Preventing hospitality fraud


Hotels and timeshare resorts share a common problem — preventing fraudsters from using digital technologies to access and raid legitimate customer accounts. The very features that make digital reservations, check-in, and room access so appealing and convenient to Millennials and other early adopters make them fraud-prone if not accompanied by the proper controls and protections.

“Moving away from a face-to-face check-in process exposes hotel brands to a whole new set of fraud and security considerations that need to be effectively managed to protect the customer and the brand’s reputation while mitigating losses,” writes Jeff Wixted, vice president, operations & product management for Accertify, a provider of fraud prevention, chargeback management, and payment gateway solutions.

“While almost all hotel reservations are made online, the majority of hotel guests still come to the front desk to check in. This face-to-face touch point provides hotel staff with the opportunity to interact and engage with the guest and offers hotels an important security and fraud check, with guests showing their identification and providing a credit or debit card prior to getting their room key.”

Since the EMV (Europay, Mastercard, and Visa) credit-card chip technology was introduced in 2017, banks assume liability for fraudulent transactions made with EMV cards only if the hotel, resort, or other merchant accepting the card also is equipped with EMV technology. Otherwise, the enterprise accepting the card assumes the liability. Timeshare resorts without EMV technology are among those at risk.

Account takeover raises other concerns. “Once a fraudster successfully logs in into an account, they will quickly change the contact information and then work to monetize the breached account, often transferring loyalty points, buying gift cards and even booking rooms-especially where digital check-in is available,” Wixted says.

For more information on how to avoid account takeover, visit Wixted’s recent article.