Last year, the data hack at Marriott’s Starwood division shocked the hotel industry. Affecting over 500 million customers, the cyberattack resulted in email addresses, passport information and, most worryingly, encrypted credit card data being compromised.
Fast-forward to 2019, and British Airways is fined a whopping £183 million for a data breach after falling foul of the GDPR's strict guidelines.
When news stories like this emerge, it’s a reminder that any hotel is at risk of fraud. A security breach can be very damaging - especially in the digital age where hoteliers are requesting more sensitive information from their customers.
Whilst hotel fraud is thankfully pretty rare (thanks in part to software security updates becoming a necessary part of everyday life), regularly assessing the associated risks within your own business should still be a top priority.
The scale of the task for Marriott’s IT security team is not to be underestimated, but this very unfortunate incident is a timely reminder that guest information security must be treated seriously by hotels of all sizes.
Let’s consider some of the modern forms of fraud that can take place in hotels.
1. Loyalty schemes
Loyalty schemes are a great way to ensure customers continually choose a stay at your hotel to keep racking up their points. By rewarding frequent guests with discounted nights or free use of your hotel amenities, you’ll keep them coming back.
However, loyalty schemes also feature an attractive database of information for cybercriminals, due to the belief on their behalf that customer loyalty scheme information is easier to obtain than encrypted credit card data.
By retaining names, email addresses and other sensitive information, your customers can become more susceptible to identity fraud. With the right cybercrime knowledge, their hard-earned points can be compromised or transferred to fraudsters to sneakily reap the benefits of your scheme.
2. Digital check-in
Offering a smartphone app to check-in and out of hotels is a great way to increase guest satisfaction. It reduces reception desk queues and makes for a highly convenient stay, thus benefiting both your staff and guests.
However, you should always be aware of the increased risks this type of technology can have on the data you collect.
The depersonalisation of hotel check-ins can, unfortunately, result in guests being more susceptible to identity fraud. While fraudsters might not be able to bag themselves a free overnight stay, there’s still the possibility of skilled hackers bypassing the check-in procedure to make use of guest-only amenities.
3. EMV fraud liability
Card pre-authorisation via EMV (Europay, Mastercard and Visa) terminals is by far the most secure way to take payments from hotel customers, be it at the front desk or via online booking.
EMV-equipped terminals accept fraud liability, which means your hotel and its guests are covered if any fraudulent activity takes place.
If your hotel doesn’t use EMV or a member of staff inadvertently uses a non-EMV-equipped POS terminal at check out, the liability remains with your hotel, which is bad for business and reputation. You should therefore always invest in up-to-date payment technology for your hotel - not just for efficiency, but for the extra security it offers you and your customers.
Even with adequate security measures in place, it’s important to consider the ways emerging hotel technology can be targeted by cybercriminals for fraudulent activity. Marriott’s recent troubles demonstrate that it really can happen to any business, no matter how deep their pockets for cybersecurity.
Investing in the latest tech to create better guest experiences is still an important strategy for modern, savvy hoteliers, but cybersecurity is, unfortunately, a topic that isn't going anywhere.
Welcome Anywhere has over 30 years of experience in helping independent hoteliers deliver guests an unforgettable experience with its simple property management system that controls your daily activities. The best part - it’s all cloud hosted! We develop scalable solutions for your property such as PMS, a Booking Engine and Channel Manager. Our team has a wealth of experience in the hospitality industry and we serve you to better serve your guests.
Call us today at + 44 (0) 33 0100 1090, or email us at firstname.lastname@example.org. We will be happy to walk you through Welcome Anywhere’s all-in-one solution for your property management needs.