) and I’m also clear I’m only using the corporate one. Odd you had a bad experience; I’m a huge fan of them for customer service and fraud detection.

  9. “the hotel zeroed out their mandatory $25 a day “resort fee,” ”

    Got to love the irony of this. Because you were the victim of a non-hotel scam, we will waive our own scam charge we do on all our guests.

    1. I love how the resort fee covers printing of boarding passes. For $25 per day it better be in gold embossed paper. If you are going to scam customers like this, at least come up with a better description.
      I might be inclined to prefer having my card info lifted, which is a pain but in the end charges are removed, and have the resort fee zeroed.

  10. While not a hotel, the recent data breches at Target and Nemium-Markis (or however it’s spelled), show businesses don’t care out our CC security. Why do they feel they even need to save this information? I know they use it for a return so you don’t have to show your card, but I would much rather show the card than have my info stolen from their servers. And then ti discover they save PIN numbers? There is no reason those should ever be saved like that.

    Until they stop merchants from saving CC information like this, no type of card is going to be safe.

    1. The Target issue was key logger software that got installed in the terminals at the cash registers. This collected info at the time of entry and sent it somewhere outside of the Target systems. While I agree that Target should have done something to at least check for the presence of this and they didn’t, they followed every rule about credit card data including not saving PINs on their systems.

      1. Please excuse if this replay becomes a double post, but Disqus is not working well from the phone – as normal.

        Do you have a reference to a key logger being used in the Target breach? I have not heard anything about a key logger being used and all written accounts I have read indicate it was a hack into the servers. Given the geographic breadth of the people involved, I find a key logger to be a questionable excuse. I’m not dismissing it, but would like a reference so I can follow up on it.

        But even if the Target case is dismissed for key logging, what about the Neiman Marcus data breach? Or all the other merchants who have had this type of data breach? The fact is, if they didn’t save the information, the information wouldn’t be there to be stolen.

        1. I believe the Target breach was a “Man in the Middle” attack. For brief instances, credit cards were decrypted while passing through their system. A virus captured the numbers, and passed them onto the perpetrators.

          1. Again. Any reference to support the theory it was anything other than a breach into the server? All reports I have seen so far says it was a server breach.

            And this is just distracting from the point of my post. The consumers are being put at needless risk by merchants storing information they really have no need to keep any longer than is needed to complete the transaction.

          2. Target does need to keep Ingo as the breach was within their own Reddy Card system. The Reddy Card is their own Reddy Card that is tied to the customer’s own credit or debit card. The advantage for the customer is that Target gives a 5% discount off all purchases made with the Reddy Card. Judge as you will, the 5% discount is the motivation to sign up for the Reddy Card.

          3. I don’t have, or signed up for, their card yet my informationwas in the breach. Why did they need to retain my information?

            Personally, I feel if they want to retain this information, they should have to get the customer’s permission by having them opt in first.

          4. Target has not officially announced what caused the breach. Anything stated here about the cause is speculation.

            However, it is a fact that Target follows every requirement the major credit card companies have in place to protect cardholders (i.e. not retaining PIN numbers and encrypting any data they do retain) and they still got hacked. We know they follow the rules because hey have passed every inspection the credit card companies have made.

          5. [i]Target has not officially announced what caused the breach. Anything stated here about the cause is speculation.[/i]

            They why were you stating “The Target issue was key logger software that got installed in the terminals at the cash registers.” as a fact when you knew that was not true according to your second statement that there was no official announcement as to the cause? Target has announced that the criminals forced their way onto their system.


            [i]However, it is a fact that Target follows every requirement the major credit card companies have in place to protect cardholders (i.e. not retaining PIN numbers[/i]

            If they were following every requirements (i.e. not retaining PIN numbers) then why…

            “Target confirmed Friday that debit card PIN data was stolen in itsrecent massive breach, reversing its earlier stance that the codes were not part of the hack.”



            [i]We know they follow the rules because hey have passed every inspection the credit card companies have made.[/i]

            And where did you see that they had even been inspected or even inspected recently? And can you provide any reference that merchants are routinely audited for security compliance? Seems that only happens after a breach is detected. And how good could the inspection have been if they missed the fact Target was retaining PIN information, which you claim to be a violation of the rules?”

