It’s that magical time of the year! The holiday season is fast approaching, and folks everywhere are gearing up for festive travels and family reunions. Unfortunately, holiday travel can sometimes lead to unforeseen circumstances, such as fraudulent activities orchestrated by scammers who impersonate property owners on well-known vacation rental platforms. These fraudsters employ schemes designed to deceive unsuspecting travelers into making payments through unsecured channels, resulting in significant financial losses for the gullible victims.
Digital identity and hotel fraud
Airline and hotel fraud encompasses illicit activities aimed at airlines, hotels, booking platforms, and other travel accommodation services, including car rentals and excursions. These services often utilize loyalty programs to incentivize repeat patronage through point-based rewards. The widespread adoption of such loyalty programs has extended their appeal beyond the travel and hospitality sectors, consequently attracting fraudulent activities. Perpetrators of airline and hospitality fraud employ a range of tactics and different techniques to execute their schemes, leveraging various online forums, marketplaces, shops, and public messaging platforms.
Hotels are custodians of valuable guest data, encompassing contact information and payment details. Their operational model involves serving a large pool of potential customers who are making limited visits. Consequently, compromising a hospitality employee’s account could grant an identity thief access to millions of consumer records. Moreover, hotel employees are frequent targets of foreign governments aiming to procure confidential travel records to facilitate the tracking of specific individuals and groups.
In contrast, restaurants primarily store transaction records with fewer customer details. However, the landscape is evolving as more establishments adopt online ordering capabilities and loyalty programs. At present, cybercriminals typically focus on the high volume of point-of-sale transactions.
As travel booms, fraudsters find new paths
According to a recent Deloitte survey, Intent to travel between Thanksgiving and mid-January is up across all age and income groups. While reconnecting with friends and family remains paramount to travel during the holidays, fewer Americans are restricting their travel to visiting loved ones. The share of travelers planning to stay in hotels surged to 56%.Fraudsters will always take advantage of current circumstances, and with more people traveling again, they have taken notice — and action.
The following techniques have been identified as the most employed by cybercriminals to target customers of airlines, hotels, and hospitality-related organizations:
- Travel-themed phishing and fraudulent travel agency operations, sales, and advertisements of travel fraud-related tutorials.
- Sales of compromised networks, user accounts, and databases containing reward/loyalty points and personally identifiable information (PII) that could be utilized for social engineering, money laundering, and other attack vectors.
Since the emergence of cyber-enabled crime, services and activities facilitating travel fraud have been extensively promoted and sought after by threat actors. Cybercriminals mainly leverage stolen card-not-present (CNP) data and reward/loyalty points obtained from compromised bank accounts to procure flights, accommodations, and other travel-related services.
Furthermore, threat actors persistently refine their strategies for harvesting reward/loyalty points through compromised accounts, deceiving victims into disclosing their travel-related documentation and data and circulating updated guidelines for circumventing hotel and airline reservation services, amongst other activities.
Protecting travelers and improving the customer experience
Combatting hospitality and hotel fraud requires collaboration between industry stakeholders, government entities, and financial institutions. Travel professionals should focus on:
- Enhancing data security: Invest in robust cybersecurity measures to protect guest information, payment systems for CNP, and loyalty programs.
- Implementing identity verification: Utilize advanced technologies, such as biometric authentication and behavioral analytics, to verify guests’ identities and prevent account fraud.
- Educating staff and guests: Provide comprehensive training to employees on recognizing and reporting suspicious activities. Educate guests about potential scams and advise them to book directly through official channels.
- Sharing information: Establish platforms to share intelligence and best practices to stay ahead of evolving fraud techniques.
Acting with the right solution
As the travel and hospitality industry continues to thrive, so does the risk of hospitality fraud. Travelers and hoteliers alike must remain vigilant to protect their finances from various fraud schemes prevalent today. By staying informed, taking proactive measures, and fostering collaborative efforts, we can create a safer and more secure environment within the travel industry.
Experian’s identity verification solutions power advanced capabilities across the travel lifecycle. With trusted data and advanced analytics, you can gain a complete view of your future guest to improve risk management and offer an enhanced, frictionless customer experience.
*This article leverages/includes content created by an AI language model and is intended to provide general information.