back to article Hotel guest goes broke after booking software gremlin makes her pay for strangers' rooms

An eBay staffer says her bank account was wiped out and her rent check bounced – after the New York hotel she stayed in started charging other guests' reservations to her card. Laura Jane Watkins tweeted about a strange conversation she had with 1 Hotel Brooklyn Bridge on Sunday night. "Hello Mrs Watkins," she recalled the …

  1. Anonymous Coward
    Anonymous Coward

    Perhaps?

    this and other sites should give the errant hotel some extra publicity if this is not resolved pronto.

    There are plenty of review sites that could be used to tell the world about their TITSUP/Cockup.

    That might concentrate the minds of the Hotel Management that they need to remember that

    'The Customer is always right'.

    Just use legitimate means to get the message home.

    1. 's water music

      Re: Perhaps?

      this and other sites should give the errant hotel some extra publicity if this is not resolved pronto.

      I'm certainly tempted to give them a try now if there is a chance someone else will pick up my tab. Might even crack open the mini-bar for some of them gold plated (judging by the price) peanuts

    2. Doctor Syntax Silver badge

      Re: Perhaps?

      'The Customer is always right'

      Modern management: did you type some words?

  2. ma1010
    WTF?

    "Sounds like a lawsuit"

    Oh, yes! They need to pay her all the money back PLUS all the bank fees she got charged, write letters to EVERY ONE of her creditors whose payment bounced explaining it wasn't her fault AND compensate her for her time and trouble. Or should sue them.

    Hard to imagine such stupidity. As was pointed out, the CC# should never have been stored there in the first place, so how did it

    1) Get stored

    2) Get used for all bookings?

    What kind of mind could conceive of doing that? Still, whoever it was should send out their resume. Probably be hired as a consultant (see obligatory Dilbert) for the next big government IT project.

    1. Voland's right hand Silver badge

      Re: "Sounds like a lawsuit"

      If she used a credit card, she should not need to sue. She could have and should have taken the issue with Visa, Amex or MasterCard directly and explain that the refund is NOT YET in her account.

      After a stunt like that on a credit card:

      1. Everything will be refunded. That is part of your credit card agreement. I do not know what the credit card company takes from the retailer after that, but I would expect that that to be a couple of firstborn extra on top of the bill.

      2. The hotel's chain right to process credit card transactions is revoked. This will hurt them much more than any lawsuit. By far.

      Now, with debit cards things get complicated. However, I suspect that some of the same rules apply (at least for a debit Visa). In any case - classic case when saving a couple of dollars worth of processing fee for paying by credit card bites you really bad. You do not use a debit card to pay unless it is a place you really trust. Otherwise, you can (as in this case) end up with a rather empty bank account.

      1. foxyshadis

        Re: "Sounds like a lawsuit"

        "After a stunt like that on a credit card:"

        Despite being a debit card, it's still processed on the hotel's side as if it was a credit card. Their payment gateway is going to have some words for them, if they aren't dropped entirely, and Visa is probably going to have some very serious words with both the processor and the bank for allowing so many obviously anomalous transactions to go through.

      2. baspax

        Re: "Sounds like a lawsuit"

        They obviously stored and then accessed her debit card payment information in violation of PCI. They are subject to hefty fines as every single transaction counts as a separate violation.

        The faulted party is also eligible for damages. She should get a lawyer as soon as possible.

      3. Antron Argaiv Silver badge
        Thumb Up

        Re: "Sounds like a lawsuit"

        You do not use a debit card to pay unless it is a place you really trust.

        Words to live by.

        And most certainly not at a hotel, where the staff know you're only there for a short time, and the odds of at least one of them being paid to swipe credit card details is fairly high. As are the odds of their payment system being compromised by a card number grabbing trojan, if recent news reports are correct.

        I see the interest on a credit card as payment for insulating me from this sort of thing.

        1. Sherrie Ludwig

          Re: "Sounds like a lawsuit"

          "You do not use a debit card to pay unless it is a place you really trust.

          Words to live by.

          And most certainly not at a hotel, where the staff know you're only there for a short time, and the odds of at least one of them being paid to swipe credit card details is fairly high. As are the odds of their payment system being compromised by a card number grabbing trojan, if recent news reports are correct.

          I see the interest on a credit card as payment for insulating me from this sort of thing."

          Well, there is an American financial advice guru named Dave Ramsey whose advice includes NEVER getting a credit card, and cancelling all the ones you might have. Many people who have gotten into financial trouble use his Financial Peace system to great advantage, and become debt free. For some otherwise reasonable people, having a credit card is like having a bottle of booze for an alcoholic. Not a great idea.

          And, if you do have a credit card and pay interest instead of paying it off every month, well, that is just foolish. Ditto being charged an annual fee for having a credit card.

          BTW, our family followed his advice. We are entirely free and clear, no mortgage, nothing. We went from "were did it go?" to "we have more than we ever believed". And, our bank has been very good at informing us when some hinky debit card payments tried to go through, reissuing us cards after the Target Store debacle.

      4. Ian Michael Gumby
        Boffin

        @Voland ...Re: "Sounds like a lawsuit"

        The Debit cards have the same rules, however it will take time before the money is back in her bank account. Whereas Credit Cards can't get to the money until its withdrawn.

        Not to mention there are rules about disputed charges and what the parties have to do...

        Never use a Debit card unless you're doing an ATM transaction at your bank. Only at the banks.

      5. Alan Brown Silver badge

        Re: "Sounds like a lawsuit"

        "After a stunt like that on a credit card:

        1. Everything will be refunded. That is part of your credit card agreement."

        It was on her debit card

        - There's a (voluntary) scheme here in the UK which gives similar rights to credit cards (but it's voluntary and banks have been known to not honour it)

        - There's no such scheme in in the USA - if a scammer dings your debit card you're on the hook no matter what. (Yes, even if it's visa debit and suchlike)

        So yes, lawsuits aplenty, and I'd imagine a PCI compliance audit for the hotel for a fundamental breach of the rules about handling card details.

        It would have been easier if it was charged to her credit card as Visa would have shut down the hotel gateways quickly (being on the hook for card-not-present fraud). With debit cards requiring the issuing bank to OK the transaction there are no pending transactions to raise alarms.

        1. Ian Michael Gumby

          @Alan Brown Re: "Sounds like a lawsuit"

          In the US I believe you're on the hook for the first $50.00

          This was done to create some sort of parity not to mention that the CC companies where charging the same per swipe as a CC where there is no risk because the funds were immediately used.

    2. Dazed and Confused

      Re: "Sounds like a lawsuit"

      This sounds like a prime candidate for multiplying by 3 the amount that should be repaid to her.

    3. Evil Auditor Silver badge

      Re: "Sounds like a lawsuit"

      It really depends how the hotel handles such a fuckup. If they are only half-way decent there's no need or desire for a lawsuit. If.

      1. Doctor Syntax Silver badge

        Re: "Sounds like a lawsuit"

        "It really depends how the hotel handles such a fuckup."

        As she's now not talking to the media it sounds as if an offer has been made conditional on her shutting up. However I'm sure they're discovering it's much too late. What was the hotel again - oh yes, "1 Hotel Brooklyn Bridge".

