My feed
Premium
Please
or
to access all these features

AIBU?

credit card details to hold a hotel booking

16 replies

lurkerspeaks · 20/08/2014 11:57

I'm trying to book a small/ rural hotel in a particular location as accom. for a function (so there isn't really much choice). The function is not for quite some time (> 6months).

The hotel want all my credit details including the CVV number on the back. They way they store such details is written in their booking diary.

I have said I'm not very happy about this and am waiting for the manager to phone me back to see if there is a work around (eg. I'm happy to write a cheque).

My concern is that if someone who has access to the booking diary could go on an internet spending spree using my card details.

I am interested to know if I'm being overly paranoid or not…

Interestingly if it was an online booking system I would have gleefully typed in all my card details without a second thought….

OP posts:
Report
IsThisOneTaken · 20/08/2014 12:00

Nope... They shouldn't be doing this under data protection for exactly the reasons you've described.

Online, details are (usually) encrypted before they're stored which offers some protection.

The way the hotel describes, anyone could access and use your details.

You're right to refuse.

Report
Iconfuseus · 20/08/2014 12:00

I agree with you and I would not be willing to give them my information in this way.

I'd rather just pay a deposit on a credit card or in cash.

Report
MagratsHair · 20/08/2014 12:02

If they want the CVV number then YANBU. If that book gets stolen then your card details are all there for use.

Presumably they are asking for them in case you don't show so they can still charge one night for the room, which is standard policy. When I've stayed at hotels before I give them my card details online as I can't book without it but the difference is my full card details are not written down for anyone to have a nose at if they so wish.

They may not accept a cheque as a cheque can be cancelled if you don't show. Can you offer to pay a deposit online or a offer to send them a cheque to cash now?

Report
Goldmandra · 20/08/2014 12:05

I wonder what the credit card provider would advise. I have a feeling they may say that you are liable if someone does decide to use it simply because you are aware it isn't being stored safely.

Report
ItsAllGoingToBeFine · 20/08/2014 12:07

I'm pretty sure the credit card provider at the hotels end would not be happy with what they are doing either...

Report
NotMrsTumble · 20/08/2014 12:12

Actually they could also be in breach of their card processing providers regulations also. I know our business has to certify annually that such information isn't stored or is securely encrypted if it is stored, although I do have sympathy with the hotel in that no shows cost the business money. Perhaps this is why some hotels offer a reduced "no cancellation" rate payable in advance. Offer to pay one night as a deposit by cheque now - they can cancel your booking if it doesn't clear!

Report
jacks365 · 20/08/2014 12:17

We used to take payments by card over the phone. Writing the information down at all was a breach of terms for card payments and a sackable offence. The hotel should not be doing this.

Report
londonrach · 20/08/2014 12:49

Shocked re writing it in a diary. This needs reporting to do done as huge risk. Credit details should be encrypted.

Report
LurkingHusband · 20/08/2014 13:01

Little tip for all ... the CVV number is only ever needed for Cardholder Not Present transactions. It's never needed for in-person transactions.

We've scratched ours of our cards, meaning any shady characters are out of luck with us. Although as an aside, you're not supposed to give your card over for Chip & PIN transactions.

Report
DDDDDORA · 20/08/2014 13:07

All card details have to legally be stored in a secure location, it is not illegal for the hotel to have these details written down. You do realise that when you book online and put in all your card details, they are then faxed or e mailed to the hotel who then print and store them as they are part of your reservation confirmation to the hotel.
Your card issuer will investigate any claims of fraudulent activity and reimburse if they are proved not to be made by you.
Yanbu to be hesitant about giving these details but most hotels won't let you make reservations without them as it's there guarantee incase you don't turn up.

Report
Lonecatwithkitten · 20/08/2014 13:18

Dora is correct I do the debit/credit card compliance for my business. You can store these details as long as they are secured with only named individuals having access to them.

Report
IsThisOneTaken · 20/08/2014 13:26

I would be highly suspicious that any business that had to write down details (including a CV2 code) was taking satisfactory steps - 100% of the time - to keep those details totally secure (although I'm sure they will maintain they do if asked). It's not an easy thing to do.

And no - when you book on-line that doesn't automatically mean your full details are printed and faxed to the hotel - what on earth gives you that impression?

Certainly bigger chains (who you'd hope would adhere to PCI-DSS standards) would not be able to have full details physically recorded, anywhere - full details wouldn't even be able to be viewed on a PC. They'd be encrypted/truncated. I appreciate we're not talking about a big chain here and therefore they won't be PCI-DSS compliant, but I still wouldn't be happy about my details being recorded in a book that could technically be viewed by anyone.

Report
jacks365 · 20/08/2014 13:33

The reason we could not write them down was due to secure disposal of the details when no longer needed. Our waste disposal system was not deemed sufficient to ensure security. I query how these hotels dispose of the paper once finished with?

Report
DDDDDORA · 20/08/2014 13:36

Isthisonetaken I work in a large chain hotel as a receptionist (I have also worked for independent hotels) and this is what does and has happened at each one so that is what gives me that impression.
Oh and it isn't difficult to maintain if it is part of the routine.

Report
IsThisOneTaken · 20/08/2014 13:43

It's massively difficult to ensure 100% of the staff adhere, 100% of the time - for details not to be left on desks for so much as 10 seconds, even if you have a customer in front of you kicking off and demanding to be dealt with there any then.

For booking details to be recorded where no other customers can see - or other staff

For stringent checks to take place to ensure no data is held so much as a day more than it should be.

and, as Jack has mentioned, for it to be disposed off appropriately.

I haven't even touched on full details of what should happen if data is being kept properly secured.

Physical recording be how you've done it where you work - but I can assure you it doesn't happen everywhere; thankfully.

Note - I'm not talking about truncated details which can be bandied about in relative security. I'm talking about full details including CV2 codes.

Report
IsThisOneTaken · 20/08/2014 13:43

there and then

Report
New posts on this thread. Refresh page
Please create an account

To comment on this thread you need to create a Mumsnet account.