booking.com not safe

198321

I recently booked a hotel in Thailand, through booking.com.

I used booking.com as they offered free cancellation and I did not feel comfortable to supply my credit card details to anybody in Thailand (fraud issues). Payment was supposed to be taken once I check in. Credit card was only to guarantee the booking, I would pay cash once there.

I have decided to cancel it (6 months before check in) but few days later payment was taken. I didn't mind that as I can just request refund. First problem was that hotel did not respond to my emails. I contacted bank to reverse transaction, but was told first I need to contact booking.com before I ask bank. I contacted booking.com customer service and they wrote to hotel, and I got reply I should call hotel in Thailand in the morning local time when manager is there, which is between 2am-6am here in Ireland. No way I would do that.

Eventually I got refund paid from booking.com and than it was up to them to try to get that money from hotel.

Booking.com sends booking confirmation to hotels by fax (i got copy of this fax by email from booking.com) with all my personal information, and card details including CCV code, expiry date, full card number, name on a card.


I was surprised to see that information was available to hotel at the time of booking with FREE CANCELLATION, and that it was done by Fax, which isn't secure (anybody with access to fax - including even cleaners or bar staff - could simply copy all my card details)

My card was charged twice with amounts 196 and 192. I had to request new card in bank and ended up with credit of 388 euro for few months until Booking.com refunded me (not actual hotel)

Just to warn anybody do not think your details are safe when booking hotel and since than I prefer to use prepaid visa card just to avoid any fraud on it.

Paulw

I've booked over 20 hotel stays with booking.com and have never had a single issue. I have found them good value, efficient and they offer a good selection of hotels.

aN.Droid

198321 wrote: »

I recently booked a hotel in Thailand, through booking.com.

I used booking.com as they offered free cancellation and I did not feel comfortable to supply my credit card details to anybody in Thailand (fraud issues). Payment was supposed to be taken once I check in. Credit card was only to guarantee the booking, I would pay cash once there.

I have decided to cancel it (6 months before check in) but few days later payment was taken. I didn't mind that as I can just request refund. First problem was that hotel did not respond to my emails. I contacted bank to reverse transaction, but was told first I need to contact booking.com before I ask bank. I contacted booking.com customer service and they wrote to hotel, and I got reply I should call hotel in Thailand in the morning local time when manager is there, which is between 2am-6am here in Ireland. No way I would do that.

Eventually I got refund paid from booking.com and than it was up to them to try to get that money from hotel.

Booking.com sends booking confirmation to hotels by fax (i got copy of this fax by email from booking.com) with all my personal information, and card details including CCV code, expiry date, full card number, name on a card.


I was surprised to see that information was available to hotel at the time of booking with FREE CANCELLATION, and that it was done by Fax, which isn't secure (anybody with access to fax - including even cleaners or bar staff - could simply copy all my card details)

My card was charged twice with amounts 196 and 192. I had to request new card in bank and ended up with credit of 388 euro for few months until Booking.com refunded me (not actual hotel)

Just to warn anybody do not think your details are safe when booking hotel and since than I prefer to use prepaid visa card just to avoid any fraud on it.

Read section 3 which is titled Privacy and section 5 which is titled Credit Card. http://www.booking.com/general.en-gb.html?dcid=1&sid=39ae3cecffc3b9f18ef5a31bdaf9415e&tmpl=docs%2Fterms-and-conditions

Spelled out very clearly there and you had to accept the terms when you booked.

ebbsy

Paulw wrote: »

I've booked over 20 hotel stays with booking.com and have never had a single issue. I have found them good value, efficient and they offer a good selection of hotels.

Yeah I have to say I have booked with them for hotels all over the world (including Thailand and Hong Kong) and never had a problem with them. I have always paid the hotel myself.

latenia

198321 wrote: »

Booking.com sends booking confirmation to hotels by fax (i got copy of this fax by email from booking.com) with all my personal information, and card details including CCV code, expiry date, full card number, name on a card.

This is just untrue. Why would a web company send out thousands of faxes every day?

aN.Droid

latenia wrote: »

This is just untrue. Why would a web company send out thousands of faxes every day?

