On August 28, multiple social media users shared a post by Facebook account holder Ngọc Hiếu, reflecting on the exposure of credit card information when booking through the Agoda platform.
In an interview with Đời sống & Pháp luật, Phạm Ngọc Hiếu from Hanoi’s Thanh Xuân district, stated that on August 6, he had booked a resort in Phan Thiet through Agoda, opting to pay at the hotel. His information was then transferred to Agoda’s partner, Booking.com.
However, according to Hiếu, upon arrival at the resort, his customer file included his complete credit card details, which were also printed out for the reception staff to view.
“As I have used Agoda multiple times, my credit card information was already stored in their system. I was surprised that the reception staff had access to my full credit card details, including the CVC code,” Hiếu said.
Hiếu further mentioned that when he inquired about the exposed credit card information, the resort staff could not provide a satisfactory explanation and only stated that “all guests here are subject to the same procedure.”
According to the report, the reception staff had access to customers’ full card details, including the card number, name, and CVC code for those who booked through Agoda. Photo: NVCC.
Considering this a serious breach of personal information, Hiếu contacted Agoda for clarification. In response to his inquiry, Agoda’s customer service department stated that their company policy allows them to share card information with partners or third parties.
Agoda then requested Hiếu to send relevant images and promised to respond within 48 hours. On August 28, Hiếu shared that Agoda confirmed the accommodation provider had printed the customer’s card information but only used it for verification purposes.
Regarding Agoda’s privacy policy, as of June 2024, when customers use Agoda to make reservations, the platform may collect “name, address, phone number, credit card details, email address, travel provider name, travel location, and/or number of nights stayed,” among other details.
“We may share your information with Travel Providers, Third-Party Service Providers, Business Partners, and Group Company Members,” Agoda’s policy states.
Attempts to reach the resort for comment have been unsuccessful. For international payment cards, the card number and CVV/CVC code are critical pieces of information that users must keep confidential. With this information, fraudsters can withdraw money and conduct transactions without possessing the physical card. Therefore, banks advise users to immediately request a card block if they suspect their CVV/CVC code has been compromised.
Agoda is a popular online hotel booking platform in Asia. It serves as an intermediary, connecting accommodation providers with individuals seeking lodging for travel or business purposes.
This is not the first time Agoda has faced controversy over customer information leaks. In 2018, a customer in Ho Chi Minh City reported that their VISA credit card details, including the cardholder’s name, card number, CVC code, and expiration date, were printed out and accessible to staff at their accommodation.
The Challenges of Utilizing Digital Technology for Credit Scoring
“With a vast repository of personal and financial data, a cybersecurity expert warns that fintech companies could be a prime target for hackers. “
Breaking News: Hyundai, Honda, GM Accused of Selling Customer Data – 1.7 Million Vehicles Affected in $1 Million+ Settlement
“Deceptive tactics” used by companies to manipulate customers into signing contracts that allow data brokerage have been exposed.
