‘This is a major violation’: Hotel might face $70 million fine after employee discovers they keep guests' credit cards in system after they leave

Advertisement
  • 01
    "This is a major violation" WWGED LA 386 Al SERVIZZE GOTT ASLA س نمرة - Ros Bumatisee his t BYCRANK
  • 02
    Yes, I am putting your credit card through a scanner machine.
  • 03
    So I just saw a post on askhotels questioning the legality of copying a clc card and drivers license for clc reservations. It's pretty standard for every hotel that I've worked at to do so. However. This
  • 04
    is the first hotel that I've worked at that requires us to put a guests ID and credit card through a scanner machine with every check in. It's basically like a little copy machine.
  • 05
    It takes a copy of their license and credit card and automatically saves into our files. My GM says that it's because they've had an issue with chargebacks in the past and this is proof that the guest
  • 06
    stayed with us. It's soooo awkward whenever I'm questioned by a guest (usually someone dirt old) because who wants to hear “oh I just put your information through
  • 07
    a scanner machine". I've had the extremely long and anxiety inducing conversations about it with two guests out of the 4-5 months I've been here so it doesn't happen often. I usually
  • 08
    make up some jumbo bs that it makes a copy of their ID and saves their credit card information on their reservation and automatically deletes after 30 days. My GM also says that she
  • 09
    makes up some nonsense whenever she's questioned because it'll be "a whole thing" if she tells them the real reason.
  • 10
    I can pull up credit cards from at least 6 months ago because my GM doesn't go through the files to delete it.
  • 11
    Edit: Someone in the comments said that it's $25k fine per set of compromised card details per PCI- DSS rules. Not all of the ID scans are in the same folder. Some are scattered but it dates back to
  • 12
    January 1st of 2023. If they are reported, it would be at least $70,362,500. I simply cannot fathom owing 70 million. AT LEAST.
  • 13
    I haven't scanned any ID's or credit cards today either. Thank you everyone informing me how this is.
  • 14
    craash420 2 days ago If the credit card info isn't encrypted this is a major security violation, and your hotel is looking for trouble.
  • 15
    ddplant_ca. 2 days ago 100% that data is not encrypted lol If by some miracle it is, the password is on a yellow post-it note
  • 16
    chlorohydex OP · 2 days ago Please. My GM doesn't even remember the password. She just uses "forgot password" and does the 2 way auth lol
  • 17
    Shadow Dragon8685 1 day ago You should probably look into it and write up a very simple, one-page memorandum, about how your "security policy" is exposing your hotel to a
  • 18
    regulatory thermonuclear armageddon if your little database of people's PII gets compromised, and suggest an immediate revision of the policy and torching that database. You do not want to get thrown under the bus for this ļ
  • 19
    mrdumbazcanb. 1 day ago If it's all in the same folder, just check the number count at the bottom, divide by 2 and multiple by $25,000.
  • 20
    chlorohydex OP. 1 day ago Okay, so this is an estimate of course but it came out to $70,362,500. 5,629 items, divided by 2 which came out to 2814.5. Then multiplied that by 25,000. I cannot imagine owing at least 70 million dollars.
  • 21
    richardrpope · 20 hr. ago You are also liable. Your boss telling you to do this is no excuse. If you went to do this with my info I would walk out and call the FBI in the morning.
  • 22
    craash420 2 days ago I'd strongly suggest you check your state law to see what your personal liability might be, IDGAF if corporate burns for their ineptitude but you should cover your !
  • 23
    chlorohydex OP - 2 days ago Good idea! I've always had a feeling this was wrong but now I'm realizing this is like.. potential lawsuit wrong and I definitely don't want to get caught up in it.
  • 24
    SamSamDiscoMan 2 days ago Copying a credit card and ID is not proof that a guest stayed with you. It's proof that you have a copy of their credit card and ID. Your manager is very mistaken.
  • 25
    Open-Adhesiveness-70. 2 days ago That copy is proof that the guest was physically there and provided payment. How would the copy exist if the guest was never there to provide those things?
  • 26
    chlorohydex OP · 2 days ago That's her argument. However I feel like it's a huge invasion of privacy too. Especially since she doesn't delete them. There's hundreds of different credit cards saved in our computer that ANYONE can gain access to
  • 27
    ilikeme12 days ago It's one thing to check someone ID. No way in I'd let some hotel scan it along with my credit card though. Major security violation there. If I had any fraud afterward I'd be pointing right back at that hotel.

Tags

Scroll Down For The Next Article