Faxes do not need to be sent with a fax machine. They more than likely use some automated software that will fax the details using a computer system.

latenia

Limericks wrote: »

They more than likely use some automated software that will fax the details using a computer system.

You mean like some kind of "electronic mail?" That's crazy talk.

aN.Droid

latenia wrote: »

You mean like some kind of "electronic mail?" That's crazy talk.

Yes, essentially it is like an email but some business prefer fax.

bigbudda

Limericks wrote: »

Yes, essentially it is like an email but some business prefer fax.

Yup, booking.com send them by email and the hotels receive by fax....they are the only hotel booking agent that do so, afaik .......

Tippex

In fairness it is fairly common practice for individual hotels to receive the confirmations by fax (believe it or not some hotels actually insist on it).
Though I have never heard of the card details being transmitted on the fax confirmations.

wyndham

Don't understand your thread title. booking.com refunded you the money themselves and took it upon themselves to recover it. Therefore they are 100% safe. The card details have to be supplied to hotels in advance as they may wish to preauthorise your card to hold the reservation for you.

RangeR

Limericks wrote: »

Read section 3 which is titled Privacy and section 5 which is titled Credit Card. http://www.booking.com/general.en-gb.html?dcid=1&sid=39ae3cecffc3b9f18ef5a31bdaf9415e&tmpl=docs%2Fterms-and-conditions

Spelled out very clearly there and you had to accept the terms when you booked.

bigbudda wrote: »

Yup, booking.com send them by email and the hotels receive by fax....they are the only hotel booking agent that do so, afaik .......

wyndham wrote: »

Don't understand your thread title. booking.com refunded you the money themselves and took it upon themselves to recover it. Therefore they are 100% safe. The card details have to be supplied to hotels in advance as they may wish to preauthorise your card to hold the reservation for you.

I think is very clear. Booking.com have stated to the OP that they send personal details, including card info, in PLAIN TEXT to the hotel. To me, this is outrageous.

I have read their terms and conditions. They say

5. Credit card
Hotels require credit card details in order to guarantee your reservation. As such, we will send your credit card information directly to the hotel at which your booking is made and we may verify (i.e. pre-authorise) your credit card as well. In order to safeguard and encrypt your credit card information when in transit to us, we use the "Secure Socket Layer (SSL)" technology for our services.

So they encrypt the details when you are entering them. Nowhere in the document do they state that they encrypt the details while sending them to the hotels.

I would not use such a service again. To be honest, this is a clear breech of the Data Protection Laws. See point 4 below in the "MUST" category.

The Eight Rules of Data Protection

You must...

1. Obtain and process information fairly
2. Keep it only for one or more specified, explicit and lawful purposes
3. Use and disclose it only in ways compatible with these purposes
4. Keep it safe and secure
5. Keep it accurate, complete and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it for no longer than is necessary for the purpose or purposes
8. Give a copy of his/her personal data to an individual, on request

If it was me, I'd be passing all of this information onto the Data Protection Commissioner.

ebbsy

Whether you use booking.com or go direct you have to give your credit card number to the hotel anyway, as I said before I have never had an issue with them.

Paulw

RangeR wrote: »

I think is very clear. Booking.com have stated to the OP that they send personal details, including card info, in PLAIN TEXT to the hotel. To me, this is outrageous.

Errr ... if they email, it's in plain text, if they fax, it's in plain text. I don't see your issue. They don't transfer credit card details to the end hotels incrypted.

Do any booking agents???

I don't see the issue at all. The booking agent (booking.com) need to confirm your booking with any hotel by giving the hotel your credit card details. They have to. So, they fax the details.

Your only safer (and usually more expensive) way would be for you to book directly with the hotel and hope that they store your credit card details correctly.

RangeR

Paulw wrote: »

Errr ... if they email, it's in plain text, if they fax, it's in plain text. I don't see your issue. They don't transfer credit card details to the end hotels incrypted.

Do any booking agents???

I don't see the issue at all. The booking agent (booking.com) need to confirm your booking with any hotel by giving the hotel your credit card details. They have to. So, they fax the details.