      2. a_yank_lurker Silver badge

        Re: "Sounds like a lawsuit"

        @Evil Auditor - I would seriously consider both criminal and civil actions (with the help of a shyster). Also, given the hotel violated a host contracts have credit card companies revoke privileges toot suit.

        1. Stoneshop Silver badge
          Headmaster

          revoke privileges toot suit.

          A jacket with a horn in the pocket?

    4. Doctor Syntax Silver badge

      Re: "Sounds like a lawsuit"

      "2) Get used for all bookings?"

      And

      3) Not be shout down immediately they realised the problem?

      It sounds as if they just let it run.

      1. Trigonoceps occipitalis Silver badge

        Re: "Sounds like a lawsuit"

        I'm not on the hotel's side but just shutting down their system would, in all likelihood, stop new bookings by card. No matter how apologetic and determined to compensate the victim, you can't do that if the business is bust.

        I think it was a rock and a hard place situation and the PHB agonised for seconds before deciding to let it run for his benefit.

    5. Anonymous Coward
      Anonymous Coward

      Re: "Sounds like a lawsuit"

      What makes you think the CC# should never have been stored? PCI-DSS (the industry self-regulatory standard) explicitly permits storage of this data, as long as it's done in a secure manner (encrypted, typically).

      Section 3.2.1:

      "Note: In the normal course of business, the following data elements from the magnetic stripe may need to be retained:

       The cardholder’s name

       Primary account number (PAN)

       Expiration date

       Service code

      To minimize risk, store only these data elements as needed for business. "

      (PAN is the CC#).

      Section 3.4:

      "Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches:

       One-way hashes based on strong cryptography, (hash must be of the entire PAN)

       Truncation (hashing cannot be used to replace the truncated segment of PAN)

       Index tokens and pads (pads must be securely stored)

       Strong cryptography with associated key-management processes and procedures."

      It's _normal_ for businesses to store CC# numbers where later charges may be applied or repeat orders happen.

    6. Ian Michael Gumby

      ma1010 Re: "Sounds like a lawsuit"

      No,

      No lawsuit as long as they make restitution. In addition, she should have contacted her bank.

      As you said the hotel is on the hook for refunding her money, plus and bank charges (over drafts) she incurred.

      If she had to get a lawyer, they would be best to also pay her legal fees. (This would be in a settlement.)

      The hotel did have the right to store her credit card information, however the first question would be if their system was PCI compliant.

      The larger issue... why would someone in IT use a Debit Card for a transaction. The only time I use mine is at the Bank's branded ATMs at their branches. Other stuff on Credit Cards. (Amex for one)

      And people wonder why I stay at the larger branded hotels when I travel for work...

      And you're right... their IT staff should be terminated. Not just one but several people.

      1. baspax

        Re: ma1010 "Sounds like a lawsuit"

        In response to Mr Gumbly.

        No definitely not off the hook. PCI is specifically set up to avoid an internal employee accessing customer credit card data. All they are allowed to see are key data such as last four digits, etc.

        That an unauthorized developer simply linked to a cc entry in their payment database and thus used a customer payment information, is grossly negligent and subject to damages.

        1. Mark 65

          Re: ma1010 "Sounds like a lawsuit"

          Good to see her bank had systems in place to detect fraudulent transactions like most banks have had for the last decade or so. This would have stood out a mile.

        2. Kristian Walsh

          thoughts... Re: ma1010 "Sounds like a lawsuit"

          My guess is that they never accessed her card details at all, but instead repeatedly charged against a card-on-file token that they'd legitimately kept for her card. How they got to doing that could be one of those few differences between debit cards and credit cards, and how their booking system didn't properly deal with them. (I'd be surprised if the hotel's booking system itself ever handled the card details - that's normally handed off to a third-party service due to the high PCI-DSS compliance cost of doing it yourself).

          What they're most likely doing is asking for the customer's details to be retained on file with their card acceptor service, for later use. The result of that operation is a random-ish payment token that can be given back to the acquirer to make charges against that card in future.

          My guess is that she was, unfortunately, the first customer to present a debit (not credit) card to the hotel. Debit cards have a subset of the functions of a credit card, so the returned information from a card acceptor will be smaller set of fields than for a debit card, with some values set to NULL (or missing, which can be the same thing depending on how you process the response). And that's where I think the fun would have begun...

          If I wanted to make this happen, here's how I'd do it:

          1. The response from card acquirer has NULL for a field that "always" has a value when used with a credit card, but despite that, still contains a usable "charging" token that can be used to raise charges against the card.

          2. The unexpectedly-NULL field is used as the first term in a concatenation operation to generate a key to identify that card, but because of concatenation-to-NULL, the whole result ends up as NULL.

          3. As there's not a card on file already there with NULL as its local "unique" id, the victim's card token gets stored into the "cards on file" table with the "unique ID" of NULL, but the correct token.

          4. That card-on-file ID (NULL) gets stored against the first customer's booking record.

          5. (later) The hotel booking system looks up the token for the first customer and charges the customer.

          But...

          Another customer with a debit card arrives, and steps 1..3 repeat as before, but this time, because there's already a card on file with the "unique" ID of NULL, the first customer's charging token gets associated with the new customer's booking.

          ...Repeat until the first customer gets very,very mad..

          Incidentally, PCI-DSS doesn't cover the handling of stored tokens such as this, as they cannot be used to reconstitute a customer credit card account, and they bind exactly one merchant to the card (you can give someone else the token you acquired, but if they use it, the money still goes into your merhcant account, not theirs).

          1. Ian Michael Gumby

            @Kirstan Re: thoughts... ma1010 "Sounds like a lawsuit"

            Not everyone is using the tokenized system. Especially since the card wasn't swiped but done online.

            My guess is that since the offending charges were all from prepaid online bookings, that she did that herself.

            But yeah... you get it.

        3. Ian Michael Gumby
          Boffin

          @baspax Re: ma1010 "Sounds like a lawsuit"

          Mate, you really need to learn a bit more about what happens on the back end and PCI compliance.

          The retailer stores the CC information. They have to in order to charge the customer. So they have the full credit card number. The web site, and users do not have access to the whole card, only the last 4 digits because that's all they need to confirm the identity of the person based on those numbers. Now they are asking for more information as a way to verify the person. (Home address, email, phone #, etc...)

          The last 4 digits is used to identify the account information. That doesn't mean only the last four digits are stored. The whole account info is stored. That data has to stored in an encrypted format while at rest.

          And they have to show that only authorized people have access to the information. There's more... maybe you should learn it.

          With respect to the lawsuit... if the hotel doesn't make restitution, there could be a lawsuit, however... the hotel will make restitution. Why the woman didn't contact her bank, even w a debit card, there are laws that they have to follow.

          With respect to the hotel... yeah, they are going to have a major problem with their card processing company. It theoretically could bankrupt them.

          1. Kristian Walsh

            Re: @baspax ma1010 "Sounds like a lawsuit"

            The retailer stores the CC information. They have to in order to charge the customer. So they have the full credit card number.

            The retailer doesn't store this information.

