How Hotels Can Defend Against Fraud when Offering Contactless Check-In

Press enter to search
Close search
Open Menu

How Hotels Can Defend Against Fraud when Offering Contactless Check-In

By Michal Christine Escobar - 09/02/2020

Many hotels are now offering a full contactless check-in process, but this is presenting a serious card-not-present fraud problem for the industry. Without the normal in-person authentication process, which often requires a photo ID, fraud is on the rise. To learn more about this topic, HT spoke with Jeff Wixted, Vice President of Product and Operations at Accertify Inc., an American Express subsidiary.

Describe how contactless check-in is changing the fraud environment for hotels.

Many hotels are putting into place new measures to provide a safe environment as they welcome both guests and employees back to their properties. To help limit exposure and person-to-person contact on the property, hotels are rolling out contactless payments and other touch-free initiatives, such as digital check-in and checkout and using digital room keys – a new technology that allows you to enter your hotel room through your mobile device, rather than a separate plastic keycard.

As hotels adapt to new ways of creating a touch-free check-in experience in today’s environment, they must also implement new fraud controls and safeguards to help reduce risk. Two-factor authentication, for example, helps hotel companies verify a guest’s identity prior to receiving their digital room key.

What type of hotels are more likely to be targeted by fraudsters and why?
There is no single factor when it comes to fraudulent attacks. For example, a hotel stay could be a part of a larger fraud scheme tied to other travel purchases, or something else that is entirely unrelated. Our job is to help companies connect these seemingly disconnected dots to better understand the big picture when it comes to identifying and preventing fraudulent attacks.

In today’s environment, fraudsters are looking to take advantage of situations where businesses are adapting to unfamiliar changes and implementing new processes. This reinforces the need for hotel companies to continue mitigating risk through fraud controls and safeguards, such as two-factor authentication.

What insights can Accertify share about this trend? When did it begin?
Prior to the pandemic, contactless check-in appeared to be more limited and only selectively available by certain hotel properties and locations, however, since the outbreak of Covid-19, we see acceleration of this rollout and further interest in contactless payments as more people embrace touch-free lifestyles. Today, more hotels are offering guests the ability to check-in, and conduct other services, like completing a payment, all through their mobile device in an effort to reduce their physical interaction and in turn, the risk of exposure to the virus. 

Since contactless check-in is likely here to stay, is there a way to ensure protection from fraud without requiring patrons to interact with hotel staff?

There’s no one-size fits all approach when it comes to rolling out contactless check-ins. Each company will need to design these new features and policies based on their specific structure, size and business model. More generally, some industry best practices to help reduce risk include enabling two-factor authentication in cases of new enrollment or for returning customers where out-of-pattern behavior might be detected. Some companies may also have restrictions around certain purchase amounts, such as room rates, that exceed a pre-set limit and in those instances, require another form of identification.

Any other comments? 

Another way hotels are adapting to this new touchless environment is by allowing guests to use their mobile phone as their key to access their hotel rooms. One way to avoid potential theft or fraud is for hotels to link the digital key to the guest’s mobile device, rather than the guests’s phone number.  This enables the hotel to know they are communicating with the verified and valid customer versus a fraudster.