I've emailed several hotels in Germany and Italy about room reservations, and they often reply to email them with my credit card number to reserve it. I can't believe people agree to do this! Email isn't secure.
How have you gone about reserving such rooms? Any suggestions?
Ruth, try to book those hotels via www.hrs.com, the leading European hotel reservation service. If the hotels of your choice aren't on there then don't email or fax your credit card informaion. As you've said it yourself: Never put anything in an email you wouldn't also write on a postcard! If necessary call them. That's at least much saver than email or fax...
Hi Ruth--I've frequently been asked to fax the cc number, expiration and code which I've done but it bothers me since who knows who might have access to the fax machine at the hotel. I've also send 1/2 the cc number in one email and the other 1/2 in a second and a few times given the numbers over the phone. So far I've never had any problems.
Most CC fraud comes from very low-tech methods, like sifting through garbage cans, or clerks selling numbers to criminal organizations. Thus you run the same risk if you use email, phone, or fax. The chance of your email being "intercepted" is astronomical. I put my CC info in email all the time for reservations, never had a problem.
Put bluntly if a hotel isn't sophisticated enough to have established a website that has a protected credit card payment function then it isn't worth bothering with.
Even the smallest European hotels have their own web sites and all the customer protection that one would expect if using credit cards as a means of deposit payment. Either that or they register with an accommodation website that provides these facilities.
No way would I ever email or fax credit card details. In fact if any hotel or B&B ever asked me to do such a thing all sorts of alarm bells would go off in my head.
Anyone who has honest intentions can establish a paypal account at the very least.
Hosting and maintaining websites cost money and time. Lots of the establishments listed in Rick's guidebooks are independent family run operations. Keeping things simple is how they keep costs down. I've stayed at dozens of hotels that don't have websites and/or fancy encrypted credit card severs. They are wonderful places to stay, and legitimate businesses. I wouldn't expect a small hotel with only 10 rooms to go through all of that trouble.
Hotels in Europe are not like hotels and B&Bs in America. Many do not have websites and many require you to email them your credit card info. Some take cash only. We've had to do that a few times and being used to the American website secure transactions, it was uncomfortable. However, everything worked out fine. We had no problems.
There is a common myth, urban legend, that the transmission of e-mail is risky and unsecured when, in fact, the complete reverse is true. Remember who developed the internet and for what purpose. The transmission of e-mail is far more secure than transmitting a fax. The "problem," if there is one, is what happens to your number after the e-mail or fax has been received and is laying around the office. But it is no different than when call and give your number over the phone. The risk is the end user. You assume a much greater risk giving your card to a waiter than an e-mail.
How to deal with it? Some will split their number in two or three e-mails. It adds a very small margin of security. I use a credit card that is only authorized for local payments so if it is compromised in Europe, it will not work. Now, I have read some posts recent where the hotel will run a small charge of $5 to $10 to check the validity of the card and then reverse the charges. Hasn't happen to me
You have essentially 4 choices:
1) Email them the credit card information
2) Fax them the credit card information
3) Call them and provide the credit card information over the phone
4) Don't stay at hotels that are small and family-run and don't have a secure website.
Choose the one that you feel most comfortable with. Perhaps I'm naive, but I always email my card info when a hotel requests it for confirmation and have yet to have a problem.
Ruth, how did you decide "email isn't secure?" Compared to what? Handing your credit card to any person behind the counter at stores you shop or to waiters in restaurants? As pointed out already by previous posters, the worry isn't your info being stolen in the email.
To reply to something Frank asked, I have had a hotel charge the room for 1 nite to my credit card and then reverse the charge. It was a RS recommended hotel in Rome. Which means I get a charge of a few dollars for the exchange conversion fee.
Finally, if you're worried about your info being stolen there is something you can do to minimize your losses. Some credit card companies will let you generate temp numbers to which you can set dollar limits and expiration times. So if someone does steal the number they can't rack up 5K in charges. Two cards I know that do this are Citibank and Bank of America.
Ruth, one way I have done this is to send the information in separate emails. Most hotels should understand and comply. Like I send the card number in one email and the expiration date in another. I admit though that it's still tough to send that information. Calling works as long as the people speak enough English to make it work. Most Germans speak English, but that doesn't mean it's perfect.
Ruth- a few alternatives:
Andreas--You exist just to give me great answers to my travel questions, don't you? :-) Thank you again!
Tom--I've heard of the single use numbers, but I haven't really investigated it much. I do have a BofA card, though, so I guess I should find out how to go about it!
Now as for the email security questions:
Frank--First of all, email predates the Internet. Second, email is not a secure method of digital transmission. Period.
