Restaurants and hotels used to be low-priority targets for online fraudsters, but now, online fraud trends are shifting. As omni-channel and mobile experiences expand, both the restaurant and hotel industries are becoming more vulnerable to new methods of online fraud attacks. In order to guarantee a fraud-free New Year, merchants in these sectors should ensure their fraud prevention solutions are agile enough to continually adapt to dynamic fraud trends.
Know Your Mobile Customer
It’s no secret that digital and mobile payments have grown increasingly more common as customer’s online lives expand. Estimates indicate that, by 2022, smartphones will play a role in about 90% of all digitally influenced sales. The widespread availability of mobile channels often leads to increased overall shopping, as consumers can now seamlessly integrate this experience into their daily lives.
However, the potential for increased revenues for online merchants comes with a risk if proper security precautions are not in place. Online and mobile fraud attacks targeting the restaurant industry rose 60% between Q1 2017 and Q2 2018. These growing pains are largely because legacy systems simply aren't able to account for the scale and variety of mobile interactions now occurring on their platform.
For example, full-service restaurants suffer most acutely from “card and wallet testing.” This is when a thief obtains stolen credit card information and uses a restaurant’s payment platform to test the validity of the sensitive financial details. Another attack method frequently leveraged against restaurants is buy-online-pick-up-in-store, or BOPIS, fraud -- where fraudsters purchase an item using stolen credentials and pick-up their order in-person, avoiding the added risk that comes with inputting a shipping address. While this is a convenient offering for customers, BOPIS policies also expose eateries to more risk.
Similarly, hotel mobile apps are a great way to enhance customer service for frequent travelers. However, they can also prove problematic for hotels because related perks, like digital check-in options, are often difficult to protect. Digital check-in offers convenience by allowing customers to forego check-in at the front desk and pass directly to their room, using their hotel mobile app as a virtual room key. Unfortunately, the success of such a program depends on a business having the ability to determine (with high accuracy) whether the guest checking in digitally is a legitimate customer or a fraudster who is leveraging stolen credentials to take advantage of the system. Merchants are generally liable for managing all chargebacks, or disputed claims, arising from the misuse of their system, so if accurate fraud prevention technology isn’t in place, hotels run the risk of losing money and suffering reputational damage.
To combat these increasing threats, restaurant and hospitality companies with a strong online presence will need to raise the level of KYC (Know Your Customer) on their platforms by asserting customer trustworthiness at multiple touch points throughout the customer journey.
Beware of Account Takeover (ATO)
Account Takeovers (ATOs) are and will continue to be a hot topic across industries but are especially problematic for hoteliers. Traditional ATO occurs when a fraudster hacks into an account and uses the payment method attached to the account to make a purchase. This type of compromised account is particularly difficult to identify, as fraudsters typically rely on the good reputation of hacked users to obfuscate their nefarious activities and trick fraud systems into thinking that they are a good user themselves.
ATO attacks also run rampant in the restaurant industry and can result in customer service issues — creating friction for good customers while simultaneously prompting delays in service and diminishing brand reputation. ATOs generate huge losses for companies both in the form of the high operational costs necessary to mediate customer support-related issues, as well as in brand reputation reparations after hacked accounts have been exposed.
Protect Business Loyalty Programs
ATOs also introduce more vulnerabilities at other points of the customer journey. Restaurants and hotels that offer loyalty point programs to their valued customers also run the risk of exploitation. Accrued loyalty points are essentially free money for the nimble online fraudster, and once a criminal gains access to an account, there is no way to stop them from draining its saved points.
Furthermore, a fraudster can easily use a breached account’s loyalty points to make purchases in-app, redeem gift card offers or book hotel stays with the brand. All of this can occur without the victim realizing that anything is wrong with their account.
Loyalty programs are particularly vulnerable as customers are far less likely to check their point programs for misuse than review their bank or credit card statements for foul play. A poor experience like logging in to discover a drained account will ultimately cause mistrust and could result in a once-loyal customer looking elsewhere for their dining or accommodation needs.
Embrace the Customer Journey, From End-to-End
As customer shopping moves from brick-and-mortar, to desktop, to mobile devices, to a blended omni-channel experience, merchants must be adequately prepared to ensure that all of these offerings are protected against potential fraudsters. The customer journey no longer begins and ends at the point of transaction. Instead, the customer journey is fluid — from logging in, to the redemption of coupons or reward points, to updating account information, to making a purchase. That’s why, in 2019, businesses must have a holistic view of the fraud methods being leveraged by online criminals in order to better protect their valued consumers during each and every touch point along the way.