Florida Marriott? I Didn't Book That

An interesting thing cropped up in my Marriott account during my last night in Aix last week. Looking over my Marriott account, something popped up that was rather unexpected. Listed under my upcoming reservations, was a stay booked for next week in Tampa Bay, Florida. Funny thing is, I’ll be in South America next week, and I never booked this stay.



Situations like this can be confusing, as there seem to be very little protections put in place by hotel companies or other travel companies when it comes to using your frequent flyer number or hotel loyalty number. This can be a significant problem, as some places allow you to book based on your loyalty number alone, and if a credit card is saved to your account… well that may just give them the ability to book a stay straight to your credit card. I personally don’t check every one of my accounts every day, so this could have slid under the radar if I hadn’t been at a Marriott at the time and keeping an eye on my account due to some errors when i first arrived.

What can you do about this though? Well it seems like the answer to that is, very little. Protect your online account with good strong passwords. Make sure to keep an eye on your accounts as best you can. If something like this does happen, call the company up and see if there are additional protections they are able to add to the account. In my case, the person who helped me was not able to see how the stay was booked, but she was able to add a pin and verbal password to my account so that people calling in would have a harder time using my account.

In the end, this seemed to be an honest mistake by either the individual, or by a booking agent. The agent I spoke to was unable to find this man in the system under another loyalty number, so it seems he was not a frequent customer, or just didn’t register before for an account. Prior to calling, I was able to cancel the stay online, and this showed me the man’s email address, which was presumably his name.

I chose not to contact the man, as this was likely just a mistake and really may have had nothing to do with him. Lesson here is, watch for activity on your account, it may be easier than you know to add stays to your accounts, without your knowledge. It may be a good opportunity for these companies to revisit their security on these topics.