Hotels have replaced restaurants as the most likely place to have your credit card data stolen, according to a story by ABCNews. In the past 18 months, thieves have increased attacks on hotels because of the amount of credit card numbers hotels have on file. Statistics show that 38% of data breaches came from hotels in 2009, versus 13% from restaurants.
One Hack Fits All
Since hotels chains often use the same software programs, a hacker only has to break into the computer system of one hotel in the chain and can then potentially break into every hotel in that chain and even sister hotels owned by the same parent company.
Hotel employees are another potential source of credit card fraud as they can be part of a credit card skimming ring.
No Federal Law for Data Breaches
Unfortunately, there's not a Federal law about data breaches. Instead, the hotel's response to a data breach is governed by state laws. Alabama, Colorado, Kentucky, Mississippi, and Colorado don't have laws requiring a company to take action in a data breach. States that do have laws typically require the company to alert the cardholder within a certain period of time. However, you may not be notified promptly if law enforcement thinks sending a notification would affect the investigation.
Credit Cards Offer More Protection
Hotels require a credit card to reserve a room so there's not much you can do to protect yourself from hotel data breaches other than to avoid staying at the hotel. You can reduce the damage by using a credit card rather than a debit card to reserve a hotel. If there's a data breach and your debit card number is stolen, the thief has access to the money in your checking account. Getting that money back could take a few days. Meanwhile, pending transactions could be reversed if you've opted-out of overdraft protection.
In addition, the law protecting credit card fraud is more "lenient" than the law for debit cards. If you wait too long to report a missing debit card, you could lose as little as $50 or as much everything from your account. On the other hand, if you report fraudulent credit card charges within 60 days, the maximum you could be held liable for is $50. If only your credit card number has been stolen, you're not liable for anything.
Always monitor your credit card billing statement and report any suspicious transactions to your credit card issuer immediately. If you're notified that your information has been compromised in a data breach, ask your credit card issuer to cancel that credit card number and issue a new one.