A LoyaltyLobby reader sent me a note about an email exchange that he had had with the ibis Styles Berlin Alexanderplatz hotel that requested credit card info by email.
You can access ibis Styles Berlin Alexanderplatz’ website here.
Here’s the email from the reader:
A few days ago, I had to make a not-advance hotel booking in Berlin. Only flexible rates were left, so I took the Accor Le Club member rate. I added my credit card reference to guarantee the room for late arrival anyway, as my inbound flight arrives in the evening.
Everything seemed to go fine, including SMS and email confirmation. But then I received this:
Here’s the email from the hotel:
thank you for choosing Ibis styles Berlin Alexanderplatz.
We received your reservation for [REDACTED] until [REDACTED] for a single rooms.
You have guaranteed your reservation by credit card. Unfortunately we received an error message ( VISA CARD chosen, number entered is not matching to VISA) and the card details were deleted out of the system.
Please resend us the credit card details in order to guaranty for this reservation. You can use returning e-mail, the sending is secured.
We beg for understanding, that without the credit card guaranty the reservation is only until 18:00H on arrival date and might be released after this time if the room is requested by other persons.
Thank you for your kind reply in advance and we wish you an nice journey to Berlin.
Here’s some reader’s thoughts:
At first, I thought it was a scam by some dishonest employee. My email is secured from my computer to my mail server, but not from there to Accor or anywhere else really. Nobody in their right mind should ever send credit card numbers over email.
Then I reread, and noticed that I had selected VISA but input my MasterCard numbers… Still. I cancelled the booking, made a corrected new one, and replied:
Reader’s reply to the hotel:
Sorry, I indeed selected the wrong card type.
However, my bank does not allow sending credit card numbers over unencrypted electronic mail.
I cancelled the flawed booking and made a new one that should be correct: [REDACTED].
Reply from the hotel:
we understand this security point, unfortnunately this is the todays world.
Your reservation had been released and rebooked by you with [REDACTED] and it is guaranteed also for a late arrival and flexible, so a free cancellation is possible until 18:00H for you.
So we wish you a nice trip to Berlin.
“This is the today[‘]s world.” Wow. I gave up, as my “problem” is solved and I didn´t feel like having an argument before I even come to the hotel.
I have chosen a wrong credit card type several times when buying airline tickets and usually prompted by the website that the number doesn’t match the card type chosen.
It is really not appropriate for the property request updated credit card info by email while claiming that the system is “secure” when it certainly is not. Also, there has been number of breaches over the past couple of years where hackers have gained access to POS (Point of Sale) used by the hotels and captured the card numbers.
I have never understood why none of the hotel chains allow one to update the credit card info over their websites? Cards expire, get canceled and new ones issued. How likely that you still have the same card number up to 12 months later?
There have been few cases with Accor where properties have requested members to send copies of their credit cards and IDs for prepayment purposes. None of this make any sense.