When you arrive at a hotel and hand over your plastic, you assume there are stringent safeguards in place to protect your information.
Margot Gilman with Consumer Reports says, "The major credit card companies require businesses to have standard data protections if they want to accept credit and debit cards.
It's called being PCI compliant. But we found that a number of hotels may not be."
At this Super 8 motel in New York, the manager said he "had not heard" about PCI compliance.
An assistant general manager at a Red Lion in California also said "I never heard of this."
Similarly a manager at an America's Best Value in Washington state said, "I have no idea" about PCI compliance.
Margot says, "In the past, hackers have taken advantage of weak security at hotels.
For instance there were three documented data breaches at properties of Wyndham Worldwide several years ago."
According to a complaint by the Federal Trade Commission, "security failures" at Wyndham Worldwide led to more than 10 million dollars in unauthorized charges.
Wyndham Worldwide and its subsidiaries have many brands including the Super 8 chain.
In an email to Consumer Reports, a Wyndham spokesman said that each Super 8 is "independently owned and operated" and is "separately required to be PCI compliant."
However, a spokesperson for Super 8 owners disagrees, saying "Wyndham is responsible for PCI compliance."
So how can you find out if the hotel you're considering has the kind of security that credit card companies require?
Margot points out, "There is no substitute for doing your own research. Call any hotel or motel you are considering and ask if they are PCI compliant."
If you have any doubt about the data security of the hotel you have chosen, Consumer Reports advises using your credit card to pay and not your debit card.
Credit cards have much better protection in case of fraud.