            That's done on behalf of the retailer by a card acquirer (the company who "does your credit card payments"). If the retailer wants to do additional charges against the same card later, they can ask the acquirer to return a reference (not calculated from the card details) to the customer's card. To make a charge, the retailer sends that reference, plus the desired amount, back to the acquirer. They can repeat this as often as they want. As the reference is just a random number, and can only be used to make purchases that benefit the one merchant, it doesn't fall under PCI-DSS rules.

            No retailer would want to store card info in their computer system. Doing that opens them up to a £15k a year PCI-DSS compliance audit. By offloading the storage to a card acquirer, the merchant/retailer only has to fill out a fairly simple Self-assessment questionnaire to verify that they're following "good practice" (i.e., not scribbling down card numbers, dates and CVVs on post-it notes)

            1. Ian Michael Gumby
              Boffin

              @Kristian Walsh ... Re: @baspax ma1010 "Sounds like a lawsuit"

              It depends.

              On small retailers, their website provider would capture the details and handle the online billing.

              With larger chains... no they handle all of the information.

              There is tokenization but that happens by a third party at the time of authorization. Its relatively new and it allows the hotel chain not to capture or store the CC info, but the token which is unique to the chain. The actual cc info is stored by the 3rd party. This causes a bit of a headache with the CC providers for a couple of things... (I could say more, but then I'd get in to trouble.., which is why I avoided the tokenization issue. Note: Not everyone is there...)

              Things are moving towards the tokenization, however... your CC info is stored by the provider and if they ever get cracked... whoa mamma.

      2. William 3 Bronze badge

        Re: ma1010 "Sounds like a lawsuit"

        It's her fault for using a debit card is it?

        I bet she had a short skirt on as well.

        1. Ian Michael Gumby
          Mushroom

          @William 3 Re: ma1010 "Sounds like a lawsuit"

          Yes, she was foolish in her use of the Debit card.

          Were she a he, I'd say the same thing.

          Its not a sexist thing either.

          But its funny that you went there.

          BTW, I've talked to all of my relatives and my wife about not using the debit card for anything but use at an ATM within a bank and not out in the open. Have you done the same?

      3. Adam 1

        Re: ma1010 "Sounds like a lawsuit"

        Geez a bunch of victim blaming going on here. Maybe their credit rating wasn't sufficient for a credit card. Maybe they don't want to pay fees. Who cares. They were still wronged and deserve reasonable compensation.

        I had my visa debit card fraudulently used probably a decade ago. I was on a different continent and hemisphere to the shop claiming my purchase which made protesting the transaction much simpler, but I was still down a few hundred bucks for a week or so before the refund came through. The process is the same whether it's debit or credit. The difference with debit is that you are literally out of pocket until they sort it out. It is definitely a gotcha of debit cards.

        1. Ian Michael Gumby
          Mushroom

          @Adam 1 Re: ma1010 "Sounds like a lawsuit"

          Its not a question of victim blaming.

          Is it not completely obvious that the hotel screwed up bad? Really bad?

          The question... is there a potential lawsuit? Maybe, however it can be avoided if the hotel makes restitution to the woman. Which any good lawyer would tell them to settle ASAP.

          As to the use of your debit card. Yes, that's the thing. You will get your money back eventually. What wasn't said in the article was if or when the woman contacted the bank. She would have eventually gotten her money back so she's protected, however its the temporary loss that can be problematic.

          Calling the woman dumb because she made the mistake of using her debit card isn't blaming the victim unless of course you believe that trying to avoid being the victim isn't a smarter course of action.

      4. Anonymous Coward
        Mushroom

        Re: ma1010 "Sounds like a lawsuit"

        Ohh such a smug git aren't we...

        "....Other stuff on Credit Cards. (Amex for one)..And people wonder why I stay at the larger branded hotels when I travel for work...."

        https://krebsonsecurity.com/2017/02/intercontinental-confirms-breach-at-12-hotels/

        http://www.bbc.co.uk/news/technology-31753935

        https://www.cnet.com/news/customers-at-sheraton-westin-other-hotels-hit-by-data-stealing-hack-attack/

        PS, debit cards mischarged? Phone up, say unauthorised, charge back. Boom. Done.

        1. Ian Michael Gumby
          Boffin

          @Lost all faith ... Re: ma1010 "Sounds like a lawsuit"

          Smug?

          Hardly.

          In the past 27 years, I've had fraud on my Amex card 3 times.

          Each time, I cancelled my card, got a new one and the charges were dropped.

          No harm, no foul.

          So I am protected from stupidity.

          There's more to it, like a bad experience at a boutique hotel I was forced to stay at once that was a dive and of course the company made me prepay the room.

          Fraud will hit, however using my Amex makes my life easier, not to mention I was in the middle of BFE and they delivered a card to me within 48 hours after they contacted me about the fraud.

          And yeah Debit card mischarged? Phone up, report fraud... wait until the money is back in to your account.

          Why the girl didn't do that immediately... is something not found in the article.

    7. FuzzyWuzzys

      Re: "Sounds like a lawsuit"

      That's what your monthly fees on your CC cover, insurance and legal costs should something go wrong that's not your fault. If she wishes to sue the hotel chain, she's welcome but I can imagine she'll be on her own on that one and they will have some T&Cs that will mitigate having their business "shaken down" if the issue has already been dealt with by the credit card company.

      A credit card is a temporary loan, they don't ask for the money until later on, so why was she out of pocket for her bills if all this trouble was via the credit card? Her regular paycheck should have covered basic living expenses, I can't see someone in that position in a reasonably well paid job that allows her to stay in hotels, living off a credit card month to month.

      1. Ochib

        Re: "Sounds like a lawsuit"

        It wasn't a credit card, it was a debt card. Debt cards will take the money straight out of your current account

      2. William 3 Bronze badge

        Re: "Sounds like a lawsuit"

        No amount of T&C's can justify a business charging your account for services you never received.

    8. OffBeatMammal

      Re: "Sounds like a lawsuit"

      also, will this leave a note on her credit history that needs to be explained away...

  3. Inventor of the Marmite Laser Silver badge

    "when we reached out to her"

    Have you started employing out of work HR consultancy rejects? Whats wrong with "when we asked her"?

    1. AlanBBoyd

      Re: "when we reached out to her"

      This should cover it...

      http://www.thepoke.co.uk/2015/07/24/acceptable-say-reach-work/

    2. Anonymous Coward
      Anonymous Coward

      Re: "when we reached out to her"

      You should socialise that idea going forward.

  4. BongoJoe

    One of my pet peeves

    is that when a company messes up and offers a refund it always seems to take longer coming back into the account then it does leaving.

    There is no reason why the hotel couldn't get someone around to the bank pretty bloody sharpish and deposit a load of notes into her account to pay her back right away.

    It's worse, and quite unforgivable, when a company (and I am looking at you here, Eclipse Internet) delays any refunds by sending out a cheque - by second class post.

    I hope that the lady in question hauls them over the coals if they don't offer proper compensation and letters of apology for what is effectively fraudulent behaviour.

