When your credit card gets compromised at a hotel
A day after Sheilah Reardon checked into the Bellagio Las Vegas, she received an e-mail alert from American Express warning that her credit card had been compromised. Among the fraudulent charges: a $67 bill from an online memorabilia store.
A day later, her friend Jennifer Henderson got a call from a MasterCard representative. Her card number had also been stolen. The thieves had made a $67 charge at the same online store moments after they hit Reardon’s account.
We had checked into the Bellagio at the same time, side by side,” says Reardon. She and Henderson believe that their credit cards were targeted while they were at the resort — most likely while they were checking in — because it was the only time when their cards were used together. Reardon says that she hadn’t used her card, a “travel-only” Amex, since a trip to Florida last summer.
This kind of identity fraud cost American businesses and consumers $21 billion in 2012, the most recent year for which numbers are available, according to Javelin Strategy & Research. It found 12.6 million victims of identity fraud in the United States that year, the highest level since 2009. Javelin’s figures also include data breaches and other types of fraudulent purchases.
Identity fraud is a perennial concern for travelers, and particularly for hotel guests whose cards are frequently used on the road. But the problem seems to be getting worse, and there’s no quick or easy fix.
Bellagio claims that it takes “strict precautions” to maintain the security of its guests’ digital information. After Reardon complained of the breach, it contacted her multiple times in an effort to take a full report, but she declined to give one, according to the hotel.
“We regret we were unable to utilize our full resources to bring this matter to a more satisfactory conclusion, but maintain that our security measures are effective,” says Mary Hynes, a spokeswoman for the resort.
Reardon, a school administrator from Raynham, Mass., insists that she filed a complaint but didn’t have time for the lengthier debriefing, since she was on vacation. Besides, she says, she was left with the impression that the hotel was indifferent to her and her friend’s problems while they were staying there. “At least they could have pretended to care,” she says.
But Bellagio’s initial response as described by Reardon may be typical of the hotel industry, which is often careless about customer data and dismissive of fraud complaints, say experts and guests.
“Hotels are a massive source of credit card fraud,” says John Sileo, a digital privacy expert who runs the Web site Sileo.com. “In fact, the travel industry in general is ripe for the picking because of a variety of factors, including the distraction of travelers, high usage of credit and debit cards, high turnover of employees, and failure to perform employee background checks.”
Sileo believes that Henderson’s and Reardon’s breaches probably occurred at their hotel, but he can’t be sure who was behind the theft. Their cards may have been compromised while they checked in, with an employee swiping their cards and then feeding the information to someone else. Or someone else standing near the check-in area and using a smartphone could have recorded their card numbers and verbal data, leading to the compromise. “The chances of it not being internal to the hotel — either an employee or a thief standing nearby — is minuscule,” he says.