Credit Card Email to Reserve in Italy

Anything is possible. There are lots of ways for criminals to acquire credit cards numbers; high-tech and low-tech. Is it possible that the "fraudulent" activity was actually the hotels legitimately charging your card and your bank misinterpreted it?

I don't like to email credit card information. The email can be forwarded ad infinitum and everyone could potentially have your card information.

For transactions like yours, I prefer to call the hotel with the numbers. It costs, but it's not bad for a brief call. Another alternative is to fax your card number but that has it's own security issues.

Sometimes the fraudulent activity the bank is picking up are transactions you authorized. I recently had a legitimate charge for my daughter's instrument rental that, for the life of me, I couldn't get the bank to clear. I ended up changing the account I charge it to.

Usually any charge from overseas creates an alert in the banks' systems. Yours are from the US and may be unrelated to the hotels in Italy as another poster mentioned.

For transactions like yours, I prefer to call the hotel with the numbers

A phone call isn't any safer: a clerk could write down the number and sell it to a criminal group, the number could get removed from the garbage bin, the hotel's computer might be infected with a virus.

No method of sending CC info is foolproof; which is why we're protected from fraudulent use.

The two charges (one for over $500 and the other for $70) were both made in a US city across the country from me. Neither was related to a hotel in any way. It probably was a coincidence, but it did give me pause. You're right---it's great that the credit card company catches it, and doesn't charge me! At least I should have the new card before I leave next month! Thanks for your input.

I'll bet it wasn't a concidence, but I'll also bet that no one at the hotels in Italy copied and used the CC numbers. The fact that the charges were in the US suggests another villain at work.

A very computer-savvy friend has told me that the bad guys have ways of spying on e-mail transmissions, using a program that searches for the pattern of numbers used in a credit card (like 16 digits). For this reason, he says to never send a CC number in one e-mail. Either divide it into two separate ones, sent a day apart, or send it by fax (which cannot be spied on in transmission) or on a secure website.

I made reservations in Italy myself this year, and found that places were very familiar with the "two e-mail" method of sending CC details.

I use the two email method when sending my credit card information. So far, so good...

Same here, for the reason Sasha said.

I've used the one email method for many years and never had a problem. If you use the two email method, keep in mind that your entire CC number will eventually be stored in the hotel's computer. If that computer is infected by a virus the number can still be stolen anyway. IMO this is more likely method of fraud than an email being intercepted. No method is foolproof.

Maybe you've been lucky, or maybe the security of e-mails depends on your provider? I've always felt that generic providers like yahoo, aol, etc. migh tbe less secure. I know that each time I place an order on Amazon, I get a "phishing" e-mail within 48 hours or so after. (I have yahoo). The order was secure, but when Amazon confirms by e-mail, somehow my e-mail address is picked up.

It's all a mystery to me, but I just follow some simple rules and have never had a problem, yet.

As for the information sitting on a hotel computer being vulnerable to viruses---wouldn't that apply as well to information entered on a secure website? I would hope that hotel computers are well-protected from viruses. And what about airline websites, shopping websites, etc.?

Thank you for sharing the two email suggestion. I will try that tonight!

As for the information sitting on a hotel computer being vulnerable to viruses---wouldn't that apply as well to information entered on a secure website? I would hope that hotel computers are well-protected from viruses. And what about airline websites, shopping websites, etc.?

There's a big difference between the security provided on a e-commerce site like Expedia/chain hotel, and a small family owned hotel/B&B. Expedia is using the latest state of the art encrypted servers. The small hotel is probably using a regular PC purchased through Dell. If they don't keep the virus protection software updated "funny" stuff can happen. Conversely if the person sending the email to the hotel doesn't have their AV protection up snuff the email can be intercepted that way.

I would never recommend sending ccard info in email. When an email is sent, it leaves your computer and goes to the sender via many computers before reaching its destination. Once at the destination, it could be re-forwarded to anyone (very easy), sent by virus to a server (likely), or given away when the computer is sold (left on the harddrive). There are many other ways the info can be obtained before it reaches its destination - but I'll spare you all the details. The 2-email method sounds OK-ish. The logic seems sound but you're still sending your ccard number via an unsecured method (ie plaintext email). Faxing seems OK too. Refaxing a ccard to others is a decision that one must make and its not an easy one unless they're already a criminal. I would really prefer to call, but some hotels in Paris have replied to us that they only accept ccards via email. I will probably forgo staying at these, but may not have a choice. I hope this info will help someone make an informed decision. I'm not sure what approach I will take but I don't feel comfortable with any of them at the moment. TJ

Just wondering, as I am not an expert in security technology . What about the idea of sending the e-mail number having typed it on document which you have then scanned and attached to the e-mail? This would not be subject to scanning en route, it would have to be intercepted and opened.

