I just posted this on the Czech forum, but maybe this one is better. We were asked by a well know hotel to send our credit card info to reserve a room. Is this safe to do and is there a better way?
I answered on the Czech forum but you might want to delete that one to avoid duplicates. I have done this by email often without a problem. I break up the number and sent it in two separate emails.
I just had to update my credit card info with two hotels, Rome and Venice, because the previous card was cancelled due to fraud. I emailed half the card numbers and expiration date from one email address and to remaining numbers and security code from an different email address. The hotels matched the two emails. Both emailed me back to confirm receipt and confirmed the reservation.
Be sure to set alerts on your card and monitor your account. Because I had previously communicated to these two hotels I was comfortable emailing my information.
If you book through Booking.com, your credit card info is entered thru their site. I was able to update my credit card information with two other hotels thru Booking.com site. Both hotels confirmed the update.
I have done this quite a few times with no problems. I do have alerts set up on my cards. A few times the inn has offered to call me for the number. I have always found the hotels to be very earnest in protecting my credit card into.
The few times I've done it, I've broken up the numbers into 2 emails. However, I've read that your biggest risk with sending credit card info by email is with someone at the recipient's end misusing it, as opposed to it being intercepted along the way. But I'd still hesitate sending credit card info in one email.
We used to regularly beat this question to death but not recently. Few people understand internet security and make lots of assumptions. There are two parts to the question -- transmission and receipt. Transmission is not a problem and perfectly safe, or nearly so, from being intercepted. Breaking into two parts or more, different e-mail address, etc., gain little if any additional security. Our government spends billions trying to intercept emails with so so success.
The real threat (still low) to security is when it is in an unsecured hotel computer or in the hands of the hotel employee who has copied the number from different emails and is now on a slip of paper laying openly on a desk or thrown into a waste paper basket. How it is transmitted (email, phone, letter, etc.) makes no difference if the hotel is sloppy with the number once they receive it.
My approach is simply to use a single credit card that is only used for internet confirmations and purchases. If that card is ever compromised, it can quickly be cancelled with min consequences since it is not tied to anything else. Over many years we have sent credit card information over the internet to dozens of locations with no problems. There is always a little risk but it is very, very low. So send it and don't worry about it.
Thanks for all the ideas. Frank, I like your idea of having a second credit card for these transactions. I will look into that.
Have done this often on my yearly trips to Europe since 2001 and I do as others have done and break the number into two emails and I have never had a problem.
If the hotel doesn't have a secure portal to submit my credit card information, I just call the hotel and give it to them.
What am I missing?
For me, I don't think I even have the capability to call a number in Europe. Emailing the info has never been a problem for me though the idea of having a credit card specifically for this or other more "risky" transactions is a good one. We've had fraudulent charges on our cards a few times, and they've always happened when we've been at home.
To call landlines around the world, I use Skype. Cheap.
What am I missing ?? Your number is how in the hands of the hotel, B&B, staff. That is the weak link!!! They will write the number on a pad, notebook, etc., and then enter your number into their system. The same as if you had entered your number over the internet. The internet, by original design, is very secure. It is the humans that screw it up. In fact, giving your number over the phone is the less secure method for transmission.
Like Jules, over the years we have had three cards compromised (and one cell phone). All in the US and all caught without any damage by the Chase's security. But it is a pain to untangle some of those cards.
I think anything you do is subject to fraud. Even if you enter your credit card thru a secure website it can be hacked. I feel like it is something you just live with. We always check our credit card statements thoroughly. We once found n $800 artificial Christmas tree on our statement! Wasn't us! Our credit card companies have always been good with customer service and actually most of the fraud issues we've had were discovered first by our credit card before any significant damage. A couple times we've had small charges in an odd location. The credit card rep said that those can be "test" transactions by unscrupulous people.
is there a better way?
I like my Bank of America credit card, which provides "ShopSafe protection." The free online service allows you to "generate a temporary credit card number that links directly to your real credit card account number. Your card number remains completely private and protected." You provide that number to your merchant, instead of the "real" credit card number.
I use the ShopSafe feature anytime I shop online, whether US or international. Each time you generate a ShopSafe number you specify an expiration date (2 mos to 1 year) and a dollar limit (you do have to manually estimate currency conversions.) I create a new ShopSafe number each time I book a hotel, buy an advance train ticket, purchase entrance tickets to a sight, reserve a rental car, etc. It is also possible to re-use a ShopSafe number, increasing the dollar limit as required by your successive purchases.