    1. Terry 6 Silver badge

      Re: One of my pet peeves

      Almost worse than that there is the deliberate delay in accepting responsibility when something goes wrong. All sorts of delays come into place before the thing can be resolved. You can't find who to call, you get put through to a script reader who takes you through all sorts of obvious irrelevances, then they try to blame you, next tehy pass you to a department who make you explain it all again. Then they ask for proof of things they already have on record ( that you might not). Then they say they'll call you back, but don't. And so on.

      1. Doctor Syntax Silver badge

        Re: One of my pet peeves

        "Almost worse than that there is the deliberate delay in accepting responsibility when something goes wrong."

        In this case it's even worse. According to TFA in the first place they called her and even then she had problems getting back to them. And knowing something was wrong they still kept debiting her card. OK, if they stopped taking bookings it would have cost them some business but keeping doing this knowing they were debiting the wrong account they must surely have been committing fraud. At the very least they could have started issuing credits to her account to counter each debit their system made. In fact it's difficult to find anything in this account that they did right.

        It sounds as if there was nobody on watch empowered to make decisions nor any means of quickly reaching anyone who could.

        1. frank ly

          Re: One of my pet peeves

          "It sounds as if there was nobody on watch empowered to make decisions nor any means of quickly reaching anyone who could."

          This!

          Companies are very good at taking money from people because that's what they want to do, so they have systems and procedures in place to enable that. When it comes to returning money, they are useless at it because they never put any effort into developing systems and procedures for it, and they don't want to.

      2. Alan Brown Silver badge

        Re: One of my pet peeves

        "You can't find who to call, you get put through to a script reader who takes you through all sorts of obvious irrelevances, then they try to blame you, next tehy pass you to a department who make you explain it all again."

        In the case of an egrarious breach - but of relatively small monetary value - then a small claims filing has a tendency to slice through such obstacles like a white hot knife through butter.

    2. Anonymous Coward
      Anonymous Coward

      Re: One of my pet peeves

      @BongoJoe

      > is that when a company messes up and offers a refund it always seems to take longer coming back into the account then it does leaving.

      Indeed.

      My wife and I had our flight to Munich cancelled by LUFTHANSA whilst we were waiting to board, having spent two hours getting through check in and security...

      It took three months and multiple 'phone calls to get them to refund us.

    3. Missing Semicolon
      FAIL

      Re: One of my pet peeves

      A fairly massive customer service and damage limitation fail is the "uh, system gone wrong, gonna take a few days to get the refunds out" attitude. If they had actually thought about it, they should have just wired a bunch of money to her account on the spot, then sorted the details out later.

    4. Ian Michael Gumby

      @Bongo Joe ... Re: One of my pet peeves

      Don't be too peeved.

      The issue is that the system is designed to make it easy for the transaction to flow in one direction.

      Merchant credits... aren't the norm.

  5. Nate Amsden

    never use a debit card for credit ?

    Seems like a logical thing to do, maybe this customer didn't qualify to get a credit card or something, but can't really imagine why anyone would use a debit card to charge anything except as a last resort (I recall doing it once last year, first time in probably 15 years).

    I'm sure there are some banks that will protect your account similar to credit cards but I think most do not.

    1. Martin Summers Silver badge

      Re: never use a debit card for credit ?

      Some people don't want to inadvertently get into debt...

      1. Version 1.0 Silver badge

        Re: never use a debit card for credit ?

        Some people don't want to inadvertently get into debt... but that worked so well in this example didn't it?

        1. Anonymous Coward
          Anonymous Coward

          Re: never use a debit card for credit ?

          @Version 1.0

          > Some people don't want to inadvertently get into debt... but that worked so well in this example didn't it?

          So you're blaming the victim now.

          Nice.

      2. Eddy Ito

        Re: never use a debit card for credit ?

        I get the problem of not wanting to wind up in debt but typically one can set up the account so it automatically pays off the monthly balance in full and thus acts more like a debit card. Ideally it would be more frequent so you could check the running balance but we're not quite there yet. It also has the advantage of much faster returns of the money if fraud is detected as you only have to deal with the issuing bank rather than perhaps a dozen different retailers or in this case an incompetent hotel.

        I pretty much gave up debit cards when a coworker just out of college had set up his student loans to autopay by his debit card. They kept pulling the money for nine months after the loan was paid off even though he had informed them after the fact on the second extra month. He thought he had miscounted the first extra month, he hadn't.

        1. Anonymous Coward
          Anonymous Coward

          Re: never use a debit card for credit ?

          I agree completely. I NEVER use my debit card to pay for anything - credit only. The fraud protections are better on credit cards, and you don't have to wait for money to be put back into your account if criminals get the number or some hotel decides you're "buying a round for the house" this month.

          I can't understand why anyone who has a credit card would choose to use a debit card. In what way is using a debit card ever better?

          1. Sime

            Re: never use a debit card for credit ?

            "I can't understand why anyone who has a credit card would choose to use a debit card. In what way is using a debit card ever better?"

            When there's a fee for using a credit card.

            1. Anonymous Coward
              Anonymous Coward

              Re: never use a debit card for credit ?

              I guess the 'fee for using a credit card' thing must be outside the US. I've never seen anywhere in the US where it costs any more to use a credit card than a debit card. Unless that sort of thing is universal in some countries I'd simply choose somewhere else to spend my money...

              If they are doing it I guess I didn't see the signs, I use my credit card all over the UK, Ireland etc. and wasn't aware of any difference. But as I'm dealing with exchange rates, that savings could be wiped out if my bank gave a less favorable exchange rate. That's the main reason I use a credit card even for small transactions when traveling internationally - the exchange rate for withdrawing cash from an ATM sucks!

          2. Anonymous Coward
            Anonymous Coward

            Re: never use a debit card for credit ?

            @DougS

            > I can't understand why anyone who has a credit card would choose to use a debit card. In what way is using a debit card ever better?

            In the UK at least, there is often a % or fixed charge to use a credit card, but no charge for using a debit card.

            1. Anonymous Coward
              Anonymous Coward

              Re: never use a debit card for credit ?

              "In the UK at least, there is often a % or fixed charge to use a credit card, but no charge for using a debit card."

              Not for long - 2018 it will be outlawed for Visa and Mastercard (not Amex but few people use that anyway) in the EU*.

              * insert your extremely humorous Brexit snipe. It'll still happen in the UK.

              1. Alan Brown Silver badge

                Re: never use a debit card for credit ?

                "Not for long - 2018 it will be outlawed for Visa and Mastercard (not Amex but few people use that anyway) in the EU*."

                It's prohibited in most countries under the terms of the merchant agreement. The standard way around that is to offer discounts for cash.

                On the other hand, Australasian banks charged so much for small transactions in the 1990s that allowing customers to use debit cards could effectively result in them taking 35% of the payment in fees (access/rental charges plus per transaction fees and a calculated monthly fee based on transaction volume and average size) - making it cheaper to take credit cards.

          3. Anonymous Coward
            Anonymous Coward

            Re: never use a debit card for credit ?

            I prefer to have my balance in one place, so I only need to log into a single system and perform no maths in order to have a heart attack.

