How secure is your credit card when you check into a hotel? Not very.
Studies have shown that hackers steal data from hotels and the hospitality industry more than any other sector.
Peter chatted with Joe Sharkey of The New York Times about his recent experiences with credit card fraud and how travelers can protect themselves on the road.
Peter Greenberg: You check out of a hotel and pay with your credit card, and then all of a sudden something unexpected shows up on your bill. We’re talking about the growing incidents of credit card fraud. So tell me this, Joe, what do you have in common with a company called Etunes?
Joe Sharkey: Looney Tunes. Nothing, except the fact that Etunes, whatever that is, billed me $23.76 … oddly, the same day I checked out of the Arizona Biltmore Hotel in Phoenix. I’m in a habit of checking my American Express statement frequently because this also happened to me about a year and a half ago. Back then, it was a series of charges that added up to like $499 each for iTunes.
Now, iTunes is obviously a legitimate company, but somebody had hacked into my credit card and banged all these charges onto it. What I found out was last year the hotel credit card hacking, not done by the hotel, is the leading sector of fraud for credit card hacking. And the reason for that is that hotel point of sale computer systems are famously not up to speed in terms of protections against hackers. I guess the upshot is that when you do travel, it’s important to check your credit card statement and look for those rogue charges that you know that you didn’t make.
PG: Listen to this: 38 percent of the hacking breaches that were investigated last year occurred in hotel credit card systems. That’s staggering.
JS: If you go on Amazon, for example, that’s one great big sophisticated credit card operation. Whereas at hotels, the point of where you enter the information are each individually operated systems. Some hotels in the past couple of years have not had a lot of money to spend on the back office kind of stuff like that. In this case, it was obvious that it was a fraudulent charge. Now it was only $23 right? But when I called American Express Platinum to have this resolved I was not at all pleased with the immediate response, which was to try and sell me credit card fraud protection.
PG: You’re kidding.
JS: I think that’s what I pay the $450 a year for, right? But their immediate reaction was, well the merchant has said that this is a valid charge. I said, all you have to do is Google the merchant and you’ll find out.
Get the full scoop on all aspects of travel safety and security with Analyzing Post 9/11 Safety & Security: Airports, Trains, Hotels & Beyond
PG: When a credit card tries to sell you what they call credit card fraud protection, it’s gilding the lily. Under the federal credit law as long as you report the loss or the fraud within in a certain amount of time your maximum liability is zero. If you don’t report it I believe it’s $50. So the point is, why are they selling you fraud protection when you already have that built into the law?
JS: And when they know that, I’m unhappy. Maybe send me a letter later on, but don’t do that in the phone call to resolve the problem, which is obviously not something that I was responsible for.
PG: How long did it take them to resolve it?
JS: It took three phone calls.
PG: You’re kidding. For $23?
JS: I was not going to give up the $23. I said, look, the one thing I don’t want you to do is eat the $23 just to keep me happy. I said, you must keep the $23 away from those people. They assured me they did. Keeping me happy is not the issue; the issue is fraud.
PG: I’m one of those guilty ones, Joe. I don’t look at my statement often enough. I need to do that because I’m traveling all over the world and I’m just happy that they still accept my card.
Find out: Travel Tip: How Safe Is Your Hotel Safe?
JS: You’re a perfect example because your statement is very, very complicated and it is easy to overlook a little charge. And as I understand it, once the hackers hit once successfully they’re like bingo! This is an open channel now and we can sort of very stealthily build up our fraud on this particular credit card. First, they want to determine that the card will work in the sense of them being able to bang it. Once they do that they bide their time and then they hit it again and again and before you know it, it’s real money.
PG: The thing about this fraud which most people don’t realize is: If they want to figure out if the card is going to work to begin with they realize that every different card—whether it’s American Express, Visa, MasterCard, Discover—has what they call floor limits. Even if you have no preset sending limit on American Express you have a purchasing pattern, and the computer knows that. You have floor limits at different stores and different merchants, and the floor limits can be as low as $25 in certain areas. So the first charge they are going to bang you out for is going to be way under $100.
JS: That would explain the weird $23.46.
PG: Exactly. They don’t want to go over that limit to see if it works. Once it goes there, they know they have a home run.
JS: That’s exactly how I understand it. Again the thing is you have to check your statements. Because apparently the hotel industry at the top, particularly at luxury hotels—which are now starting to dig out of the recession—haven’t spent the bucks to make sure the systems they have are up to date in terms of hacker protection.
PG: There’s one more thing which I wont call a fraud, but I will say it’s an issue for me. And that is blocking charges.
JS: Oh, yes!
PG: You know what I’m talking about. This is especially true for people who have a Visa or MasterCard, it doesn’t necessarily apply to American Express. When you check into a hotel and they ask to see a credit card, you think they’re going to take an imprint of the credit card so they can charge you when they check out. That is not what they’re doing; they’re blocking charges. They’re actually swiping your card and they could be charging you anywhere from $100 to $300 a night, just in case you go nuts and try to rip off the mini bar. The problem is if you are using a card with a credit limit like a Visa or a MasterCard they could almost max you out without you knowing it. Then you go to buy dinner later on and your card is denied. So my advice, if you’re going to get a credit card blocked at a hotel, use an American Express card and then check out using a Visa or MasterCard.
By Peter Greenberg for Peter Greenberg Worldwide Radio.
Related Links on PeterGreenberg.com:
- Travel Tip: How Safe Is Your Hotel Safe?
- Analyzing Post 9/11 Safety & Security: Airports, Trains, Hotels & Beyond
- Vacation Rentals: Tips, Tricks & Questions You Need To Ask
- Travel Safety & Security section
- Hotels & Accommodations section