My physical card number is never at risk. Even if a ShopSafe number is compromised, the maximum exposure (to the credit card company, not to me, of course) is the limit that I set for that number, which can be "closed" to any further activity. It's like having a (nearly unlimited) stack of "second cards."
One trick I've learned with using these over a couple of years and a few international trips - for hotel stays, it's best to set the ShopSafe number's expiration date to something beyond your stay: if the hotel tries to bill your ShopSafe number and it has already "expired," you don't want to risk that your reservation is cancelled!
My specific BofA card also has no international transaction fees, though that's not the case with all.
I don't know if it's unsafe or not to email the info. I never do. I agree a convenient time with the hotel and phone them. Most of Europe uses whatsapp which allows for free phone calls on a smartphone. When I lived in the US, there were numbers you could use for really cheap international calls.
The email itself isn't the issue. It's what happens to the email after it serves it's intended purpose. It's in a digital format that can be forwarded to anyone anywhere. A staff person who has access to the hotel's email can forward the email to a nefarious friend(s), or just copy it down and sell it, and your card information ends up on the dark web - ultimately being used to commit fraud.
You could email your card information a hundred times and never have a problem or just once and end up with your card shut down for fraud (hopefully not while you are relying on it overseas).
I think it's a million times safer to call the hotel and give them your card information. If not that, there are other relatively secure online payment options (PayPal is a popular one, I don't think the best one).
I'm not necessarily disagreeing with you , Brad, but if an dishonest employee retains or uses the credit card email dishonestly couldn't the employee also misuse the info provided via phone? When a credit card # is provided prior to a stay, what does an inn do with it? Does the full number go into a digital record (or paper) with the reservation? Or is it just a partial number? I feel like no matter how the card number is provided its vulnerable. So far, I like the idea of having a dedicated credit card for this purpose.
I found this article about what they refer to as "virtual account numbers" or "disposable numbers" - what I referred to as one-time use credit card numbers.
The risk-reducing advantage of such cards (now issued by several credit card companies) is that if one of the virtual account numbers is compromised, you can simply close out that number. Your "real" card number is not vulnerable. It is never revealed to the merchant and is never at risk. You don't have to cancel it and be issued a new card
I would not do it. Use Paypal instead.
If you insist on doing it, break up your card information into two emails.
Breaking a number provides no additional level of security. Most people do not understand how Internet data is transferred. It is not a linear transmission such as a telephone call. Anyone with a pair of alligator clips and headphones can intercept a phone call. There is absolutely no security with a phone call. For all practical purpose it is impossible to intercept an Internet transmission. The very weak link continues to be the human who has to handle the number at the end of the line. Hard to avoid that. Second, it is NOT a big problem. How many reports have you read of heard of cc numbers being compromised at a hotel, B&B, etc. Over the years have had two card compromised in the US.
I emailed the cc info the other day for an upcoming hotel stay in Madrid. No problem to this point. Just monitor your card activity and go on about your life.
When I had to send a new credit card number to "secure" the first night only of my Rome hotel, they sent a reply with my credit card number X'd out. I have stayed with them twice so far. No issues. But, out of habit, I do use a separate card for travel purposes which, if anything might happen, would not put a damper on my stay or anything else.
They are very careful with guests private information. I have found all the staff to be professional and trustworthy.
ETA: Hitching on to Frank's reply: My past visits to Italy, I had no problems using a credit card. And, I did monitor the activity. I always checked the card slip for a bigger purchase.
Many years ago, I had an issue with an online bookstore. I placed an advance order for something. A couple of weeks later, I noticed "little charges" on the card....The shipping addresses is what got them too. They charged small enough so that it would not or may not be noticed. I check things to the penny.
I called my bank's fraud dept. and the bookstore's CS. With the investigations, it was determined that it was an "in-house" employee (USA) who was taking advantage of pre-orders and the credit card numbers available. I got refunded and was told the (former) employee was dealt with.
I don't have any problems using a secure booking link on a hotel's website. Otherwise, I just call the hotel directly and give them the information over the phone.
Beware of how this person’s card was intercepted and follow the above advice to break up emails, use a designated card, etc.