Why hotels need strong security for contactless check-in

The COVID-19 pandemic has hit virtually every industry hard, but the hospitality sector has been impacted more than most. Many hotels were closed for a time during 2020, with hospitality companies developing plans to reopen their facilities while ensuring their guests and employees were as safe as possible. Contactless check-ins have become an important option, allowing guests to bypass the usual check-in at the front desk and access their reserved room using their mobile device. This minimizes contact between hotel staff and guests, helping to decrease the possibility of spreading the virus.

Some hotels are also allowing their guests to use their mobile devices as digital keys, going beyond just contactless check-ins. Digital keys provide an entirely touchless experience for guests, a very compelling strategy to encourage travelers back to their hotels. However, it is also an appealing avenue of potential fraud for hackers because mobile devices are one of the most common targets for identity theft and checking in without human authentication of photo ID raises the potential for fraud.

How do hotels protect against this type of fraud? Linking digital room keys to their guests’ mobile devices themselves, rather than to their guests’ phone numbers, ensures the hotel operators are communicating directly with the verified customer rather than a fraudster that has hijacked the phone’s number or is trying to remotely communicate through the device.

Click here for all of Hotel Management's COVID-19 coverage

Concerns about this type of fraud are legitimate. Yet, if hotel operators adopt a multilayered approach, it will be more difficult for fraudsters to ply their trade. Additional tactics they could adopt include:

  • Limiting contactless check-in options only to certain guests, such as loyalty club members or guests who have frequently stayed at their hotels in the past. Established guests present a significantly lower risk for fraud.
  • Having a multifactor authentication process established for new guests or those guests who are showing a different behavior pattern than in the past (such as trying to reserve a room with an IP address from another country). 
  • Implementing a notification system in which guests are immediately alerted to any changes to their profile information. This ensures the guest is aware of potential fraudulent activity that may lead to a takeover of their account. The alerts should go through multiple channels, such as email and text messages.
  • Developing rules around certain reservation dollar amounts that exceed preset limits, and in those cases, hotels should request another form of identification. 

As hotels continue to navigate the COVID-19 pandemic and work to ensure the safety of their guests and staff, they will continue to balance the convenience of contactless options for their guests with strict security measures to protect against fraud. There is no one-size-fits-all approach for implementing contactless check-ins. Every hotel operator will have to design these options based upon the needs of their hotels. By following industry best security practices such as those mentioned above, hospitality companies will find they can provide their guests with a frictionless check-in process while at the same time maintaining a safe and secure environment for everyone.

Jeff Wixted is VP of marketing & client solutions at Accertify.