A recent story that’s shocked the hotel industry is the data hack at Marriott’s Starwood division. Affecting over 500 million customers, the cyberattack resulted in email addresses, passport information and, most worryingly, encrypted credit card data being compromised.
When news stories like this emerge, it’s a reminder that any hotel is at risk of fraud. A security breach can be very damaging - especially in the digital age where hoteliers are requesting more sensitive information from their customers.
Whilst hotel fraud is thankfully pretty rare (thanks in part to software security updates becoming a necessary part of everyday life), regularly assessing the associated risks within your own business should still be a top priority.
The scale of the task for Marriott’s IT security team is not to be underestimated, but this very unfortunate incident is a timely reminder that guest information security must be treated seriously by hotels of all sizes.
Let’s consider some of the modern forms of fraud that can take place in hotels.
1. Loyalty schemes
Loyalty schemes are a great way to ensure customers continually choose a stay at your hotel to keep racking up their points. By rewarding frequent guests with discounted nights or free use of your hotel amenities, you’ll keep them coming back.
However, loyalty schemes also feature an attractive database of information for cyber criminals, due to the belief on their behalf that customer loyalty scheme information is easier to obtain than encrypted credit card data.
By retaining names, email addresses and other sensitive information, your customers can become more susceptible to identity fraud. With the right cybercrime knowledge, their hard-earned points can be compromised or transferred to fraudsters to sneakily reap the benefits of your scheme.
2. Digital check-in
Offering a smartphone app to check in and out of hotels is a great way to increase guest satisfaction. It reduces reception desk queues and makes for a highly convenient stay, thus benefiting both your staff and guests.
However, you should always be aware of the increased risks this type of technology can have on the data you collect.
The depersonalisation of hotel check-ins can unfortunately result in guests being more susceptible to identity fraud. While fraudsters might not be able to bag themselves a free overnight stay, there’s still the possibility of skilled hackers bypassing the check in procedure to make use of guest-only amenities.
3. EMV fraud liability
Card preauthorisation via EMV (Europay, Mastercard and Visa) terminals is by far the most secure way to take payments from hotel customers, be it at the front desk or via an online booking.
EMV-equipped terminals accept fraud liability, which means your hotel and its guests are covered if any fraudulent activity takes place.
If your hotel doesn’t use EMV or a member of staff inadvertently uses a non-EMV-equipped POS terminal at check out, the liability remains with your hotel, which is bad for business and reputation. You should therefore always invest in up-to-date payment technology for your hotel - not just for efficiency, but for the extra security it offers you and your customers.
Even with adequate security measures in place, it’s important to consider the ways emerging hotel technology can be targeted by cybercriminals for fraudulent activity. Marriott’s recent troubles demonstrate that it really can happen to any business, no matter how deep their pockets for cybersecurity.
Investing in the latest tech to create better guest experiences is still an important strategy for modern, savvy hoteliers, but cybersecurity is unfortunately a topic that isn't going anywhere.