Your only safer (and usually more expensive) way would be for you to book directly with the hotel and hope that they store your credit card details correctly.

They shouldn't email or fax in the clear, ever. If they MUST email, they can simply encrypt the details.

Would you enter your credit card details on a website that only uses HTTP [not encrypted]?
What's the difference?

You do realise that an email sent from source to destination passes through a multiple of servers all over the world? There is no direct connection from booking.com to the hotel in question. That one email could leave credit card details on many servers world wide. It's exceptionally easy to auto search server logs for card details. They are a known length, known prefix and all confirm to Luhn 10 check for accuracy.

Whoever booking.com use for their email to fax solution, have all those card details too.

Nody

RangeR wrote: »

They shouldn't email or fax in the clear, ever. If they MUST email, they can simply encrypt the details.

...

Whoever booking.com use for their email to fax solution, have all those card details too.

Welcome to the Internet; your details are as secure as they are in the real world (i.e. not at all).

I'm sorry but are you surprised by this? Do you think Booking.com is somehow a unique company in working this way? Anyone who thinks their CC is EVER secure should not be allowed to have one; the CC is stored everywhere with companies, in CC devices (which can be downloaded by the merchant with full numbers etc. before you ask) in stores etc. They are never safe, they were never safe and they will never be safe. Hence you need to keep an eye on your CC statement to spot any potential frauds and deal with it (CC cancelled, items reversed and/or virtual cards) accordingly.

There is no safe way to pay for anything through any medium (cash can be stolen from you or be fake) so we need to deal with the reality of here and now. It does not matter if it is cash, cheque, debit card or credit card as all has risks and benefits.

RangeR

Nody wrote: »

Welcome to the Internet; your details are as secure as they are in the real world (i.e. not at all).

I'm sorry but are you surprised by this? Do you think Booking.com is somehow a unique company in working this way? Anyone who thinks their CC is EVER secure should not be allowed to have one; the CC is stored everywhere with companies, in CC devices (which can be downloaded by the merchant with full numbers etc. before you ask) in stores etc. They are never safe, they were never safe and they will never be safe. Hence you need to keep an eye on your CC statement to spot any potential frauds and deal with it (CC cancelled, items reversed and/or virtual cards) accordingly.

There is no safe way to pay for anything through any medium (cash can be stolen from you or be fake) so we need to deal with the reality of here and now. It does not matter if it is cash, cheque, debit card or credit card as all has risks and benefits.

There is safe and there is safe. "Some" companies sign up to PCI and actually strictly operate by it. They may hold the Card details but they sure as **** don't let anyone see them, not even employees unless they have clearance. And I'm not talking major financial institutions either.

Here is what I expect.

1. My details to be safe
2. My payment details not to be passed onto ANYONE, even if they need payment
3. My payment, less fees, be sent to the end supplier.

Many, many, many companies operate on that principle. Why not booking.com? Data Protection is Data Protection. If you know of a company fluting it [and have proof], report them.

I certainly won't be using booking.com any more.
I don't use just-eat.ie for the very same [or similar] reason.

aN.Droid

RangeR wrote: »

I think is very clear. Booking.com have stated to the OP that they send personal details, including card info, in PLAIN TEXT to the hotel. To me, this is outrageous.

I have read their terms and conditions. They say


So they encrypt the details when you are entering them. Nowhere in the document do they state that they encrypt the details while sending them to the hotels.

I would not use such a service again. To be honest, this is a clear breech of the Data Protection Laws. See point 4 below in the "MUST" category.



If it was me, I'd be passing all of this information onto the Data Protection Commissioner.

Again, they spell it all out in their terms of service which you have to agree with before using their service.

It's up to you whether or not to use them after reading them and to be very honest they are very easy to read and in plain English. Not many companies do this and I applaud them for that.

As has been stated there is always a risk no mater what way you pay or be paid. Fake notes, cancelled checks, stolen credit cards.

You pays your money and you takes your chances!

198321

I am not saying booking.com is terrible, it took me ages to get refund, but eventually I did.