            I'll only use a credit card when I'm dealing with something I'm not sure of ( such as a non-paypal online payment to a firm that isn't a large chain - eg: a breakers yard on the other end of the country ).

    2. Bruce Ordway

      Re: never use a debit card for credit ?

      I actually prefer my debit card over my credit card.

      The only issue is my debit has a daily cap, so occasionally I have to use my credit card as a backup.

      >>customer didn't qualify to get a credit card

      I thought that is impossible in the U.S.?

    3. LDS Silver badge

      Re: never use a debit card for credit ?

      Depends on how the debit card works. Here in Italy PagoBancomat (introduced in 1986) is quite popular and widely accepted - but it's a chip & pin card - only small transactions (i.e. highways tolls) can be paid without entering the PIN. For this reason they may be safer than using a charge/credit card (they have a chip too, but many POS will just require a signature, not the PIN)

      They are a valid alternative to cash (PagoBancomat cards can be used for ATM cash withdrawals also). They also work on the Maestro circuit.

      Usually daily and monthly limits are set, and many banks offer an SMS alert system which is useful to catch unauthorized payments and block the card quickly if needed.

      Some people may prefer them (including prepaid ones) to credit cards because they find easier to control how much they spend, and the account balance (it can be easily checked at ATMs, even before internet and mobile apps allowed that).

      Fees and interests for overdraw can be quite high here, and most people want to avoid that. For the same reason here charge cards are common, but true credit cards are rare. That's one of the reasons Italian families are among the least-indebted in Europe.

      Despite the Silicon Valley, US often looks a retarded country, when it comes to payment technology.

      1. Stephen W Harris

        Re: never use a debit card for credit ?

        "many banks offer an SMS alert system which is useful to catch unauthorized payments and block the card quickly if needed."

        My credit card number somehow got stolen and was used at a Domino's in Flushing (Queens) last week. I've never even been to Flushing. Because I have an app on my phone I got alerted within seconds and called the bank and got the card cancelled . I'm guessing a $19 pizza purchase was a trial purchase, so this probably prevented larger abuse.

    4. Haku

      Re: never use a debit card for credit ?

      I once had a Barclaycard, then fraudulent charges started appearing on it, so I called the bank and said I want the card cancelled & a new one sent, they said they couldn't do that because people would buy stuff then get the card cancelled so they wouldn't have to pay for it (surely they had provisions against that?). So then I told them I wanted the card canclled outright and the account closed.

      It took five fucking months of regularly ringing up to cancel the card to actually get it cancelled and the fraudulent debts cleared. They were using me as a honeypot and constantly told me just to notify them when fraudulent charges appeared. I absolutely hated being put in that situation and just wanted out.

      This happened in the same year Stephen Fry was their tv advert shill telling everyone Barclaycard was safe to use online... and the exact same week I got the card cancelled the other two members of the house received invitations (with a free pen) to sign up to Barclarcard...

      1. Cederic Silver badge

        ..get the card cancelled..

        I had a US company set up a recurring charge on one of my credit cards, and I couldn't get them to stop when I cancelled that service.

        So I rang the card company. They told me that they can't refuse a recurring payment order. I just told them I was cancelling my account with them, and would no longer be paying for any charges they accept as it's no longer my card. Up to them whether to honour the recurring payments or not, but they're not doing it in my name.

        No idea how that panned out for them, and my current card provider has behaved (up to now).

    5. Brenda McViking

      Re: never use a debit card for credit ?

      For the UK at least, here is the breakdown of payments in 2016: Card association report (pdf)

      An average cardholder made 10 debit card transactions and 5 credit card transactions per month. Just 60% of the adult population in the UK had a credit card. Debit card spending was 486bn GBP, compared to Credit card spending of 174bn GBP.

      So all in all, it's less surprising that a debit card was used, as it remains by far the most popular card payment mechanism.

  6. arctic_haze

    She has to sue

    The hotel company showed so much bad will that the compensation needs to be much bigger than allowed by the suit imagination. Angry jury is what the corporations needs to face.

    1. Doctor Syntax Silver badge

      Re: She has to sue

      "The hotel company showed so much bad will that the compensation needs to be much bigger than allowed by the suit imagination."

      She'll undoubtedly get more as an out of court settlement plus NDA than in court. They can't afford to let it go to court. I'm sure that's all in place already which is why she's no longer answering reporters about it.

    2. Anonymous Coward
      Anonymous Coward

      Re: She has to sue

      I hate trivial lawsuits but this is not trivial. She should sue even if she doesn't want the money - she could always donate to a favorite charity, but it should cost the hotel money and hopefully some of the pain will be felt by the executives getting reduced bonuses because the lawsuit and bad publicity impacts the quarterly results!

      1. DropBear

        Re: She has to sue

        My bet is they'll offer a complimentary three-day stay at "economy class" in one of their venues. As if one would ever want to see them again after this...

  7. Sykowasp

    Abysmal showing from the hotel.

    At the very least, they need to repay her money, plus interest, as soon as possible.

    They also need to cover any incurred fees.

    They also need to restore her credit rating back if it has been affected by their actions.

    They need to contact the people she couldn't pay to explain that it was their fault.

    They need to provide a decent good will payment ($thousands, not $hundreds) in compensation.

    They need to explain to their merchant bank just what they are doing with credit card numbers for this to occur.

  8. Stevie Silver badge

    Bah!

    And THIS sort of shit is why you NEVER EVER EVER use a debit card when a credit card will do.

    That few days will sort itself out doublequick within a billing cycle and will be all the quicker resolved for it being the bank's money on the line.

    1. Stevie Silver badge

      Re: Bah!

      And amazingly, 40% of commentards think it's a better idea to have your own money on the line than the bank's.

      Not sure I'd want that sort of logic engine designing my backups, switch arrays, disaster mitigation measures or even brewing a pot of coffee.

      Or is it that UK credit card protection law is so unbelievably naff that having your current accout raped to bedrock is better in every way than invoking it?

      1. Solarflare

        Re: Bah!

        I'd suspect the general voting reaction to you is less based upon what you said, and more based upon the insufferably c*ntish way you went about saying it.

        1. Doctor Syntax Silver badge

          Re: Bah!

          "'d suspect the general voting reaction to you is less based upon what you said, and more based upon the insufferably c*ntish way you went about saying it."

          Or both. The likely outcome with a credit card would be penalties imposed for going over the limit and hours of phone calls over the next few weeks and months getting those and the damage to her credit rating rescinded.

          My experience of banks' handling of what should be routine settlement operations is such that I haven't used my current bank's card from within a few months of having it.

          1. Stevie Silver badge

            Re: Bah!

            @Dr Syntax: in every case in my own experience it has been one (1) call on a toll-free number and a painless process, followed by a confirmation a couple of months later in writing.

            It's almost like some of you are guessing how credit cards work based on some nebulous model arrived at by viewing twitter feeds.

            Or, like I said, the relevant UK law has become so naff in the time since Nat West asked me to call (toll-free, transatlantic) over a fraud THEY had detected taking place in America on my UK Access card that risking your own hard-earned cash is preferable than seeking to invoke it.

