Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Choice | Choice Privileges
Reload this Page >

Sleep Inn Denver Identity theft risk-new ID policy scan/store licenses

Sleep Inn Denver Identity theft risk-new ID policy scan/store licenses

Old Sep 24, 09, 10:16 pm
  #1  
Original Poster
 
Join Date: Jul 2005
Location: Atlántida, Canelones, Uruguay (MVD) and rarely GNV
Programs: AV LifeMiles, CM ConnectMiles, BA Exec Club. Former:ex-ASGold, ex-UA1K, ex-COPlat, ex-NWGold.
Posts: 2,673
Sleep Inn Denver Identity theft risk-new ID policy scan/store licenses

I've stayed at this property at least a dozen times. Recently improved decor over the average Sleep Inn, very friendly and helpful staff. Often asked to show an ID at check-in, to which I never object. That's become standard practice at all Starwoods, many Choice, and the occasional Hilton.

Last night I stayed there after a late arrival to DEN, before driving up the mountain today.

To my surprise, the desk clerk required that I hand her my license, because "we have to scan it and store it in the computer".

What an Identity Theft risk! A small business, with a few computers, no in-house CISSP-certified security experts (not that I'd expect that). Much larger businesses with huge Information Security departments and dedicated full-time 24/7 IT support have been hacked and had personally identifiable information/customer sensitive information stolen. TJ Maxx parent company TJX. Heartland Data Systems, one of the largest Credit Card Processors in the country.

It was 1am, I was dead tired from 6 weeks on east coast time so it felt like 3am, and it was already well-past chargeable no-show time. So against my better judgement, I checked in anyway, though let the (very nice but clueless about the issue) clerk know my opinion and asked she notify the manager.

This morning I spoke with the GM. She claims the owner decided this was a good idea. He had spoken with some other (not local Aurora/Denver) Police Department about how they'd had an investigation and a hotel was able to not only verify a guest reservation/check-in, but confirm the photo/DL and send it to the police.

I demanded that they send me within a week the following:
1. Their (the hotel's, not Choice's) Privacy policy.
2. Their Data Retention policy.
3. The Data Security policy and what type of HIPS (Host Intrusion Prevention System) they have. (hint, she didn't know what that was.
4. Their patching policy. To which she answered "we don't patch them, we keep them safe by being off the internet".

I really doubt they have a total gap between a pure-internal system and the internet. They also do have outside IT support so people come in to work on it. What about their data destruction policy if they replace a machine or a drive? I could go on and on.

I hate to do this, but FTers and other travelers should know that this hotel is storing enough information to allow hackers to commit various types of identity theft. Not at all accusing their staff, but botnets, maintenance releases (some commercial software has had viruses or trojans). At some point, even if the management doesn't know or understand the details (and why should they, they're not IT), that machine is exposed to the outside world.

Oh, the manager told me that the policy is if someone objects, they then instead do a "visual verification" of the ID. Except their staff hasn't been trained to know that or even to understand that there are good reasons why someone should object. So the very nice helpful clerk demanded it and gave me no choice if I wanted to stay there.

Fraud warning going on my cards after this experience.

Great low-end airport hotel otherwise. I've recommended it before, and was planning more stays there. Cheapest mid-week park-n-fly in the area.

But it's off-limits as far as I'm concerned while they have this dangerous policy.
MarkXS is offline  
Old Sep 27, 09, 5:29 pm
  #2  
 
Join Date: Jun 2005
Location: Huntsville, AL
Programs: DL FO 1.4MM, Hilton Diamond, IHG Platinum, Avis CHM.
Posts: 7,161
Originally Posted by MarkXS View Post
To my surprise, the desk clerk required that I hand her my license, because "we have to scan it and store it in the computer".

What an Identity Theft risk! A small business, with a few computers, no in-house CISSP-certified security experts (not that I'd expect that). Much larger businesses with huge Information Security departments and dedicated full-time 24/7 IT support have been hacked and had personally identifiable information/customer sensitive information stolen. TJ Maxx parent company TJX. Heartland Data Systems, one of the largest Credit Card Processors in the country.
Thank you for the warning.

I think I would have either walked and demanded a cancellation, or would have paid in cash. They have no legal right to scan and store your government issued IDs.

No way am I gonna let some hotel scan in my DL in these days!

David
DiverDave is offline  
Old Sep 28, 09, 9:38 am
  #3  
 
Join Date: Apr 2002
Posts: 2,219
Simple Solution = Find a new place to stay (You don't need that nonsense at check-in).
TTT103 is offline  
Old Sep 29, 09, 7:24 pm
  #4  
 
Join Date: May 2006
Location: BOS and ...
Programs: UA 2MM, DL 500k, WoH 1M, HH Gold, Rad. Gold, CP Gold, Miracle Fruit-su Club
Posts: 9,910
I've actually had this happen, too. It was at one of the Choice Hotels up on the Olympic Peninsula, and I was dead tired like the OP, but I was flat-footed and my red flag didn't go up. My reaction was, "Meh?" I haven't even thought of it again until now. I can't even remember which hotel it was. Ohhhh, man.....

(And now would come the argument from those who had no problem giving all their info to Clear, if many watched this board.)

(On the other hand, I guess, after years of leaving my passport with the front desk people at European hotels, they could have done anything with it. Which doesn't thrill me, either.)

********************
Make that two: QI Port Angeles and QI Sequim.

Last edited by Firewind; Sep 29, 09 at 7:30 pm
Firewind is offline  
Old Oct 1, 09, 10:47 pm
  #5  
 
Join Date: Sep 2006
Location: SJC
Programs: AA EXP; WN CP; Hilton Diamond; Hertz PC; Marriott Plat; PC Plat
Posts: 127
My solution would be to advise the clerk that I do not have a drivers liscense and they are welcome to scan my business card.
tulsan is offline  

Thread Tools
Search this Thread