A few days ago I had to book a hotel room for a couple of nights,
decided to go directly to the business rather
than booking the room through a platform to help them avoid the commissions, little did I know that I was in for a surprise.
After calling them to finalize the transaction I was presented
with the document attached below.
I know the document is in Greek but I wanted to paste the original, it translates to enter every last detail of your card including the CVV
I had to send them every detail of my card including the CVV in plain text.
I mean it’s a medium size hotel I get it, I wasn’t expecting
them to be PCI compliant but this was just wrong.
I was shocked so I called the hotel and asked about their procedures regarding the received forms and the safety of client data.
Guess what, they don’t have any policies or procedures,
they are simply saving the card documents without any encryption in a folder on a Windows machine.
I am certain that this Hotel(part of a larger group of hotels) is not the only SME with poor security.
Businesses in Greece need to start taking data security seriously, the fact that cybercrime is not yet a huge issue in Greece doesn’t translate as the absence of risk.