            I've had about a dozen instances of fraud on my cards over the years. No cost to me. No fees. No penalties. No late-payment fees. Nada.

            Which is why I can't for the life of me understand the desire to use debit over credit forming in an intelligent brain.

        2. Stevie Silver badge

          Re: Bah!

          @Solarflare: if so then my sentiments in the follow up are redoubled. Stay away from my computers you smug, illogical gits.

      2. William 3 Bronze badge

        Re: Bah!

        It's not the "banks money", it's money the bank is lending to you, with interest.

        Perpetuating the myth that a credit card is the "banks money" is the reason for the debt problem.

        It's still YOUR money

        1. DropBear

          Re: Bah!

          Exactly. And there might not be (much of) a surcharge for being indebted to the bank for a month or two, but the diligence required to make SURE you never stray into the "high fee" regime (you might not even be able to avoid it if it's something unexpected) just isn't worth the effort.

          At least when you're spending money you actually have, you only need to consider the standard fees - which are actually zero around here for purchases (right now my bank is even waiving all account maintenance fees as long as some money keeps entering and leaving the account regularly) and if anything happens, it comes out of my modest savings buffer instead of the bank's extortionate-rate "credit". Needless to say, that's exactly what banks are hoping to rope you into, endlessly advertising the advantages of being able to "afford" whatever you want, _today_...

          The latter is a detail of hard-to-overstate importance in a region like this where most people live "from hand to mouth" and can have great trouble getting out of debt once they get into it (to illustrate, the only banking service more popular than credits around here are... credit refinancing and consolidation).

          1. Stevie Silver badge

            Re: Bah!

            @Dropbear: "Fees"? Amounts in dispute are not assessed these "fees" you rant about.

            Do you actually have a credit card?

        2. Antron Argaiv Silver badge
          Thumb Up

          Re: Bah!

          Yes, but here's the difference between debit and credit cards:

          In the case of a f*ck up, you don't lose your money with a credit card.

          The vendor who initiated the charge is on the hook for fraudulent charges.

          The bank and the credit card company are required by law to resolve any claims you make of fraudulent charges.

          I've had that work for me several times, and all you need to do to make it work for you, is to follow the simple instructions on the back of your monthly statement.

          1. Stevie Silver badge
            Pint

            Re: Bah!

            Thank you Antron for pointing out what I thought was obvious to the Not-So Clever Young Things.

            Beer for you. Bought on credit, of course.

        3. Stevie Silver badge

          Re: Bah!

          @William 3: and yet with numerous frauds attempted against cards issued to me, starting in 1984 with a UK Access Card "taken" to Atlantic City through to the latest $1500 swindle attempted on my NY Visa Card, it has cost me personally exactly nothing.

          What, you thought I was just making it up, like those catastrophe stories people claim as true every Friday?

          Stay away from my server room.

      3. Alan Brown Silver badge

        Re: Bah!

        "Or is it that UK credit card protection law is so unbelievably naff that having your current accout raped to bedrock is better in every way than invoking it?"

        UK credit card protection law is pretty good - but just as important is that most banks offer (on paper) similar guarantees on debit card transactions AND protection against unauthorised direct debits.

        1. Stevie Silver badge

          Re: similar guarantees on debit card

          Apparently not: The poor woman's account was drained AND legit transactions bounced before she was alerted to the issue.

          But that's okay. Spend your own money if you want. It's a free world (until the fees kick in).

          This whole argument is bewildering to me.

  9. Fan of Mr. Obvious

    Marketing stunt of the year!

    Headline: Hotel giving away pre-paid rooms in Brooklyn N.Y. - Book now before this limited time extravaganza ends!

    They better get their ass handed to them or ^^^ this ^^^ will be too much for some marketing mouse to pass up. Lose her shit? I would have been lucky to avoid handcuffs and a mugshot to go with the story.

  10. Version 1.0 Silver badge

    That's why I use a credit card

    I used a credit card to pay a hotel bill in Australia some years ago, when I got back home we received a statement from Amex indicating that I had ordered $20k of commercial UPS's from the US, and paid airfreight charges to ship them to Singapore. I called Amex, had a 10 minute conversation with them and have never heard another thing about - the charge disappeared.

    1. Stevie Silver badge

      Re: That's why I use a credit card

      Nonono Version, you should have used your personal debit card and taken the hit.

      That many commentards couldn't be wrong.

      The umbrella protection afforded valued credit card users by the banks is only to be used by "c*ntish" morons like me.

  11. herman Silver badge

    Ayup, that is a known issue with debit cards - you have no protection at all. I use my debit card at my bank's ATMs to get cash and nowhere else. For other transactions I use a credit card. At a hotel, I am careful to mix IDs so that they do not have a useful identity forge kit - by using a foreign CC and local ID, or the other way around.

  12. foxyshadis

    Oh, he knew.

    "As for the hotel, its head of PR has chosen the wrong moment to take a day off. A harassed assistant promised to get back to us."

    I have a feeling the head of PR chose exactly the right day to take off, after getting wind of a problem of this size.

    1. Doctor Syntax Silver badge

      Re: Oh, he knew.

      "I have a feeling the head of PR chose exactly the right day to take off"

      And may have taken off permanently.

  13. Doctor Syntax Silver badge

    OK, let's look at the IT issues here:

    they had had some problems with their online reservation services and had "written a bypass" – a bypass that had, it turns out, "created some anomalies."

    1. They're storing card numbers which they simply shouldn't do.

    2. They had problems. Why? Presumably their service had been working OK before. Did they do something to cause the problems or was it their service provider?

    3. If it was their service provider why didn't they dump it on them telling them to fix it PDQ or stand for any lost business if they couldn't.

    4. If it was themselves why didn't they roll back to the previous state?

    5. Having written a bypass why did they release it without effective checks to make sure it worked properly and then watched over it when they rolled it out to make sure it was working properly?

    6. Why, having discovered there was a problem, did they not pull the plug on it immediately?

    1. Doctor Syntax Silver badge

      I think I've just realised the answer to some of my questions. DevOps.

    2. DropBear

      About 1. - most major sites I used offered to save my card for later purchases. I'm pretty sure it's standard practice on most "account" based purchases (as opposed to "no logins, just enter your details at checkout - yes, all of them, again...")

      1. Doctor Syntax Silver badge

        "most major sites I used offered to save my card for later purchases"

        That's an offer I always manage to resist.

      2. Anonymous Coward
        Anonymous Coward

        About 2. - Indian Coding.

  14. Anonymous Coward
    Anonymous Coward

    Hmm?

    Lawyers smell blood and are circling to get a piece of this action. What are the odds that an Indian Tech caused this? And before you claim "racism", you'd be shocked how many outsourced screw ups are getting hired to do jobs they don't have the skills for....

  15. noddybollock
    Joke

    What are these credit card things you speak off ??

    Us poor feckers only spend wot we got, an in cash

    (unless the boss has given us the company CC - then we don't give a feck)

  16. Phil Kingston

    "the refunds won't wend their way back through the system for several days"

    That's the bit that always galls me with mistakes like that - I'm firmly of the opinion that if money's instantly taken in error from my account, they can damn well put it back instantly. And don't get me started on those companies that think correcting their mistakes by sending a cheque is OK. In 2017.