The point is that I got PROOF that they did send details by FAX 6 months earlier, even if I had free cancellation. I thought booking.com have my details, and if I do not show up they can give my details to hotel to charge me no show fee. (1 night I think)

I find it funny that they all (not just booking.com) say details send to them are encrypted and 100% secure (on web), and than they deal with it by fax?

I think much better way would be not to give details to hotel so early.

Not to mention I was charged twice higher amount than total for booking from my credit card and had to pay over limit fee - which I didn't get back.

I red terms and conditions of booking.com and I agreed that details would be supplied to hotel, but it was supposed to be safe, right 100% safe(?!).

Obviously it wasn't, they charged me full amount twice, took me few months to sort it out and at the end if it wasn't for great customer service of booking.com I would not be sure if I would get refund.

At the end, when it comes to payment by card, we have to trust people that we give our details to, but to send my full details by fax to Thailand?

Nody

198321 wrote: »

I am not saying booking.com is terrible, it took me ages to get refund, but eventually I did.

The point is that I got PROOF that they did send details by FAX 6 months earlier, even if I had free cancellation. I thought booking.com have my details, and if I do not show up they can give my details to hotel to charge me no show fee. (1 night I think)

No hotel I know of works that way; they all insist on having the details in their system as they don't know if the website will be there at the time you check in.

I find it funny that they all (not just booking.com) say details send to them are encrypted and 100% secure (on web), and than they deal with it by fax?

They are secure (and if you believe the 100% secure the more fool you are) at Booking.com's server; that means you can re-use the CC easier; the sending was already covered up above.

I red terms and conditions of booking.com and I agreed that details would be supplied to hotel, but it was supposed to be safe, right 100% safe(?!).

They guarantee their side and server; I'm quite certain their ToS will say the same but you read 100% as being world wide guarantee which does not, and will never, exist.

At the end, when it comes to payment by card, we have to trust people that we give our details to, but to send my full details by fax to Thailand?

I made a reservation in a hotel in Thailand (300+ beds) back in 2010 which I had stayed at before 4 months before arriving in low season and guess what they required? A fax of my credit card! Why? Because with out it they would not reserve a room for me as that's how the hotels in Thailand operate. Don't like it then I suggest you book a trip with a travel agency who'll do it for you or offer to pay by bank transfer in advance.

198321

Nody wrote: »

No hotel I know of works that way; they all insist on having the details in their system as they don't know if the website will be there at the time you check in.

They are secure (and if you believe the 100% secure the more fool you are) at Booking.com's server; that means you can re-use the CC easier; the sending was already covered up above.

They guarantee their side and server; I'm quite certain their ToS will say the same but you read 100% as being world wide guarantee which does not, and will never, exist.

I made a reservation in a hotel in Thailand (300+ beds) back in 2010 which I had stayed at before 4 months before arriving in low season and guess what they required? A fax of my credit card! Why? Because with out it they would not reserve a room for me as that's how the hotels in Thailand operate. Don't like it then I suggest you book a trip with a travel agency who'll do it for you or offer to pay by bank transfer in advance.

we all have a choice and my point wasn't to discourage anybody from using booking.com, I believe 99.99% bookings are fine. The point was to post how it works and everybody can do whatever they like.

I will use booking.com again, but will use prepaid card to guarantee my booking (prepaid shouldn't be used, but it worked for me few times since).

Also if it's free cancellation what is the point to guarantee booking? I can cancel it anytime (i think up to 7 days prior to arrival) and they can't charge me a cent. They can if I agree with some deposit, but I am sure there was no deposit and total payable at the time of check-in.

bigbudda

The point of your CC details to gaurentee the booking has nothing to do with the free cancellation.
If you don't cancel your reservation within the cancellation period, and also don't show at the hotel, then your CC details are needed to charge the cancellation fee.

If you want to be secure about your credit card number then use a website like Hotels.com or Venere.com where u pay at the time of booking and there is no need to send on CC details to hotels!

keithclancy

bigbudda wrote: »

The point of your CC details to gaurentee the booking has nothing to do with the free cancellation.
If you don't cancel your reservation within the cancellation period, and also don't show at the hotel, then your CC details are needed to charge the cancellation fee.

