The world is going digital, making it easier for consumers to book travel and make payments. At the same time, however, it has increased the exposure of lodging operators to a growing problem: credit card fraud.
For owners and operators of independent lodging businesses, credit card fraud is not only time-consuming and costly, but it can also damage traveler trust, guest loyalty, and online reputation. Fortunately, there are ways to protect your property from payment fraud and the headaches that come with it.
Here we discuss common types of hotel fraud, along with 6 ways to prevent credit card fraud and technology solutions to help.
What is credit card fraud?
Credit card fraud occurs when a person uses stolen or fake credit card information to make unauthorized purchases. It can happen in various ways, such as through phishing scams, hacking, or theft of physical credit cards.
In a recent survey from Stripe, 64 percent of global business leaders said that it has become harder to fight fraud since the onset of the pandemic. That’s in part due to the growing popularity of eCommerce, digital payments, and contactless payments, all of which have contributed to an increase in the scale and sophistication of payment fraud.
For hoteliers, payment fraud can carry serious consequences, resulting in chargebacks, fees, and lost revenue. To combat fraud and protect their business, lodging operators must take proactive measures to safeguard credit card data. Without the proper processes and systems in place, properties are liable and will lose the trust of guests.
Common types of hotel credit card fraud
The hotel industry is a prime target for credit card fraud for various reasons, including the high proportion of card-not-present transactions, relatively high transaction amounts, and delays between hotel bookings and guest stays. Recent hospitality industry trends like digital check-in and contactless payments have only exacerbated the risks.
Here are some of the most common types of fraud in the lodging industry:
A chargeback occurs when a guest disputes a hotel charge with their credit card company or issuing bank. It’s considered a fraudulent charge if the guest disputes a legitimate charge in order to obtain a refund, falsely claiming that they did not authorize the transaction or did not use the services.
A common example is when guests dispute a charge for items consumed from the minibar. However, in some cases of chargeback fraud, the guest may be the victim of a stolen credit card used to pay hotel room charges.
Friendly fraud occurs when a guest disputes charges they previously authorized, believing them to be fraudulent, often due to a misunderstanding or miscommunication. The 2023 Global eCommerce Payments and Fraud Report found that over one-third of merchants experience friendly fraud.
For hotels, an example of this would be when a guest doesn’t remember having dined in the hotel restaurant or doesn’t recognize the restaurant’s name on their credit card statement. It can also occur if the guest is unsatisfied with their experience and initiates a chargeback to obtain a refund.
Hotel reservation fraud
Hotel reservation fraud occurs when a fraudster makes a hotel reservation using a stolen or fake credit card number. In some cases, the person may pay an advanced deposit and then cancel the reservation, requesting a refund to a different account.
Card testing fraud
Card testing fraud occurs when a fraudster uses a stolen or fake credit card to make small purchases to test the card’s validity. If the card is validated, they may use it to make larger purchases. Hotel reservations are a popular way to test cards because the credit card is authorized when booking, but charges are not processed until checkout. When fake reservations are made, the property may experience no-shows and lost revenue.
Loyalty fraud occurs when a scammer hacks into a guest’s membership account and uses the guest’s loyalty points to book hotel stays, redeem gifts, or sell points. Loyalty programs are especially vulnerable to fraud because reservations typically aren’t screened as carefully as paid reservations. When loyalty fraud occurs, guests may blame the property, even if the breach occurred elsewhere, and the hotel risks losing its most loyal customers.
6 ways to prevent fraud at your property
Clearly, the stakes are high when it comes to payment fraud. So how can your independent property reduce its exposure? Here are some tips and best practices to consider.
1. Verify ID at check-in
Always ask hotel guests, in person, for photo identification at the front desk during check-in and cross-reference the name with the guest’s credit card. Enter the guest’s name, complete address, and phone number correctly into your computer system. If your property accepts digital check-ins, ensure procedures are in place to automatically verify the credit card, upload identification, and obtain the guest’s agreement to registration policies to avoid identity theft.
