The vast majority of travel bookings are now carried out online. This increases the scale of transactions, but also the potential of malicious attacks and data breaches. Hotels and the reservation industry now face the fact that they are a growing target for online fraud. They must now deploy strategies and tools to address these digital hotel booking scam risks.
You can find a huge 3.2K consumer reviews containing complaints about hotel booking scams and booking fraud in the category of Hotels and Resorts on the online reviews website PissedConsumer.com.
Furthermore, bogus third-party websites posing as legitimate travel accommodation booking operators are duping a worryingly large number of consumers. 55 million supposed hotel bookings were identified as being made through rogue operators as recently as 2017.
The reason this is such a problem is simple. To date, the hotel industry in general has failed to allocate sufficient resources to tackling fraud. Multiple risks arise from neglecting this crucial threat. Compromised reputation, profit loss, and loss of repeat custom are the major concerns.
Understand the common threats, how you are at risk, and what you can do to mitigate them.
Photo, Lewis Kang’ethe Ngugi.
Data breaches
With the accelerated migration of consumer transactions to the online sphere, the personal and private information of customers and sensitive business data are increasingly the targets of data security breaching cyber-attacks.
Such breaches usually seek access to financial information. Including credit card or bank details, intellectual property, or other valuable confidential data. All of which make the hotel industry a ripe target.
Just last year, a major security breach saw the private data of thousands of multiple popular online booking websites, including Expedia, Agoda, and hotels.com, leaked online.
The hotel booking service giant, Booking.com, was hit with a huge $560,000 fine for failing to promptly report a large-scale data breach that compromised the personal data of over 4100 of the company’s customers.
A data breach is likely to seriously harm the public image of your company. Also, frighten off both existing and potential customers.
Photo, CardMapr.
Card not Present (CNP) Fraud
The percentage of worldwide transactions identified as potentially fraudulent numbers from 10 to 13%. With the average cost of an individual fraudulent transaction being between $126 and $155.
Most security failures take place at the point of sale through Card Not Present fraud. CNP is common in the travel booking sector, so understanding this threat and how to prevent it is crucial.
CNP refers to a transaction made using card details in which the cardholder and card are not present. Card-not-present (CNP) fraud is the unauthorised use of a payment card that happens when the cardholder does not physically present the card at the time of the transaction.
When subject to CNP fraud, merchants unknowingly undergo fraudulent transactions due to criminal access to card data including that on the magnetic stripe of the card, card number, cardholders’ personal information (name, address), and the 3-digit security code.
As the transaction takes place electronically, there is no possibility to verify the cardholder’s identity or request supporting documents. Furthermore, it is likely that such fraudulent transactions can go unrecognised. At least until one of the party’s involved, either the cardholder or merchant, raises the alarm.
Data required to carry out CNP fraud can be obtained via a multitude of approaches. For example, cloning, skimming, theft, and phishing. Distinct from situations whereby the card/cardholder is present during the transaction, liability for the losses incurred due to fraudulent CNP purchases lays with the merchant. Hence, they are liable to refund the full amount of such hotel booking scam.
Photo, Mark OFlynn.
Chargebacks
A chargeback is when a customer’s purchase is withdrawn by the issuing bank. This usually takes place because the customer is in disagreement, for whatever reason, with a charge on their credit/debit card bill. The customer informs their bank that they disagree with or don’t recognise the transaction in question, and the bank then initiates a payment reversal.
The chargeback process serves as protection against unauthorised charges and fraud. On the other hand, it is often exploited to commit fraud against businesses, and as such is a very common hotel booking scam.
Such chargebacks are a common issue in the hotel booking industry. Representing not only a potential financial burden but also a significant consumer of time resources.
Online merchants reported that 49 percent of revenue loss from fraud is a direct result of chargebacks.
In 2016, U.S. merchants reported an 8 percent rise in the cost per dollar of fraud and online scams. For each dollar of losses, merchants are paying out $2.40 for chargebacks and fees. With 1 to 10 percent on criminal fraud, 20 to 40 on merchant error, and 60 to 80 percent on so-called ‘friendly fraud’.