If you want to be secure about your credit card number then use a website like Hotels.com or Venere.com where u pay at the time of booking and there is no need to send on CC details to hotels!

Hotels.com are the same.

I booked with them and the Hotel I checked into already had my card details and had billed it as a Cardholder not present transaction.

MOH

I had a similar issue with booking.com before.
Instead of being charged directly by the hotel, I ended up getting charged at an exorbitant exchange rate by a company I'd never heard of.

Booking.com kept insisting it was the hotel at fault (who kept denying it), then after months of e-mails eventually admitted that it was a third party agency that they used as an umbrella to pay hotels in the country I was in.

They didn't seem to see anything wrong with their passing my credit card details to a third party, or charging me on their end when the card was supposed to have been given for security only. Plus their repeated denials dragged the whole thing out so long that it was too late to do a chargeback.

They're a shower of cowboys. I'd never trust them with my e-mail address again, let alone credit card details.

bigbudda

keithclancy wrote: »

Hotels.com are the same.

I booked with them and the Hotel I checked into already had my card details and had billed it as a Cardholder not present transaction.

That's very strange ... I work in a hotel and any hotel.com reservations we receive have the guests name, arrival and departure date and room type...that's it!! Afaik they only had the option to pay online!

-=al=-

Used them the other day for a booking and it was fine... All be it I haven't gone to the hotel yet!

But one thing to note is to just make sure you note the hotel policies... I wasn't aware I was actually paying for the hotel in full at that point in time on the CC... thought it was a little bit sneaky since it wasn't actually mentioned very evidently anywhere on the booking process

So just check the hotel policies on the main page for the hotel... it should say "The hotel reserves the right to pre-authorise credit cards prior to arrival"

Just a FYI to look at... has it happened to anyone else?

As for the CC details going thing... It looks like a perfectly legitimate site that uses all the correct protocols to transfer the information accordingly, none the less... I hope :pac:

OakeyDokey

I've used Booking.com for years now and never had a problem with them. I find them convenient and hassle free.

-=al=- Usually when you book with the Free Cancellation option it doesn't charge your card and holds your reservation till you arrive but mind you the room price goes up at least €20/€30.

keithclancy

bigbudda wrote: »

That's very strange ... I work in a hotel and any hotel.com reservations we receive have the guests name, arrival and departure date and room type...that's it!! Afaik they only had the option to pay online!

Perhaps it varies per country, this was in Germany, the lady gave me the printout from the Visa Machine.

snowey07

Ive used Booking.com for years , actually I wouldnt use anyone else as I like their free cancellation / no costs upfront option.

I have easily used them on 20+ ocassions and have never had any issues. I have just booked 5 different hotels in Thailand with them for an upcoming trip and like that my card details are stored with them so I can book easily and quickly .

However there was quite a few accomodation places listed that said you didnt need a credit card to book , maybe you could book with accomodation that offers that option ?

Sully

Just to clarify a few things here as I have seen how Booking.com operate.

- When you go to book, it states under 'Hotel Policies' about prepayment and cancellation. Furthermore, it states about the credit cards and says 'The hotel reserves the right to pre-authorize credit cards prior to arrival.'

- When you book, its done over SSL which is safe and secure.

- The booking is then 'faxed' automatically and instantly through a computer from Booking.com to the hotel. Many hotels use faxes in the traditional sense but many others have a type of 'efax' where the fax is sent to the hotel as a PDF. This is common for many/most booking sites. The fax the hotel receives has a little note inside in it about keeping the data secure.

- In the event you have an issue, you can take it up with Booking.com who will indeed contact the hotel. They give a period of time for the hotel to respond.

Booking.com operates the same way many other hotel booking websites do. Its a very reliable operation that also employs people here in Ireland. Its a safe and secure process. If you book with another company or directly via the hotels website, its done mostly in the same fashion. You book online via a secure connection and the booking information is sent by email or fax to the hotel.

CommanderC

latenia wrote: »

This is just untrue. Why would a web company send out thousands of faxes every day?

I work in a hotel in Dublin City Centre. Our bookings come through by fax.