  17. jonfr

    Banks are not to be trusted

    I've come to the conclusion that banks are not to be trusted. As for this case, holding up her money is nothing but a case of theft and should be treated as such. Regardless of payment type. As for this programming "error" I find it strange that this "anomaly" appeared in the system, it sounds odd that it would behave that way (I'm in no way expert on payment systems, I just find this odd to start with).

    1. Terry 6 Silver badge

      Re: Banks are not to be trusted

      I've come to the conclusion that banks are not to be trusted.

      Err, sorry? This came as a revelation? Do the words "sub-prime" and "mortgage crisis" mean nothing to you?

      1. Stevie Silver badge

        Re: Banks are not to be trusted

        Err, sorry? This came as a revelation? Do the words "sub-prime" and "mortgage crisis" mean nothing to you?

        You do know there's a difference between a high-street bank and an investment bank, right?

        1. Terry 6 Silver badge

          Re: Banks are not to be trusted

          Stevie, irrelevant.

          High street banks were involved in making sub prime loans and owning the credit card companies.

          (BARCLAY card)

          Come to that, the relationship between high st and commercial banks is, to say the least, tangled.

          But ultimately, they're banks.

        2. Anonymous Coward
          Anonymous Coward

          Re: Banks are not to be trusted

          You do know there's a difference between a high-street bank and an investment bank, right?

          Not in the USA there isn't.

  18. kain preacher

    I don't get why people think that you have no protection on debit cards in the US. You fill out a form and they will put the money back while they investigate.

  19. mathew42
    WTF?

    Why not apologise?

    What I don't understand is why the hotel didn't just profusely apologise, offer her a week or two of free accommodation and apologise.

    An airline cracked a hard case but fortunately nothing was damaged. The service staff apologised and said we could either have a voucher or a new suitcase. The offered suitcase was a samsonite hard case of a similar size. Within 10 minutes we were out of the airport with a new case. Biggest hassle was disposing of the old case.

    1. ADC

      Re: Why not apologise?

      > An airline cracked a hard case but fortunately nothing was damaged. The service staff apologised and said we could either have a voucher or a new suitcase. The offered suitcase was a samsonite hard case of a similar size. Within 10 minutes we were out of the airport with a new case. Biggest hassle was disposing of the old case.

      Sounds like you were very lucky with the airline service team. After one flight I collected a suitcase from the carousel and found two out of the four wheels ripped off. The staff at the airport were helpful with filling in the claim form, but the cost of the suitcase was only paid later after sending the airline photographs of the damaged case and a copy of the original sales invoice/receipt.

  20. Barry Rueger

    Twitter

    It's really rather disconcerting that the most effective way to get problems solved with corporations is Twitter.

    I never consider phoning and spending an hour on hold being told that my call is important to them, and on the rare occasions when a website includes an email address it generally takes days or weeks to get a response.

    So I start with a tweet, which amazingly tends to get a human response.

    Or maybe it's just the public embarrassment....

  21. Barry Rueger

    Name 'em and Shame 'em

    Actually, maybe a good start is to stop blaming problems on "a software bug" and start saying "a big fat error by a programmer at XYZ Corp" was responsible.

  22. JeffyPoooh
    Pint

    Call your bank first...

    They can institute a block on your account in less than one minute.

    "Press N to Report a Lost of Stolen Card"

    At least it'll make it stop, while things get sorted out.

  23. mrobaer

    I trust my bank

    Recently I received a letter in the mail alerting me that my debit card information was potentially compromised from a merchant who had their system itself compromised. As I would expect, they set a date that my card will be canceled and a new card should arrive before then. Also, they gave me the option of doing such a transaction at my earliest convenience.

    Our debit cards are of the Mastercard brand with Zero Liability protection and Mastercard ID Theft Protection™. Had anything unusual appear on my account I'm certain they would close the card, issue me a new one, and mail me an affidavit to go on their record that I swear those were not my charges.

    About 20 years ago when banks would mail you your new PIN number before mailing you the new debit card, I fell victim to fraud where my pin then card were stolen from my mail, while on a military installation no less. I had to go through similar steps then. It wasn't much of a hassle and I was reimbursed within 12 hours.

    1. mathew42
      Happy

      Re: I trust my bank

      The last two examples of fruad on my credit cards were detected by the bank and blocked. We received a polite phone call to verify the transaction and the option of cancelling the cards. New cards were dispatched promptly. The same bank has also proactively cancelled cards when we visited countries with a high incidence of fraud.

      THe biggest hassle is contacting all the companies that have automatic payments configured and updating the credit card details.

    2. Doctor Syntax Silver badge

      Re: I trust my bank

      My experience was somewhat different. I was staying in an hotel on one gig whilst I had a watching brief on another. The idea was I would dial in (this was a long time ago) and check the logs on a daily basis. Because I had no signal at the hotel to do this on the phone I plugged the laptop modem (yes, a long time ago) into the hotel room socket for which I had to enter a card number. Every few days my card was blocked as this was a favourite test for a stolen card. This continued for the duration despite frequent calls to unblock it it and explanations that this was going to keep happening -and from the same hotel. The fact that someone would actually use the legitimate facility to use a card to make calls seemed to be beyond them.

  24. Anonymous Coward
    Anonymous Coward

    Happened to me 30 odd years ago

    Paid for an International flight at a Travel Agents (remember them?).

    That night the Travel Agent managed to process ALL of that days business against my Credit Card!

    You get a free flight, and you get a free flight....

    Took days to sort out, and yes, it was a major Banks own Travel Subsidiary.

  25. Francis Boyle Silver badge

    "This has to be illegal? You can't just keep wrongfully charging people thousands of dollars and knowingly because you can't fix a software bug?" she tweet-raged at 1 Hotels.

    That's a rage tweet? This is not the internet that I know.

  26. Anonymous Coward
    Meh

    It's tricky...

    On the one hand, the Hotel group clearly f**ked up badly and their staff haven't handled it well. They need to put it right or lose the ability to take credit cards. Lucky it was a credit card - I've always found both Visa and Amex absolutely excellent at dealing wth the occasional mishap.

    On the other hand, she works for eBay, a company not always appreciated for its 'financial evenness' to its customers, so I find my level of sympathy for her strangely low. Plus she moaned on Twitter (or 'took to Twitter' as the Evening Standard and Daily Mail would say), so that makes her a bit of a whiny brat.

  27. Anonymous Coward
    Anonymous Coward

    Credit cards are not credit cards, they are DEBT cards

    People who have money and save that money to spend it immediately - i.e. using a debit card - should be the norm.

    Banks and their advertising have convinced the great unwashed they are 'cool' and 'flexible' and 'offer protection'.

    The same protection should be available to you when you use a banks debit card to spend YOUR money, not just when you are spending theirs.

    1. Korev Silver badge

      Re: Credit cards are not credit cards, they are DEBT cards

      When I lived with a girl we used to put all the household expenses and shopping on a credit card. At the end of the month I'd pay the bill off in full and she'd pay me half - it made the end of the month calculations very easy and we even got s/Airmiles/Avios/g out of it.

