h2d

Just wanted to get some collective insight into a recent problem I have had with HIX sharing my credit card details with Travelodge without my permission.

Bit of context: After a recent stay at HIX Dublin Airport I noticed a charge for Travelodge Dublin Airport for the same night. Looking back, when I checked in they told me that unless I was happy to stay in a twin (had booked a double) I would have to move to the Travelodge (despite the fact there is a Crown Plaza next door) as the heating in all the remaining double rooms was broken. I accepted the twin and the stay all went smoothly, however now it seems they charged me for a room at Travelodge as well (how they are able to do this I have no idea).

It seems that HIX/IHG have shared my full credit card information with another company without my permission - in my eyes a pretty serious breach of confidentially on their part. In addition this was not the card that I paid with at HIX but one on file with IHG.

Anyone experienced similar issues in the past or have any suggestions on how best to resolve. I have emailed IHG plat customer services and am waiting to hear back (Plat from the IHG Black credit card) but would be interested to hear any collective wisdom.

BrightlyBob

Hi, and welcome to FT!

I'd say this was an outrageous breach of confidentiality. Complain voiciferously to IHG, it has a rep here, IHGcare AND most importantly raise a dispute with your credit card provider. If IHG denies responsibility insist on an investigation with your credit card provider who will then approach the Travelodge for info on the source of the payment details which should flush IHG out. Also contact the franchisee insisting on BIG compensation. These hotels are owned by franchisees who are barely aware their investments even exist, and care little what they do as long as the money keeps on rolling in. Communicating with members of the public makes them shudder, as does the thought of credit card reprisals, but nothing hurts them more than attacking them in the wallet.

Good luck!

FlyingHigh20

Before you start making accusations of a breach of security here in terms of your credit card details, it's absolutely important that you do your own research first. why? because it's ENTIRELY possible the same company that owns/manages the HIX owns the travelodge, which is precisely why they pushed you to stay there versus a crowne plaza which maybe owned by another company. Most hotel owners operate hotels across several chains, and not just strictly ihg hotels or marriotts. It's for this reason that if the same company owns both hotels, then no real breach occurred. All that happened was that your credit card was run on machines in different physical locations but still owned by the same company that you gave permission to charge your card. their mistake at this point would simply being that they overcharged you for one stay (assuming they own both hotels). If not - then by all means, you have a very strong case of being able to go after them for blatantly abusing your credit card details.

MSPeconomist

I wouldn't see it this way. The two hotels are apparently separate entities for credit card transactions, which is what is relevant here. Also, as franchises of different brands/families of hotels, they are surely set up legally as separate businesses even though they may have the same owner(s) or be part of the same holding company.

If my doctor owns a bowling alley, he is not free to give my credit card details to his bowling alley and especially not to double bill me this way.

FlyingHigh20

While I understand your point, believe it or not, the credit card companies do not see it this way, nor are you protected legally from the scenario you stated. I only speak about this based on experience at a former job that had multiple locations/businesses. As long as the owner had a legal right to charge this customer, which terminal they use amongst any of their business units or subsidiaries to submit the charge is irrelevant (the only caveat being that they had to reside in the same country). Now obviously, they have to account for it properly (via intercompany transfers), but it's still a completely legitimate and legal practice.

Multiple hotels, owned by the same company, are usually not set up as separate legal entities either. They are simply considered one of multiple locations owned by the parent company (much like how wal-mart owns multiple locations, but are one legal entity).

So using your analogy, legally, your doctor can charge you for a doctors visit using his bowling alley's credit card terminal. He does not, however, have the right to double bill you, but that isn't the issue being highlighted here. The issue in question is sharing your credit card information, which again, is completely allowed so long as the businesses are owned by the same owner/parent company.

chrism20

HIX Dublin Airport is owned by the Tifco Hotel Group, They also own the Crowne Plaza.

From a quick look around the web it looks like the Travelodge is owned by Travelodge.

You may find it quicker contacting them http://www.tifcohotels.ie/ rather than the hotel directly.

Dave Noble

Whether they are owned by the same group seems to be irrelevent in that if the guest is moved to another hotel, is it not the case at IGH that the hotel relocating the guest is responsible for paying for the replacement hotel?

Travelodge may have charged correctly based on information given by the Holiday Inn Express hotel - eg the HIX never cancelled the Travelodge booking there but it is the HIX's details that should surely have been given for charging for the room

Given the category of hotel, rebooking at a Travelodge from a Holiday Inn express seens a reasonable replacement and wouldn't expect a Crowne Plaza as the replacement

Froggitt

From a PCI/DSS (google it) perspective, no human should be able to read your card details, and the only entity allowed to charge to the card should be the entity you registered the card with.

So it seems like a pretty blatant breach of the Payment Card Industry regulations. If IHG are not complying, their whole credit card processing capability could be shut down immediately.

Tifco don't own the Travelodge, nor do IHG.

Speak to your card company....ask for their card security/compliance team.

Dave Noble

PCI/DSS security standards relates to storage and electronic transmission of information to protect against access to card information; it does not (iirc) detail when card information can be provded deliberately to an entity

It seems that the most likely reason that the Travelodge received the card details is that it was given them by the HIX . Addressing why this happened seems to be something to take up with IHG. As far as the charge goes, getting the Travelodge to reverse the charge or disputing the charge should be straightforward

htb

But then there's still the question why the HIX transmitted the card data in the first place. If they have to walk the OP, they are responsible to pay for the first night anyway.

HTB.

NJUPINTHEAIR

Whole thread much ado about nothing.

Not IHG's fault if HIX FRANCHISEE gave credit card information to Travelodge, its the Hix management's fault -- but I am sure that IHG although not responsible, would nonetheless like to be made aware of the situation.

Actual damage to complainant -- nothing.

jabbered

For true PCI compliance, the HIX shouldn't have been able to read the full card information.

Dave Noble

I agree and I said that in the previous post that the HIX is supposed to be responsible for paying for the Travelodge for the night so room should have been being charged to HIX.

Comment was just that I do not see that PCI/DSS security standards have any relevence.

Froggitt

Exactly.

Froggitt

Its IHG's fault if franchisees are able to view and pass around card details stored on IHG's systems.