A hotel may get a pre-authorization from you to block your card for your stay in advance and then bill you at the end of your stay. How long after your departure can he continue to bill you? If a charge appears some time in the future, it is likely that the card has been compromised.
For example, reader Dan writes that 18 months after his hotel stay, the company charged his credit card: “Didn’t notify me, called, nothing at all. I just billed myself $ 300, 18 months later. Dan disputed the debit with his bank, had the card canceled, and received a replacement card, but no chargeback for the disputed amount. He wonders if the hotel practice is legal.
Business reports on compromised information
It seems likely that Dan’s card has been compromised. Maybe a dishonest employee used the card information to make an unauthorized debit, for example. Businesses have certain legal responsibilities to customers when they discover that a card has been compromised.
The Federal Trade Commission offers advice to businesses on what to do if information has been compromised: “If you promptly notify people that their personal information has been compromised, they can take steps to reduce the risk that their information has been compromised. be misused. “
There are a number of factors that businesses need to consider when deciding who to notify and how to notify them. These include:
- State laws
- What kind of compromise it is
- What type of information was disclosed
- How likely is the information to be misused
- Extent of damages in case of misuse of information
Companies must also provide details of the compromise. Based on state law, this could include:
- How the compromise came about
- What type of information was disclosed
- How violators used the information (in case the company is aware)
- All measures taken by the company to remedy the situation
- Comments on what the company is doing to protect individuals (such as providing credit monitoring services)
- Contact details of appropriate people in the organization
The FTC also says companies should let customers know how they intend to contact them for follow-up (for example, by mail), including whether they will not be contacted at all. This way, customers can avoid being duped by phishing scams from scammers who hold their information.
Credit card procedures
Card issuers have their own protocol for how to handle a compromised card situation. Although the instructions of the different issuers may vary, it is important to notify your issuer if your account is compromised and to cancel the card. This will reduce the potential for fraud as the compromised credentials will no longer be valid.
Since networks such as Visa and MasterCard have zero liability protection policies, you will not be held responsible for unauthorized charges. However, you should report them immediately, so keep an eye on your online account to make sure you don’t miss a thing. You may need to file a fraud affidavit with your financial institution. You may also be asked to file a police report to facilitate an investigation.
Issuers can give you an interim chargeback of the disputed amount after they have reviewed a case and have all the documents needed to process a dispute.
Since your Social Security number is not compromised when someone has your card information, it seems that identity theft is unlikely.
The bottom line
Dan, it appears the hotel has compromised your card information in some way resulting in unauthorized debit. If the hotel was aware of the situation, they should have followed the laws and informed you. You might consider discussing the situation with a lawyer to see if you have a case against the hotel.
If that reassures you, you can also use credit monitoring services, which are offered free of charge by some financial institutions. And don’t forget to provide merchants who will charge you on a recurring basis, say for a digital streaming service, with your new card information.
Contact me at [email protected] with your credit card questions.