Originally Posted by
JTCz
The shocking truth is that the ACCOR credit card verification feature is a form just like the one for your names and such, they just record your CC number and send it to the hotel (btw, booking.com does the same), so that the front desk staff and everybody with access to that data (be it on location or by hacking into the hotel's systems / emails) can help themselves to your card details.
Unless I have misread your post, it is a bit misleading.
I have worked on and off for Accor for more than ten cumulative years and your statement is pretty misleading, at least in the context of my employment with multiple Accor hotels in Australia.
In the event of a prepaid booking direct with Accor, the hotel is NOT provided your credit card details prior to arrival. It goes through the OGONE payment system. The hotel receives their funds by BANK TRANSFER. The payment method on the booking (when it downloads into Opera) states "OGONE" - there are NO credit card details on file when it comes through OGONE. The credit card is only entered upon arrival for incidentals. If it is possible to retrieve CC numbers from OGONE prepaid bookings, that's at a head of department level of access on another website, because it does not download into your booking on the hotel's PMS.
In the event of third party booking (booking.com etc), there are two scenarios.
First, you prepay through the third party. Again, the hotel is NOT provided your cc details. The third party provides the hotel with a VIRTUAL CREDIT CARD to the value of the prepayment, which the hotel charges. This is the extent of the transaction between customer, third party, and hotel. The customer pays the third party, the third party pays the hotel. The customer's CC is NOT provided in this case.
Second, you book a flexible rate through the third party. In this case, your CC details are provided to the hotel, just like if you booked a flexible rate direct with the hotel. This way, the hotel can charge the card in the event of no-show.
In terms of the hotel itself and access to data - how many people have access to a CC number depends on how the hotel sets up its PMS privileges. In ALL cases, the CC number is redacted (except last 4 digits) and requires at minimum a double click to reveal, which shows up in audit, so the hotel can determine which user revealed the CC number. In all properties I worked at, only management accounts were set up to reveal CC numbers, regular Front Desk receptionists could not reveal CC numbers. Of course, standard IT safe practices need to be practiced, such as locking workstation when away and not sharing passwords.
Again, these are from my experiences working for Accor in Australia, so results may vary between regions, I guess?