Hotels, motels may be vulnerable to hackers

"The major credit card companies require businesses to have standard data protections if they want to accept credit and debit cards. It's called being PCI compliant,” said Margot Gilman, a Consumer Reports financial expert. “But we found that a number of hotels may not be."

When questioning hotel and motel managers across the country, Consumer Reports found many of them “had not heard” or had “no idea” about PCI compliance.

Security failures at Wyndham Worldwide led to more than $10 million in unauthorized charges, according to a Federal Trade Commission complaint. Consumer Reports found that chain leaders and independent owners and operators pointed fingers at each other regarding who is responsible for PCI compliance.

Those wanting to know if their hotel or motel is compliant should just ask, Gilman said.

"Call any hotel or motel you are considering and ask if they are PCI compliant," she said.

Consumer Reports said it's worth checking Privacy Atlas, a website that tracks security standards at 39,000 hotels in the United States.

If travelers have any doubts regarding the data security of their hotel, Consumer Reports says use a credit card, which have much better fraud protections than a debit card.