Mike--How did I "decide" email isn't secure? The same way I "decide" grass is green? It's just a fact. Email is only secure if you're using some sort of method of encryption. And while I have a GPG key, I'm still pretty new to actually using it and feel better about good ol' https forms.
I really hope other people don't find you guys saying that email is secure and assume it's safe to send things like credit card numbers and passwords through it unencrypted.
Michael S--I don't necessarily disagree with what you said. Life comes with risks! When I wrote to Mike, I was replying to the person posting as "Mike," not you.
Ruth, there is no question that unencrypted email is susceptible to interception. The real issue is the magnitude of the risk; it's not whether something "could" happen but whether the odds are one in a thousand or one in a billion. You can be hit by falling spy satellites, but not many people refuse to leave the house out of fear of falling debris.
Can you point to a single case where personal info has been stolen by intercepting email between sender and recipient? I doubt it. But websites with card info are hacked, laptops with info are stolen, disks holding data are lost. Your data is vulnerable to this even if you were to hand your credit card in person to a business and never used email at all; as soon as they enter the info into their computer or swipe your card, you're at risk. The danger is in the storage, not the transmission.
Aside from the US government, widely believed to intercept ALL overseas internet traffic (and probably the domestic traffic too since Bush is fighting to give the telecoms immunity to lawsuits) I don't think anyone is watching your email.
Mike has it right Ruth - the risk in the email is that the person who receives the email might use your card number- exactly the risk you take when you had the card to the stranger waiting your table. I use wonderful, small hotels and B&B's when I travel to Europe. I send all the info in an unsecured email and no problems so far. And Al, I guess the MGM Grand Hotel in Las Vegas is an "unsophisticated" hotel because I had to fax my credit card authorization (complete with name, number, exp date & signature) to them this past January to pay for a room.
Ruth, I have to agree with most posters - most of the places RS recommends will ask this. I almost always fax my credit card info. If I am unable to fax it I call and give it over the phone. I would never send it through email. My husband is a computer guru - works for one of the large companies and would kill me if I sent our info over email. I asked him about this when planning our first trip and he said it was absolutely insecure. If you must email it then split it up into 2 or 3 emails as other posters have suggested.
I don't want to clutter a travel board with a lot of technology debate that most people reading this site won't care about. If anybody wants to continue it, though, feel free to send me a PM.
As for relative risk, the question was how you usually deal with these requests. For comparison, I can leave my iPod on the seat of my car where I live, and it's likely nobody will break the window to grab it. Or I can take the lower risk option of hiding it in my console out of sight. So why wouldn't I choose the lower risk option every time? Andreas had a great response of a site that securely handles many of these transactions. If the secure choice is equally good and easy, there's no way it's not the better option. Period.
calling or faxing has worked for us. If you want to travel RS way and stay with Mom and Pop operations with his budget hotels, I think you have to accept this.
I agree with most of the posters. I sent my card number by e-mail and had no problems. It made securing small hotel reservations a breeze. Besides, I don't think Europe has quite the same number of meth addicts rifling through mailboxes as we do here.
I find this thread amusing in terms of the intensity of opinions about not sending credit card information via e-mail. Obviously, each person should do what they feel comfortable with.
However, if you consider the number of e-mails that are sent every second of the day - billions? What are the odds of your one e-mail being intercepted? Let's say one in a billion? Then, if you split your CC information into two e-mails. What are the chances that one person would interecept BOTH e-mails? One in two billion? What if you send your CC information in three e-mails.....it's pretty obvious that the odds are astronomical.
As someone said, the greater danger is what the receiver of your CC information will do with it - now you are dealing with the trust factor.
I think it might be helpful to check your credit card activity on the Web regularly to monitor for purchases you didn't make.
That way you can alert them in a very timely manner if necessary, and presumably you won't be responsible for the charge.
You should never send your credit card info .
Find a website that uses a payment system so you can track it down if something goes wrong.
If hackers are going to get your credit card information, they will probably do so by putting their efforts into a giant mainframe computer that handles such transactions, so they can rip off thousands of credit card numbers at once. They won't waste time "sniffing" for one e-mail, never mind the problems associated with trying to find the second one, if you split your number into two.
without repeating too much - many of the other posters here are correct - the chances of hackers intercepting a single email is slim; the other end is the potential risk - where is that email sitting on a pc or printed out. The risk of handing a waiter (or any merchant who takes it to the back) a card is probably greater. That said - one must do what they feel comfortable with (better over than under cautious - but one must also be realistic). The hotel will not charge the card before you go - and in many cases it may not even work if your credit card company is preventing over-seas charges without your permission (hence you you call them before you leave). SO there are many options to chose from - some better than others! :)
