How Hotels Can Combat Rising Hospitality Fraud

Identity verification is a key factor in securing customer accounts.

Just as cybercriminals preyed on the airline industry, causing headaches for frequent flyers, they have now turned their attention to a new corner of the hospitality segment. Through account takeovers, bad actors gain control of loyalty points and other rewards belonging to hotel customers. With full access to these rewards, fraudsters can sell the sought-after points to the highest bidder, keep them for themselves, or otherwise manipulate user profiles. 

Let’s break down how fraudsters are targeting the hospitality industry and discuss what hoteliers can do to protect themselves.

Back on their feet

In 2022, guests were excited to return to their jetsetting ways, and cybercriminals were equally excited to take advantage of them. Since then, fraud has swept through the travel and hospitality sectors, impacting airlines, car rentals and, of course, hotels.

These entities have been the target of information and account theft, payment and loyalty fraud, credential stuffing, and more. Hotel giant Marriott suffered one of the more prominent attacks of 2022 when hackers compromised more than 20 gigabytes of sensitive customer data, including credit card information.

Hitting the hotels

Hotels have found themselves to be one of the prime targets amid this uptick in cybercrime. They have been facing pressure to innovate and prioritize digital transformation projects. As such, security posture can fall by the wayside for many. By failing to consider security upgrades alongside digital transformation efforts, hotels are unintentionally creating a broad attack surface for cybercriminals — one that only grows larger as guests resume regular travel.

So how are fraudsters doing it? The same way that these criminals have historically targeted airline loyalty programs, they are now turning their attention toward hotel rewards.

If an attacker can take over an account — by means of data breach, account theft, phishing, or another method — any rewards belonging to that user can be moved, stolen, or sold. The consequences are particularly harsh for guests, many of whom have worked months or even years to accumulate loyalty points. On the other hand, customers that do not regularly book rooms may not notice points are missing for some time. Either way, the loss of rewards presents a major issue for the hotel the next time those guests look to reserve a room.

Determining who’s who

Reestablishing security as a top priority is crucial for hotels to combat rising hospitality fraud. Identity verification is a core component of a strong security posture and should be considered by hotel companies of all sizes. Many larger hotel chains have begun to integrate such verification technology directly into their mobile apps.

Additional security measures, such as biometric verification, can help protect customer accounts by ensuring that an account is accessed only by the authorized user. Biometrics are stronger than passwords, security codes, and even two-factor authentication. Plus, this form of verification renders the commonly used credential stuffing tactic useless.

Intelligent verification tech can determine when a user request may be inauthentic. For example, if a fraudster tries to create a second account from a device already in use, they would be elevated to further security checks while an actual customer attempting to sign on as usual would be able to bypass those steps. Between identity verification technology and biometrics, these tools enable security without sacrificing customer experience.

Securing the future

After a couple of quiet years, travel is back in full swing. But as long as the travel and hospitality industries continue to thrive, cybercriminals will hunt for ways to profit off of them. Identity verification is a key factor in securing customer accounts, streamlining reservation and check-in processes, and ensuring that hard-earned rewards points are staying with their rightful owners. Prioritizing security, especially as hotels pursue digital transformation journeys, will keep clientele protected and coming back for return visits.



Bala Kumar is responsible for Jumio’s product vision and strategy, and is leading the execution of Jumio’s digital identity platform. A former TransUnion executive, he brings more than two decades of product innovation and leadership experience to Jumio.