            And as far as being in complaint to those rules…

            “The fact is you can be PCI-compliant and still be insecure. Look at online application vulnerabilities. They’re arguably the fastest growing area of security, and for good reason — exposures in customer-facing applications pose a real danger of a security breach.”

            Greg Reber, http://searchsoftwarequality.techtarget.com/news/1335662/PCI-compliance-falls-short-of-assuring-website-security

          6. PIN info was stolen during the time it was entered on their systems and forwarded on to the card issuing bank for approval of the transaction. That is why I shared my opinion that it was a key logger virus that was used. There is nothing that would indicate the PIN data was left anywhere on the Target systems in some file that was simply copied off. I should have noted in my original post that it was only an opinion I was giving. I will try and remember to do so more clearly in any future posts here.

            Target stated that the “criminals forced their way onto the system” which sounds better than “we left an open port attached to the internet allowing anyone who knew what they were doing to get into our systems.” The exact process used by the criminals still has not been publicly stated.

            Every large merchant is audited/inspected at least every two years by Visa and MasterCard (probably by other card issuers too). If a merchant fails that audit, it is made public information. I agree that the current PCI rules may be lax in many aspects and being compliant does not insure that something like the Target breach could not happen.

          7. Okay. For the sake of argument, let’s accept your premise that 1) the merchant was audited within the last 2 years. 2) They passed the audit. And 3) an open port was used to obtain the information.

            This only supports the claim that merchants don’t do enough to protect customer data. Anyone working IT knows an open port is a security risk. So regardless if the audit allows for open ports, or missed the port being left open, the fact that the merchant’s IT left it open shows a lack of caring. Either by not hiring competent people or they are doing just enough to pass an audit procedure that doesn’t really protect the data, or a combination of both.

            But regardless what was the underlying exploit used in this breach, we know that merchants like Target do keep CC info longer than what is needed to process the transaction. Don’t believe it? Go make a purchase with a CC at Target and then take it back for a return. Do they ask you for your CC to process the refund? No. They have it on file where they can bring it up and post the credit to you account. Target is not the only merchant that does this. An until merchants are prohibited from doing this, we are going to continue seeing these massive data thefts from merchants.

          8. I have no argument with any of your points. I agree that many merchants are lazy when it comes to securing credit card info and probably most other info they keep about their customers. But they need a push to do more and maybe some event like this will finally convince them they need to do more.

            And on the return, the merchant must keep enough info on file to built the return request transaction to send back through the credit card network so that the credit can be posted to your account. This can be tokenized information like transaction sequence numbers and other unique pieces of data that do not even include the actual card number (and returns do not require a PIN for debit cards). Whether or not Target uses that process, I don’t know. But the return process is driven by the requirement most merchants have that a refund must go to the original form of payment. If they could refund any old way, then you would be required to present a credit card at the time of refund if you wanted the refund that way.

            (And no I don’t work for Target or any other merchant that suffered a loss, so my comments are not meant to defend any of their processes for any merchants.)

  11. It’s time your banking system was FORCED to use chip & password technology, as they do in Europe & next door in Canada. More secure, still very easy to use. I would guess no one wants the added costs of changeover so your stuck with a poorer security system.

  12. Days Inn just photocopied my credit card at check-in. I questioned the employee. He said it is schreaded in one year. That makes no scence. Why is a photocopy sitting in their file cabinet? I could just snatch and grab that in 3 seconds right?

  13. Reardon did not have the time to file a proper report because she was on vacation? This in itself explains how credit card fraud is expanding. AX is a great company, as they list to fraud complaints and respond immediately.They have assisted me twice over the years. But he hotel was trying to figure out where the breach was, and Reardon wouldn’t give them the time of day. So sad.

  14. Isn’t it wonderful that the hotel “zeroed out their mandatory $25 a day resort fee”? So they eliminated a fee that’s completely bogus in the first place because they could build it in to their rates (which they won’t do, because then their rates won’t look artificially low) but choose not to do it. Does it really cost the hotel $25 a day to provide wi-fi or let a guest print a boarding pass? Not in a million years.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: