A day after Sheilah Reardon checked into the Bellagio Las Vegas, she received an email alert from American Express warning that her credit card had been compromised. Among the fraudulent charges: a $67 bill from an online-memorabilia store.

A day later, her friend Jennifer Henderson got a call from a MasterCard representative. Her card number had also been stolen. The thieves had made a $67 charge at the same online store moments after they hit Reardon’s account.

“We had checked into the Bellagio at the same time, side by side,” says Reardon. She and Henderson believe that their credit cards were targeted while they were at the resort — most likely while they were checking in — because it was the only time when their cards were used together. Reardon says that she hadn’t used her card, a “travel-only” Amex, since a trip to Florida last summer.

This kind of identity fraud cost American businesses and consumers $21 billion in 2012, the most recent year for which numbers are available, according to Javelin Strategy & Research. It found 12.6 million victims of identity fraud in the United States that year, the highest level since 2009. Javelin’s figures also include data breaches and other types of fraudulent purchases.

Save 75% on a Digital Subscription Today

Identity fraud is a perennial concern for travelers, and particularly for hotel guests whose cards are frequently used on the road. But the problem seems to be getting worse, and there’s no quick or easy fix.

Bellagio claims that it takes “strict precautions” to maintain the security of its guests’ digital information. After Reardon complained of the breach, it contacted her multiple times in an effort to take a full report, but she declined to give one, according to the hotel.

“We regret we were unable to utilize our full resources to bring this matter to a more satisfactory conclusion, but maintain that our security measures are effective,” says Mary Hynes, a spokeswoman for the resort.

Reardon, a school administrator from Raynham, Mass., insists that she filed a complaint but didn’t have time for the lengthier debriefing, since she was on vacation. Besides, she says, she was left with the impression that the hotel was indifferent to her and her friend’s problems while they were staying there. “At least they could have pretended to care,” she says.

Do hotels care?

But Bellagio’s initial response as described by Reardon may be typical of the hotel industry, which is often careless about customer data and dismissive of fraud complaints, say experts and guests.

“Hotels are a massive source of credit-card fraud,” says John Sileo, a digital-privacy expert who runs the website
Sileo.com. “In fact, the travel industry in general is ripe for the picking because of a variety of factors, including the distraction of travelers, high usage of credit and debit cards, high turnover of employees and failure to perform employee-background checks.”

Sileo believes that Henderson’s and Reardon’s breaches probably occurred at their hotel, but he can’t be sure who was behind the theft. Their cards may have been compromised while they checked in, with an employee swiping their cards and then feeding the information to someone else. Or someone else standing near the check-in area and using a smartphone could have recorded their card numbers and verbal data, leading to the compromise. “The chances of it not being internal to the hotel — either an employee or a thief standing nearby — is minuscule,” he says.

Protect yourself?

How can hotel guests protect themselves?

“They can’t,” says Robert Siciliano, a security expert who publishes the site BestIDTheftCompanys.com. “Credit cards can’t be protected.”

The only way to minimize the damage is to monitor your credit-card statement and report any suspicious activity. A longer-term solution, which is to upgrade credit cards to more expensive and secure chip-and-PIN technology, is on the horizon, but probably not in time for your next hotel visit.

Both Henderson and Reardon quickly verified the fraudulent activity on their cards. Their financial institutions removed the bogus charges, canceled their cards and promptly issued new ones.

The Bellagio, for its part, wasn’t entirely unsympathetic. Even though the guests didn’t complete a formal report, the hotel zeroed out their mandatory $25 a day “resort fee,” which includes in-room high-speed and wireless Internet, in-room local and toll-free calls, fitness-center access and airline boarding-pass printing.

Over six days, that shaved $150 off each of their bills, which is almost better than an apology.

Christopher Elliott is the author of “How to Be the World’s Smartest Traveler (and Save Time, Money, and Hassle) ” and the ombudsman for National Geographic Traveler. Email him at celliott@ngs.org