2. Keep thorough records
Keep all correspondence between your property and guests on file, whether in print or digital format, including confirmations (showing the cancellation policy), email communications, phone calls, signed registration cards, and sales receipts. You will need this information in the event you receive a chargeback or request for a refund that you wish to dispute.
3. Create anti-fraud policies and standard operating procedures (SOPs)
Help safeguard your property by implementing policies and standard operating procedures SOPs such as:
- When taking a reservation on your hotel website, phone, or other booking sites, always ask for the security code on the back or front of the credit or debit card and record it in the guest profile.
- When taking a credit card payment over the phone or by email, use a digital authorization form rather than a paper or PDF form.
- Issue refunds only to the credit card used in the initial transaction.
4. Train staff on fraud awareness and prevention
Include fraud awareness and education in staff training and orientation programs to ensure employees are aware of the risks, alert to the signs of fraud, and know to report suspicious activity immediately. If fraud occurs, use it as a learning opportunity with staff, implementing corrective action to prevent a similar occurrence in the future.
5. Use the hotel name in credit card descriptors
Your billing descriptor is the business name that appears in transactions listed on guests’ credit card statements. It is set up when your merchant account is established but can be changed by contacting your bank. By ensuring that descriptors identify your property and other onsite businesses, such as your restaurant or spa, in a way easily recognizable by guests, you can help prevent friendly fraud.
6. Review financial reports regularly
Hotel management should look for discrepancies and suspicious activity, such as unusually large purchases, when reconciling credit card payments and checking financial reports. Set up a system to automatically authorize credit cards for in-house guests when charges exceed the original authorized amount, with automated notifications of declined authorizations sent to staff for follow-up.
How a hotel payments solution helps with fraud prevention
Technology is another critical tool for fraud prevention. A payment processing solution offers advanced protection and security measures and makes it easier for properties to prevent chargebacks and keep payment data secure.
James Lemon, Global Lead of Travel, Transport, and Leisure at Stripe, and Chad Brubaker, Senior Director of Product at Cloudbeds, discuss how a payment solution can help lodging businesses prevent fraud.
When evaluating payment solutions, look for the following fraud-prevention functionality:
Manual recording of card details increases the chance of human error, fraud, and chargebacks. Look for payment technology that automates the collection of credit card information and integrates with your hospitality platform to automatically populate it in the guest profile.
Hotel payments technology should feature fraud detection tools that assess transaction risks, flag suspicious activity and high-risk cards, and alert your property and the credit card issuer of potentially fraudulent activity for immediate action.
EMV is an acronym for Europay, MasterCard, and Visa. Also referred to as chip-and-PIN, EMV terminals provide an added level of security. With EMV terminals, liability for fraudulent transactions is placed on the issuing bank, resulting in fewer disputes and less lost revenue. Hotels that don’t use EMV terminals may find themselves liable for costs.
Guests expect accommodation operators to keep their personal information secure. In an increasing number of countries worldwide, it’s the law. To keep your guests’ payment data safely stored and protect your property from fraud, ensure your provider is PCI-certified and fully compliant with SCA, PSD2, and 3DS regulations.
Tokenization is the process of converting cardholder data into randomly generated numbers called a token. This renders the information unreadable in the event of a data breach. It’s a standard feature of modern payment processing systems today.
Your payment processor should provide expert support from an in-house team that has intimate knowledge of the payment challenges the hospitality industry faces and is dedicated to helping you reduce risk, combat fraud, and win chargeback disputes.
Put the safeguards into place
As digital transformation accelerates, the risks of payment fraud will only increase. Independent lodging operators are well advised to put the controls, business practices, and technology in place today to protect guest data, deter fraud, and protect their bottom line.
The Cloudbeds Platform offers a secure, versatile payment processing solution that features advanced security protocols, in-house support from hospitality payments experts, state-of-the-art payment terminals, and sophisticated fraud detection tools powered by Artificial Intelligence and machine learning.
With the right payment solution, lodging operators can deliver a seamless payment experience to guests and trust that their payments are being processed securely and reliably every time.