In fact, a study released this year found that 38 percent of all credit card hacking cases last year involved the hotel industry making them the number one target for credit card thieves.
"When you swipe your card when you come in, they have to actually hold onto that card information," said MagTek Chief Security Officer Tom Patterson. "When it's sitting there in the clear, in a computer with lots of employees that come and go, it's just too much risk for the consumer. So that's where the bad guys have been targeting and that's where the problem's got to be stopped."
Magtek is a Seal Beach firm that manufactures most of the credit card readers used in ATMs and for point-of-sale purchases.
He says it doesn't take the brilliance of a rocket scientist for a nefarious employee to hack into a hotel computer and steal your credit card info.
"The next step in that food chain, if you will, of the bad guys, are the local gangs that specialize in just operating, buying the stolen credit card numbers and then using them," said Patterson.
And use them they will. Earlier this month more than three dozen defendants were indicted in U.S. District Court in Missouri for allegedly creating an illegal black market in deeply discounted airline tickets. Those tickets were purchased with stolen credit card information with many of the victims from California.
One of the persons named in the indictment was stealing identities. He was taking credit card numbers and PINs while working at a hotel in Long Beach.
Through this black market gang, the total loss to airlines, banks and credit card holders was estimated at $20 million.
But Patterson says there is a way to put a stop to the theft of credit cards at hotels. It's something called "tokenization," which encrypts your card number. It is just now becoming available.
"When someone comes in and presents their card, you swipe it right there in front of them, or let them swipe it, and it's immediately encrypted," said Patterson. "And a token is created, a simulation of your card information there, that only works inside that hotel."
A credit card is swiped through an older reader and the information on the card is in plain sight on the computer. When swiped through a tokenizing reader you can see the name but the rest of the information is encrypted, making it impossible for the bad guys to read it.
Next time you check into a hotel:
- Use a credit card instead of a debit card.
- Keep receipts for ATM and credit card purchases.
- Check your credit card bills online during the trip, if possible.
- Report billing errors and lost or stolen credit cards immediately.
- Ask the hotel if they have tokenization.
"When they hand over their card to anybody, how are you going to keep my information safe?" said Patterson. "And I think it's a great question for people to be asking wherever they use their card today."