Every time you check into a hotel or rent a car, the clerk happily informs you that an imprint will be taken of your card. In the case of a hotel, it’s for “incidentals,” meaning the hotel has some way of charging you if you decide to raid the mini-bar or charge a sumptuous room service breakfast to your room. In the case of a rental car, it’s used to cover overages. These may include things like charging you to fill up the gas tank that you promised to refill before returning, and didn’t. It may be used to charge you for damage to the vehicle.
Are these imprints safe? How do they work? Are you at additional risk if you permit this? Can you get around it?
Leave an imprint or else
The bad news is that unless you leave some kind of cash deposit behind, the hotel may deny you a room and the rental company may tell you to rent somewhere else. They need to be protected. The reason these imprints became necessary in the first place is because enough deadbeats and bad apples took advantage of these service providers.
The truth is that the credit card imprint is nothing new. That’s how all transactions were handled in the days before the magnetic strip. It seems silly to have to explain this, but believe it or not, there are these imprint machines that are entirely mechanical. The merchant places the card on a steel plate on the imprinter and a credit card form is placed over it (it used to have “carbon paper” for those old enough to remember). The merchant slides an arm over the whole thing, and the pressure from the arm imprints the raised numbers on your card onto the paper form. It contains all the important information, such as card numbers and expiration date.
Yes, but is leaving an imprint safe?
The biggest concern consumers have with these machines is the possibility that your credit card information could be stolen. The good news is that compliance in regard to credit transactions is so tight, that such theft is highly unlikely. By “compliance,” I refer to The PCI Security Standards Council, which is a governing body made up of the “Big Five” issuers, American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc.
PCI is responsible for the development, management, education and awareness of data security, payment application data security and PIN transaction security. The data security standards require that merchants who take imprints physically secure those imprints, with strict control maintained over who has access and how it gets distributed. If an imprint must be sent somewhere, it must be sent by a secured courier with logs to make sure it is tracked every step of the way. The imprints must be destroyed when no longer needed, and destroyed in specific ways.
This is all on top of every industry’s own internal credit transaction policies.
For hotels, car rental firms, it pays to comply
You might wonder why any hotel or rental car company would bother to do as they’re instructed in regards to PCI compliance. First, if they don’t, then that issuer will not permit the merchant to accept the issuer’s card. Second, if they fail in their compliance, and a consumer ends up experiencing a loss, that merchant will be held liable.
Check in image via Shutterstock