Even after going through one of the biggest Cyber security compromises in history, Marriott seems to not have taken the time to train their staff. One of their locations in Canada needed to refund some deposit money (I stayed on points and put a deposit down for tertiary costs) and they asked me to email my credit card info to them in order to provide a refund. I obviously said I would not send my credit card detail through email as that is the absolute worst methods to be potentially compromised and they still insisted. I asked their manager to call me and she further insisted. I am just blown away that Marriott, especially with its history, have not have figured this out....end rant...ugggh!

What about emailing it to them via a password protected PDF?

How did you pay your deposit?

good question and see where you are going on this. I paid using my personal card at the desk when checking in (i have a corp card on my profile) and they apparently had systems issues. Anywho, I have resolved the issue and they issued the credit...but I am just surprised that considering they have had serious data breaches that have made the mainstream press, that they would not be more educated at the staff (hotel manger even). Anywho, nothing is 100% but one should never send their cc via email (a password protected pdf is a good idea btw for the person that recommended that), but phone (when you initiate the call is the way to go imho.

There is a bit of a difference between a massive data breach and receiving a single credit card number via email. As a US resident I hand my card to a server all the time, and they then disappear somewhere in the back to swipe it (or copy it, for all I know). While not ideal, if they’d let me choose a credit card for the refund, I’d be okay with giving them one of my sock drawer cards for the credit. Of course, if they charged a card, they *should* have the ability to refund without needing to enter the card again.

The other thing… you have an issue with particular property, not with Marriott corporate.

Yes, I had an issue with this property - overall it was a decent stay BUT, I was surprised with the lack of training on the cyber side - please recall that Marriott has been fined over $20 M USD for their data breaches so one would think this would be a serious topic and their TOMS would be buttoned down. Sending an individual CC via email, exposes me and their history and precedence of being continuously hacked (personal info such as name, credit cards, passport info) is unnerving. They need to get their staff trained accordingly. That's all.

You're still missing the point. The property wasn't fined anything. The property is not Marriott. The data breach didn't happen there. They are (most likely) not Marriott employees. They work for a management company. Marriott does not write their paychecks.

I'm not disagreeing with the validity of your concern. I'm just pointing out you're misdirecting your criticism.

I don't think you understand proper TOMS. it is a Marriott and it is their BRAND. They need to train their (O) organisation whether it is a third party or their own FTE's...a person answering the phone representing Marriott asking for a cc over email is ridiculous in today's day and age. period.
But not all companies, or individuals get it. uggh...

Undoubtedly Marriott requires their franchisees to comply with minimum IT security requirements, as many companies do of vendors� but to think that any substantive training filters down from the management companies to everyday front desk associates is just wishful thinking

yeah, you're right...my expectations prob way off here. i digress...

Two Facts:

1. Basic front desk 101 training with Marriott, Hilton, etc. is that you do not take credit card information over the phone at the property level for anything. You either need the card to be present via insertion or tap or you need some type authorization/usage form filled out by the card holder.

Sure, some properties and/or agents will shortcut this but they are very much not suppose to per the parent company and primarily Visa, Mastercard and Amex who are the ones that basically write the rule book for merchants/transactions.

2. That form is only getting to/from the property two ways. Fax or email.

While this may seem ridiculous to you, this goes on at probably every chain hotel property on planet earth. Every hotel I have worked at with Marriott and Hilton for 20+ years collects hundreds if not thousands of emails/faxes a year with these forms.

The property I work at now has a six inch binder in the back office of nothing but these forms that needs to get emptied into a larger storage box quarterly because after three months the binder is filled with them.

That rep. did exactly what the parent company teaches you to do and within that realm, they did nothing wrong.