How can hotels securely receive your credit card details (for a custom, one-off payment)?

Question

A hotel belonging to a large chain (400 hotels in 60 countries) has just requested me to send my credit card details via standard (unsecured) email.

I have negotiated a deal for accommodation with them, via email, outside of the standard packages available on their website, but now I need to pay their booking fee. They don't have the facility to enter an arbitrary secure payment via their website.

The issue I have is that I am convinced that whatever method I use, the hotel will probably just email it in plain text internally to some payment clerk or whatever to keep on file. So is it better to just tell them over the telephone and hope for the best?

I think this is a violation of PCI rules, and could cost the hotel their PCI certification. — MCW, Dec 27 '12 at 13:20
@dodgy_coder I'd be nice if you chose an answer... or write your own solution as an actual answer. — unknownprotocol, Apr 28 '14 at 05:42

score 6 · Accepted Answer · answered Dec 27 '12 at 06:29

6

Why not purchase a disposable Visa/ MasterCard/ Amex with the exact amount on it? Then you only have the amount they agreed to at risk. Even if something bad happens, it only happens to the funds they agreed were for the purchase.

answered Dec 27 '12 at 06:29

Everett

1,516
1
12
20

I also just came across a potential [solution by PayPal](https://www.thepaypalblog.com/2007/11/introducing-the/). If you have a PayPal account, you can apparently generate a 'one-time' credit card number for single use, which just withdraws money from your PayPal account. Looking into it a bit further however, it seems to be no longer supported? The link to the [paypal website plugin page](https://www.paypal.com/paypalplug-in) is inactive. – dodgy_coder Dec 27 '12 at 12:58

score 3 · Answer 2 · answered Dec 27 '12 at 07:48

This is, unfortunately, common practice. What I fear is that they store credit card details. If you are lucky they have a centralized IT point for the whole group that's PCI-DSS compliant.

In the event that your email gets intercepted and someone steals your credit card and goes on a spending spree, it will result likely result in the following:

You call your CC company and tell them someone went on a spending spree with your card.
Your CC company reimburses you.

I've never had any CC company being difficult in paying back after there had been fraud with the card.

Agreed, I've only ever had one fraudulent credit card transaction happen before, which I managed to charge back and get refunded by the bank. Unfortunately we probably all end up paying anyway in terms of increased c/c fees and interest rates. — dodgy_coder, Dec 27 '12 at 12:44

score 2 · Answer 3 · answered Mar 11 '14 at 06:13

I had a hotel in Brazil email me about sending them my credit card details to pay my reservation in full and in advance, due to the World Cup frenzy.

I came up with three alternatives:

Reply saying email is insecure and that you will call them.
Bank of America and some other banks offer a service to their credit card customers called ShopSafe, which creates "limited credit card numbers" linked off your regular card. You setup the max limit, and the expiration date and a credit card number is generated, complete with CVV number.
Buy an accepted gift card for a bit over the needed value. Larger amounts are harder to do though.

How can hotels securely receive your credit card details (for a custom, one-off payment)?

3 Answers3

Linked