Reply to post: Re: just go to your bank and send a wire transfer to our account below

Crumbs! Holiday phish based on genuine hotel booking surfaces

VinceH

Re: just go to your bank and send a wire transfer to our account below

"...and it doesn't seem strange to buy a holiday in Spain and pay to Poland?"

The problem is that a hotel might be part of a chain or group, and in such cases its the parent company that really takes the money (even if the hotel itself handles the transaction), rather than the hotel itself - so a hotel in one country might be part of a chain owned by a company in a completely different one.

Booking.com don't help matters with their approach: They don't take your money, only your card details, and pass that information on to the hotel so that they have your card details ready in order to process your payment, and they charge the hotel commission which is usually taken (in one lump sum for all bookings in a month) by direct debit from the hotel. This simplifies things greatly for booking.com, since they don't have to process card payments.

It's a clumsy approach because it means when making a booking you aren't just talking directly to a payment processor/gateway; you're trusting two companies with your card details: booking.com, who you hand them over to in the first place, and the hotel - and because payment is therefore not taken straight away (even a partial payment, such as a deposit), the system is ripe for a scam of this sort.

As mentioned in the article, it seems unlikely booking.com are the source of the details here, otherwise there'd be a lot more noise about it - so it's likely to be the hotel, but the question is: is it details of bookings stored at/by the hotel that have been compromised, or is it the hotel's connection (i.e. access details) to their booking.com account? (I'd presume the former, otherwise the card details themselves would have been compromised and the problem would be CC fraud).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon