6 Fraud Trends Hitting Hotels in 2017
November 16, 2017
Hotel fraud is getting more complex to manage. No one wants to lose a customer with a high lifetime value over the marginal cost of a fraudulent room and or replacing points lost from a loyalty account.
Still your customers also pay attention to the damage to brand reputation that can result from fraud.
As a fraud manager, you face balancing the customer experience with protecting your company’s reputation and bottom line. Data breaches have flooded the dark market with credentials that fraudsters use to hack into accounts. In addition, more hotels want to enhance their experience by offering customers the convenience of skipping check- in. So customers can order their rooms like they order coffee at their local coffee shop, add a payment instrument to charge rooms, and use their phones as room keys. A card-present transaction turns into a card-not-present one, and users don’t even have to present a driver’s license.
To respond quickly to new and sophisticated threats and put the right solution in place, you need to know what’s coming. Here’s a look at seven trends and a tip on how to combat each one.
#1 Card testing fraud: To test fraudulently obtained credentials, criminals may book pre-paid rooms at your hotel. But when they don’t show up, your property suffers lost revenues from holding empty rooms and turning away legitimate customers.
Tip: Run velocity checks to see how often a specific data element occurs within a given interval. You shouldn’t see the same credit card number, email, phone, IP address, or billing address popping up repeatedly.
#2 Digital check-in or key fraud: As hotels embrace a more seamless customer experience, many offer mobile apps with digital check-in. Hotels suffer from lost revenues due to missed bookings from legitimate customers, housekeeping costs, and chargebacks from customers whose credentials are stolen. Don’t run mobile fraud checks in a silo—they should go through the same processes and systems as traditional e-commerce.
Tip: To detect fraud, focus on controls in the mobile app to assess risk
1) at account sign-up, particularly if you’re offering an incentive to add an account; 2) when provisioning to make the app a mobile wallet by checking device ID, name, zip code, and other identifiers; 3) during the transaction to determine if the customer or device is new. The key: Rely on passive data acquired behind the scenes more than active data customers supply. And occasionally consider asking a customer whose transactions seem risky to check in at the front desk.
#3 Account set-up fraud: Criminals often set up loyalty accounts with stolen or fraudulent credentials to prepare for future fraud. They may begin with legitimate but small transactions to establish their reputations as good customers. After doing that, you may see their point transfers to other accounts spike.
Tip: Fraud detection requires you to know your customers and their behaviors. Tenure is a key to establishing whether an account is legitimate. But fraudsters sometimes set up fake accounts to receive funds or points. Your fraud system should screen accounts receiving points for risk. If you suddenly see multiple transfers from an established account or from multiple accounts to a new one, beware.
#4 Account takeover/loyalty fraud: Hackers and thieves may find loyalty accounts tempting due to lower security and the ready availability of credentials via phishing or the dark market. There’s a large amount of compromised data from breaches, as well as
increased use of bots to automate transactions. And if customers log in to a longtime account, their transactions receive less scrutiny than those who check out as guests. Plus debits from loyalty programs often require fewer checks than financial transactions.
Tip: Extend your fraud strategy to all touch points. You’ll be better able to understand your customers’ true behaviors and to detect account compromise and malicious activities. Once fraudsters take over an account, they must be able to do something with it. An easy way to “launder” points is to transfer them again and again to make them difficult to trace and to extend the time to use them.
#5 Gift card fraud: Fraudsters may also purchase gift cards with stolen credit card information. They can then resell the gift cards on a marketplace site.
Tip: Your fraud platform may screen only credit card transactions, because fraudulent transactions result in chargebacks. But to protect your brand, you should also screen gift card redemptions. Velocity checks will help you see if a gift card redemption that uses a particular email or IP address is likely from a fraudster.
#6 Automated fraud: Fraudsters today can download sophisticated tools from the black market to perform technically complex tasks efficiently. Scripted attacks that can be carried out quickly may result in large losses.
Tip: Analyze user behavior and model the difference between transactions entered by a human and by a bot. A bot may have atypical cursor and mouse movement, for example.
One last tip: To thwart evolving threats in new channels, you should monitor trends as fraudulent activities happen, not when chargebacks come in. A holistic digital-fraud strategy incorporates authorization data, a robust rules engine, machine learning, link analysis, and third- party providers who validate attributes of risky activities.