Is it just me?

My Perl Android talk was accepted to YAPC::EU 2010 (!!!!) and I want to book the room reservation for my girlfriend and I.

Unfortunately, the hotel (MyHotel - where the conference is taking place) only accepts the credit card details via Email. I've suggested simply calling them and - once I've verified that I'm speaking to the right person - give the details via phone.

However, they insist on getting it via Email. They even suggesting sending two emails, one with half the details, the other with the rest of the details.

Now.. is it just me or is sending it via Email completely insecure? Not to mention that separating them into two emails provides no added security whatsoever.

How did other people handle this? Do you think I should send it via Email, or book another hotel, or.. persist?

7 Comments

It's been a few weeks since I did it, but I'm pretty sure I booked via their web site. And it took my credit card details using an HTTPS connection.

I'm pretty sure my Mastercard details were leaked in the late 90s because I split the info across two emails, and suddenly I was allegedly buying car parts in Norfolk. I consider it unacceptable to try to pass that off as security in the century of the fruit bat. I'm pretty damn sure Visa and friends feels the same way.

You are right-- sending a credit number over plain-text e-mail is not secure, and there are plenty of references to back it up:

http://www.bing.com/search?setmkt=en-US&q=sending+credit+card+numbers+by+email+is+insecure

Just use booking.com ? credit card details are transferred by https, and then directly faxed to the hotel and removed from the booking.com boxes. Never hits email.

"Fine, just give me your GPG public key".

Ævar Arnfjörð Bjarmason++

Ævar, same thought here. Although, I suspect I know the hotel's answer. :)

Leave a comment

About Sawyer X

user-pic Gots to do the bloggingz