4 ways credit-card fraud in the hotel industry is evolving

Hotels historically have not allocated significant resources toward fraud prevention, but this is changing. Hotels are a growing target for fraudsters and hotels need to deploy strategies and tools to address these risks. Damage to their brand’s reputation, loss of their most loyal customers and a reduction in their bottom-line profits are some of the risks a hotel faces if it does not have a comprehensive and dynamic fraud strategy in place to identify and combat emerging attack vectors.

Below are some of the emerging fraud trends in the hotel and hospitality industry.  

1. EMV Shifts Fraud Liability 

The majority of hotel reservations are made in a card-not-present channel, e.g. phone or online, but customers typically are required to provide a credit or debit card and photo ID at check-in to get their room keys.  

Prior to EMV (Europay, Mastercard and Visa), liability for fraudulent credit-card bookings was transferred to the card issuers once the credit card was swiped at check-in. With the rollout of EMV, liability remains with the credit-card issuer if the hotel swipes the card at an EMV-enabled point-of-sale terminal. However, liability is transferred to the hotel brand if a fraudulent card is used at a non-EMV-enabled point-of-sale terminal.

While many properties have deployed EMV terminals, those who have not are likely to see an increase in fraudulent chargebacks from their acquirer.

2. Account Takeover/Loyalty Fraud

Account takeover and loyalty fraud are growing challenges for hotels to manage. Your most loyal and profitable customers often accrue the highest point balances and these reward balances may be an easy target for fraudsters to exploit. Unfortunately for hotels, account takeover and loyalty fraud can leave customers blaming the hotel for not protecting their points even if the credentials were compromised at another firm.

With access to compromised account login data, fraudsters run automated scripts to test login credentials. Once in, the fraudsters act quickly and transfer the rewards points out of a customer’s account and use the transferred points to buy gift cards and book hotel stays.  

Fraudsters know that loyalty program redemptions typically don’t undergo as rigorous of a screening as a payment transaction, making loyalty fraud an easier target. For your most loyal customers, a bad experience with your brand may provide them with a reason to consider a staying at a competitor.

Thieves often take advantage of hotel employees' willingness to provide assistance to guests. Photo credit: Getty Images/GeorgeRudy

3. Digitally Enabled Check-In via Hotel App

Customers are demanding more digitally enabled services and hotels are responding by expanding the functionality of their hotel apps. Digital check-in, which allows customers to completely bypass the front desk and check in using the hotel’s mobile app as a room key, can be a powerful engagement tool, but it also provides new opportunities for fraudsters to steal from you.

Fraudsters are able to use stolen credentials to log in to a customer’s account and book a hotel room with a card on file or use loyalty points. Using the hotel’s app as a room key enables the fraudster to bypass the front-desk check-in process. This leaves the hotel with the work and expense of managing the chargeback process and the potential for reputational risk when a loyal customer experiences fraud with your brand.

4. Card Testing and Inventory Management  

One way fraudsters test to see if a stolen credit card is still active is to book a hotel reservation to get an authorization. This is a low risk way for a fraudster to test cards quickly before using the stolen credit cards to perpetrate fraud on other digital sites. For hotels, this can drive a high rate of no shows and lost revenue from missed sales opportunities.  When your property appears to be fully booked because inventory is being held in part by fictitious reservations, you risk turning away your most loyal customers, giving them a reason to try an alternative property.

How to Protect Your Brand and Bottom Line

In a world where fraudsters are becoming more organized and sophisticated, here are some strategies hotels should deploy to protect their customers, brands and bottom line:

  • Have EMV-enabled point-of-sale terminals to reduce risk of card-present chargebacks;
  • Leverage passive data collection to assess transaction risk. Collecting and analyzing data such as device intelligence, site navigation metrics and IP address does not create customer friction but provides valuable insights on the risk of a transaction;
  • Incorporate machine-learning/big-data insights from your own brand and a community of merchants to provide a more nuanced view of the risk of a transaction;
  • Create workflows to dynamically route higher-risk transactions for additional scrutiny;
  • Align loyalty and payment transactions fraud strategies to ensure optimal performance; and
  • Understand typical and out-of-pattern behaviors for a customer and layer in this customer insight to refine your risk score.  

Paul Mangino is VP of client success at fraud-management-technology company Accertify.