    2. Anonymous Coward
      Anonymous Coward

      Re: Credit cards are not credit cards, they are DEBT cards

      Why not extract interests from gullible people? As long as you just pay with your money the bank has to deliver the service, and earns little - it also have to keep your money ready available. Whenever it has you borrow money, it will earn interests. Banks love to extract more money from money easily.

      I borrow only when the outcome of it greatly repay any interest I'll pay (or it's an emergency, and I can't do otherwise). Paying interest to buy a big telly, for example, looks stupid to me - just save, and then buy (or, if you can't wait, find a zero interest offer, many sellers do it today to sell more) - or you just pay more for the same item.

      Anyway charge cards are fine - the bank lends you some money until the end of the month without interests and you get protection. You just need to be careful you have the amount to pay the card balance (and set a proper ceiling to avoid easy overspending).

  28. bexley

    This is why we should not use debit cards...

    ....linked to bank acounts. pre-paid debit cards are the way to do online payments if you cannot use iDEAL or paypal.

    Something similar happened to me once and I was stranded in another country with an empty bank account and no means to access it anyway as the card got cancelled.

    The bank would not send me a new card to anywhere but my home address. Not much help as I was on another continent.

    From them on I never used a debit card linked to my bank account in anything but an ATM.

  29. MrTivo

    Charge cards can be an issue

    I once had a company provided Amex charge card. Never had an issue with it, apart from finding places that took it, mainly in the UK. The company changed names, and all the cards were reissued, with new numbers and company name. Old cards were chopped up an binned.

    *18* months later, I had to go on a business trip, at very short notice, ie only enough time to go home to get my passport and go to the airport. All the hotel and flights were booked by the secretary, using their employee travel profile.

    The month rolls round and I receive my statement. Everything is in order, EXCEPT the charge card number was the old number. So my trip had been charged to a card that was supposedly cancelled, and was not in my possession.

    I then had a very long conversation with Amex regarding the payment. The terms my employer had on using the card meant that employees could be dismissed for non payment of outstanding balances. This was mainly to avoid people using it for personal use and running up large bills.

    I acknowledged that the debt needed to be paid, but I would only pay the balance if it were transferred the current charge card. They countered that the debt had to be paid on the old card account. Neither could they confirm that they would block the old card for from further transactions until another 6 months had elapsed.

    In short, I cleared the balance, chopped up the current card and EVERY SINGLE REPLACEMENT they sent thereafter, sending (most) of it back to them. Never used an Amex card ever again.

  30. Anonymous Coward
    Anonymous Coward

    See it so may times: A YES MAN Sales-rep behind an over worked App developer.

    How may times do I need to tell people....

    CHECK, CHECK AND CHECK AGAIN!!!!

  31. Anonymous Coward
    Anonymous Coward

    I wonder...

    If the credit card companies which put up dozens of rules what companies can and cannot do with credit card information are going to do about all this. Setting up rules is one thing, enforcing said rules is what really counts.

    Something tells me we'll never hear from this again though.

  32. Trollslayer Silver badge

    Compensate her generously

    Because you would pay a lot more to lawyers.

  33. DropBear
    Gimp

    "We are going to DM you more info"

    Hmmm, what could that be...? "Distress Messaging" maybe? It would certainly be appropriate... Or maybe they're sending it by Dungeon Master? A paladin with an envelope shows up accompanied by two elves...? Wait... maybe... they send it by a latex-clad gorgeous Domme...!

  34. Moosh
    Meh

    Credit Cards

    Are there an inordinate amount of Americans in these comments?

    Debit cards are by far the most common method of card payment in the UK, if not the EU (i'm not sure what the stats are on that).

    I have had issues with my debit card before. However, my "bank" (actually Nationwide Building Society) has always been very, VERY prompt with card cancellation, refunds, etc. etc.. To the extent that it is sometimes annoying.

    For example: I withdrew money from a cash machine that had been linked to crime. So my card was locked until I went through security (via phone) and confirmed certain transactions weren't fraudulent. This has happened quite a few times.

    One time my card details were stolen somehow and people were buying PS3s in Denmark and were attempting to do so in bloody Vietnam too. I got the large sum (the PS3 costs) back almost immediately, and was able to get the unauthorised overdraft fees reversed at a local bank branch. I explained to them that my Credit Card payment (also with Nationwide) would be impacted and they understood this and were accommodating. The only thing that took a bit longer was that there had also been a number of very small purchases (£1.90, etc. etc.) which were a lot more niggly to refund, which took about a week.

    1. Tikimon

      Re: Credit Cards

      "Debit cards are by far the most common method of card payment in the UK, if not the EU (i'm not sure what the stats are on that)."

      So the biggest crowd of sheep is always right? That's a pretty weak argument! Facebook is clearly the best company ever by that standard.

      Yes, lots of Americans here, and the additional protections for credit cards over debit cards pay off for us handsomely. I'm an AmEx user because they always have my back covered. The annual fee for the AmEx is totally worth the peace of mind and their history of going to bat for me. Neither do we get shafted for additional fees to use credit here. But don't let that stop the debit users from downvoting, hah...

  35. Anonymous Coward
    Anonymous Coward

    and another one...

    Similar story here:

    http://www.getsurrey.co.uk/news/surrey-news/surrey-heath-drivers-wrongly-charged-13150160

    The article says that some customers were wrongly charged "up to £1600" and that they would be refunded in "a day or two".

  36. Anonymous Coward
    Anonymous Coward

    After my debit card got cloned a few years back and £100 went walkies for a while (bank eventually refunded) I decided to use a credit card for everything bar ATMs. I always pay off the balance in full every month, so no interest charges there. And if I haven't got enough lurking in my bank account to buy something, then it doesn't get purchased.

    So if anything happens now, then it's not money disappearing out of my bank account, it's disappearing from somewhere else which doesn't immediately impact me. Though it's very wise to carefully check the credit card statement as soon as it arrives which should give you a week or two to argue the toss about any potentially dodgy transactions before the CC company expect payment.

    In the UK at least credit cards offer a lot more protection than debit cards. The catches being that not everyone cam get credit cards and some companies (usually airlines and travel types) like charging you a bit extra for using credit and not debit.

  37. John Savard Silver badge

    Signatures

    There is a simple way to prevent things like this from ever happening.

    For the bank to take money out of her account, and give it to the hotel, it should have required that the transaction be authorized by her.

    So when she uses her bank card to pay for her room for a day, a signature is uttered by her card for that specific transaction. And only she can make her bank card utter a signature, so there is absolutely nothing the software in the hotel can do to generate any additional transactions on her account.

    Apparently, instead, the bank is actually trusting a merchant who can merely identify a card holder to take as much money as it likes from that card holder's account. That should be regarded as daft, even if most merchants do have large investments that they protect by being honest.

    Of course, that would eliminate credit cards functioning as damage deposits and the like, but we got along well enough before there were credit cards.

  38. Anonymous Coward
    Anonymous Coward

    Depending

    "As for the hotel, its head of PR has chosen the wrong moment to take a day off".

    Or the right moment...

  39. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021