Doesn't directly solve the root problem, but I use https://privacy.com for all of my online purchases. It lets you create multiple virtual card numbers, so every site I pay, I give a different card number. If any single site gets hacked, I can disable just that card. And each card can have a spending limit per transaction/day/month/year. Or, you can make the card a "burner" card that automatically deactivates after the first transaction.
Edit: I suppose that doesn't work as well for hotels specifically, at least in terms of giving a card for incidentals. Since it isn't a physical card, not sure if the receptionist would be keen on entering a digital card like that? But I've definitely used it to pay for rooms online.
Edit: I suppose that doesn't work as well for hotels specifically, at least in terms of giving a card for incidentals. Since it isn't a physical card, not sure if the receptionist would be keen on entering a digital card like that? But I've definitely used it to pay for rooms online.