Skip Tags

Popular Tags

Decorative icon

The Resource Center Identity Theft & Protection The Resource Center | post

Identity Theft might result from a summer hotel visit

by Steve Schwartz on

Identity theft can result from an activity that millions of us will engage in this summer - the act of reserving a room and then checking into a hotel or motel.

Back in the old days when bank robber Willie Sutton was asked why he robbed banks, he replied "because that's where the money is." These days, identity theft predators are targeting resorts, hotels and motels because they know they can find a rich trove of customers' private information on under-protected computer systems.

In addition, there are now many reports of credit card information being stolen by dishonest hotel employees and used to quickly run up charges.

According to media reports, the Callaway Gardens resort in Pine Mountain, Georgia, only recently discovered an ongoing data breach in its credit card security system that began as early as September 2012 but was not detected until recently. The breach appears to have been caused by malicious software that got into and infected the resort's computer system. The resort has begun notifying all guests who stayed during the period they might be the victims of identity theft.

It's not just individual properties that can be the targets of identity thieves. Wyndham Worldwide Corp., the franchiser of Days Inn hotels and Super 8 motels and who licenses the Wyndham name to about 90 hotels, has been sued by the Federal Trade Commission over security breaches that led to more than 500,000 credit cards being compromised.


According to the FTC's complaint, Wyndham exposed consumers' personal data to unauthorized access three times between 2008 and 2009 and failed to take security measures to prevent future intrusions. The stolen data allegedly flowed out through an internet domain address registered in Russia.

The Radisson Hotels & Resorts chain had to send a letter of apology to its U.S. and Canadian customers for a data breach in that allowed third parties to gain access to some customer credit-card information for stays between November 2008 and May 2009.

Your exposure to identity theft in these situations can be doubled if you book your room through a third party website, which more and more is becoming the norm with people looking for the best room deals. You first give your private information including credit card number to the travel website. That website then transfers the information to the hotel or motel you have selected. Finally, you will likely have to give your personal information to the website and present your credit card again when you check into the hotel.

This opens your private information up to being compromised in several different places.

The Payment Card Industry (PCI) (its five founding global payment brands — American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc) has issued Data Security Standards (DDS) for businesses that process payments using their cards. The travel industry generally is still trying to come to terms with the problem.

What can you do to protect yourself? Paying cash is not really a viable option because if you do you will still likely have to hand over a credit card to cover any damages (or else a large cash deposit). Reserving rooms online is not an option for someone wanting to pay cash.

The best advice is to closely monitor your credit card bills in the months following any travel and to immediately report any unauthorized charges to the credit card issuer.