Hacker Hotels 6/8/14

When you arrive at a hotel and hand over your plastic, you assume there are stringent safeguards in place to protect your information. “The major credit-card companies require businesses to have standard data protections if they want to accept credit and debit cards. It’s called being PCI compliant. But we found that a number of hotels may not be.”

At this Super 8 motel in New York, the manager said he “had not heard” about PCI compliance. An assistant general manager at a Red Lion in California also said “I never heard of this.” Similarly a manager at an America’s Best Value in Washington state said, “I have no idea” about PCI compliance.

Margot Gilman “In the past, hackers have taken advantage of weak security at hotels. For instance there were three documented data breaches at properties of Wyndham Worldwide several years ago.” According to a complaint by the Federal Trade Commission, “security failures” at Wyndham Worldwide led to more than 10 million dollars in unauthorized charges. Wyndham Worldwide and its subsidiaries have many brands including the Super 8 chain. In an email to Consumer Reports, a Wyndham spokesman said that each Super 8 is “independently owned and operated” and is “separately required to be PCI compliant.” However, a spokesperson for Super 8 owners disagrees, saying “Wyndham is responsible for PCI compliance.”

So how can you find out if the hotel you’re considering has the kind of security that credit card companies require? Margot Gilman “There is no substitute for doing your own research. Call any hotel or motel you are considering and ask if they are PCI compliant.”

Consumer Reports is published by Consumers Union. Both Consumer Reports and Consumers Union are not-for-profit organizations that accept no advertising. Neither has any commercial relationship with any advertiser or sponsor on this site.

All Consumer Reports Material Copyright ©201 4 Consumers Union of U.S. Inc. ALL RIGHTS RESERVED