Photo, Jefferson Santos.
Preventing and mitigating hotel security breaches
Hotels and booking websites complete multiple credit card payments daily. This is therefore the main avenue through which security breaches occur. Hence, it is crucial to secure the information involved in every transaction.
Every hotel or booking website with an online presence is vulnerable to attack. At the very least, the following essential measures should be employed to ensure a secure foundation:
Keep your systems up to date
Make sure your systems are running on the current software versions and have the latest patches, fixes, and updates installed. Keep backups of all essential data. This is a simple task once a system to do so has been set up, and should include all financial information, customer details, etc.
Always run up-to-date anti-virus software on all your systems. Schedule regular scans. Set up anti-virus software such as Windows Defender on your computer. Use a website contact form instead rather than providing an email address.
Be wary of scam emails that may have bypassed your spam filter. Immediately block such messages.
Employee training
It’s imperative to inform and educate your staff on principles of best practice and data security. They need to be able to quickly identify any hotel booking scam. Fundamental to this training is ensuring that sensitive and third-party data is only stored on and accessible to secure devices, and never on an employee’s personal laptop, for example. Limit access to customer payment and personal data to those staff to which it is necessary, and always assign personal logins.
The PCI Security Standards Council fights hotel credit card fraud by maintaining global payment card industry standards. Ensure your hotel commits to PCI compliance.
Photo, Dan Nelson.
Password hygiene
Change passwords regularly or rotate them. Better still, use a password generator such as 1password that generates unique passwords for you.
Make sure to utilise 2-Step Verification (or multi-factor verification) on all email accounts. Most major browsers and email providers enable this security measure.
2-Step Verification provides an additional security layer and makes it much more difficult for would-be fraudsters to exploit stolen data to carry out criminal activity. 2-Step Verification demands the input of an additional password that is only accessible to the owner of a particular device, such as a mobile phone.
How to avoid chargebacks
Unfortunately, chargebacks are inevitable and not completely avoidable. The process is impersonal and easy to initiate. It’s a fact that the chargeback process does lean to the side of the purchaser, there is recourse for the merchant.
With your chances of coming out on top in a chargeback case being so low, the best course of action is to prevent it from happening in the first place. Here are some common-sense guidelines for preventing chargebacks:
Clear communication
If made simple, most customers will seek to resolve any problem directly before seeking recourse elsewhere. So, make sure you are easily contactable via your main online presence and provide a prompt response to all inquiries and complaints.
Customer service
Further to the previous point, accessible and efficient customer service is your best tool when it comes to clearing up any misunderstandings and stopping harmful chargebacks before they happen.
Make your terms and conditions clear
Take the time necessary to ensure your service policies are clear and easy to understand so that the liability for any hotel booking scam misunderstanding is on the consumer.
Photo, CardMapr.
Confirm the card expiration date
Nowadays, credit card terminals will automatically flag up an expired card, yet it remains good practice to double-check this.
Use a clear billing descriptor
Many chargebacks are the consequence of a simple misunderstanding. Make sure the name that appears on your customers’ statements clearly identifies your company as it appears when the customer makes the purchase. This alone can seriously minimise the number of chargebacks that arrive on your doorstep.
Maintain thorough records and receipts
Ensure your sales receipts are complete and in order so that they can provide a usable backup and evidence in the instance of a chargeback claim.
Follow card processing protocols
Often, chargebacks are the result of not following fundamental card processing protocol. For example, swiping a card several times after an initial authorisation failure or manually entering card data can inadvertently result in a chargeback.
Stay ahead of the curve
All knowns being considered, as we speak cyber-fraud is exploiting diverse and more and more sophisticated means of obtaining sensitive data from hotel websites. It’s important to take all possible measures to prevent or at least mitigate the impact of an inevitable opportunist creating another new hotel booking scam. With the rise in headlines of large-scale hacks on hotel booking websites.
Sewing up any areas of potential vulnerability should be your utmost priority. The consequences to your reputation and profits are too great to ignore.