Problem is that if there is a virus on your computer it can infect an email attachment, which will then possibly infect the recipients computer, and when they open the attachment, your info will be possibly exposed to bad guys. Bottom line, be it telephone/fax/email/handing your card physically to a waiter or sales clerk there is no 1000% secure way of protecting CC info. Every methods has it's risks which is why we're protected against fraudulent charges. Over the years I've personally had four CC/Debit cards canceled and replaced by my banks over the years because of fraudulent charges/activity. They ranged from a local supermarket chain that had it's servers hacked, to a trip to China where my CC number somehow fell into the hands of some criminal group. In all cases the bank spotted the activity before I did, notified me, canceled the cards, and immediately sent replacements. It's never been hardship, never lost any money, and life went on;)

Not sending your CC number by email might make you feel safer but really is just paranoia. There is no higher risk emailing your CC info than any other method. The highest risk is what happens to your CC info once it is received, not how it is transmitted. Major corporations have had their computers hacked and CC info stolen. Employees can sell the info to criminals. Computer technicians could steal info when repairing computers. When you go to a restaurant you give your card to a waiter and he/she takes it into a back room to process. The bottom line is you are not financially responsible for fraudulant activity. So relax...

"If there is a virus on my computer it can affect an e-mail attachment..." First off, IF there's a virus on your computer then everything you do is is suspect. The question posed was can an attached doc be seen electronically as it goes through the clouds the way people feel that e-mails can be hacked directly. Nothing about viruses. Some seem to feel that e-mails can be read as they transit. If this is so, what about attachments? Second, we only use MACs. End of virus issue. Third - and this is for all of you out there. You can drastically reduce the likelihood of your e-mail getting penetrated if you use an e-mail client that is physically on your computer, e.g. Outlook. The people whose e-mail accounts get hacked and taken over are usually those doing their e-mail online via free providers such as rocketmail, hotmail, etc. Leave your address book and e-mail in the clouds, someone will get in. I handle my high school class network, and I've had several instances when i am spammed from someone's e-mail account. Every time, they were using a freebie server, and they were doing this via their browser, rather than e-mail client. Yes, there are times when you are not at your computer that you will do e-mail via the internet, but don't keep your information there. And at least use a secure e-mail service such as g-mail, I've yet yo see a g-mail account hacked. As for credit card fraud, the only instances we have had in 30+ years were when someone physically obtained a card by theft, or illegally copied the number for later use. And in one totally bizarre instance, someone attempted to use our home equity line of credit via credit card - an inside the bank job, as we never got credit cards for this, and had never used the line of credit.

Sending ccard info as an attached scan might not work either because many places have a policy, due to virus concerns, of not accepting emails with attachments.

Some credit card companies (Bank of America and Discover, for instance) let customers generate "virtual" credit card numbers. You can usually set the upper limit than can be charged to the virtual number and how long the number will last. I often use these numbers when ordering things over the Internet. That way, if the virtual number is compromised, I won't have to get a new credit card. Also, if you use a different virtual number for different transactions, you can isolate where the number was compromised. It is a bit of a pain to login and then create a virtual number, but it may be worth the trouble to protect the actual number of your credit card, especially on the eve of a trip. (Note: Yes, I know the fact that Discover does it doesn't help much when going outside the U.S.)

Larry writes: "...IF there's a virus on your computer then everything you do is is suspect. The question posed was can an attached doc be seen electronically as it goes through the clouds the way people feel that e-mails can be hacked directly. Nothing about viruses. Some seem to feel that e-mails can be read as they transit. If this is so, what about attachments? Second, we only use MACs. End of virus issue...." That's all good and fine Larry, but if you do all that and a dishonest clerk at the hotel writes your CC number on a piece of paper then sells it to a criminal group it's all moot.

No more or less moot, Michael, than if a dishonest waiter in New Paltz writes down your credit card number on his pad while he is taking your card to the register to process, and sells it to some criminal group. And no more or less moot, Michael, than the SAME dishonest clerk at the hotel in abroad doing something with your credit card information when you make your actual payment. My posting was about whether attachments can be read in transit. It had nothing to do with any of the other issues you raised in reply.

Exactly Larry, fraud comes in all forms low-tech and high-tech, it can happen at home like the supermarket example I cited, or traveling to China which I again cited. Good news is that we're all protected from fraudulent use...so no worries:)

The more I think about it, if you believe that e-mails can get read as they go point to point, that it would be secure sending cc numbers by way of a scan attached to an e-mail.
The scan is a graphic, most likely a jpeg, not text. There is no text hat can be picked up by any automated program.

I have been booking hotels and flights for our upcoming trip to Spain and this evening I had a call from our credit card security outfit wanting to go over some of the credit card charges and - low and behold - there was a fraudulent one amongst them. So we had to cancel the card which is darn inconvenient. I am pretty sure that my credit card number got hacked somewhere in the booking process, some of which was by email and some on the hotel websites.

I do my part, not taking my business to any hotel that requires CC info to be handled in any way other than a secure website interface. If a hotel wants my business, it ought to invest in a https payment system, or else I'll sleep somewhere.

maybe i'm the oddball, but i don't see the great fear about sending a credit card number in an email. if it was a debit card, sure, as those funds would be tied up while things were sorted out. but any decent credit card has a zero liabilty policy for fraudulent charges. a certain level of prudence is justified, but it's not like they can hack your retirement account if your CC # is stolen. people will be so ridiculous as to send two emails to break their card number up but will still use paper checks to pay their bills through the regular mail.

Remember the recent thread about pros/cons of SFOPs (small, family owned places)? Here's another advantage. I've stayed in about 40 SFOPs in the last decade, and I have never been asked to give a credit card number to reserve a room. (In fact, most of the places don't even take credit cards.) But this was in Germany/Austria. I don't do Italy, so I don't know how it works there.