booking.com sends ALL credit card info as text
This has been known for ages to those who work at hotel desks. When you book a place via their site, they send your name, credit card number and CVV directly to hotels. What hotels do? They most likely print out that information for future reference, I have seen such printouts many times while waiting for the hotel staff to return to their desk. This is a zero security model and it has been running for years.