Ai Editorial from Chris Staab, Managing Partner, Airline Information
According to a 2010 article in the New York Times, hotels account for nearly one third of the world's cases of credit card fraud! And by most accounts, the situation has not improved in the last few years. How long before credit card acquirers, the credit card networks, government regulatory agencies and hotel customers demand change from the hotel industry on how it handles credit card data?
The root of the problem appears to be the hotel franchise model, leading to a lack of credit card security and poor procedures. Maintaining brand-wide credit card security standards when there are thousands of franchises, many of whom have properties in multiple brands, has proved an impossible task to date. How often have you seen hotel front desks making physical copies of your credit card at check-in, as well as asking for a copy of your ID or passport? This information can then easily fall into wrong hands and is hardly PCI compliant. Combine this with low pay leading to the temptation for hotel staff to steal card and personal data and it's a card security nightmare! A particular target is the cards of American customers who don't have chip-and-pin (EMV), making them easily cloned for card present fraud. Corporate wide, hotel chains have also had a history of poor data security, having faced several well-publicized data breaches of card information.
I am a perfect example of this problem. In the last 5 years, I have been the victim of credit card fraud on half a dozen occasions- all stemming from the use of my card at hotels. Now when I travel to many countries, I use my card only at the hotel front desk, where it is required. Two years ago in Chile, I only used my card at check-in to a 5-Star major international hotel brand property and my card was compromised. The previous year, I fell victim to the well-publicized Wyndham hack and my card was used to purchase $10,000 in furniture in China. Unfortunately, I also had organized several events in Wyndham properties (including the Airline & Travel Payments & Fraud Summit!) around the time of this breach of security and many of our customers were also affected.
So, returning to my original question, for how long can hotels contribute more to global credit card fraud versus any other industry?
The issue may be resolved as hotels themselves are also increasingly becoming victims of fraud, which will hopefully result in better procedures. Hotels face friendly fraud in the form of charge-backs at very high rates, while online the problem is increasing quickly, as hotels are offering more and more prepaid rates via their own websites. This has made them increasingly the victims of the use of stolen credit cards.
Hotels as both victims and contributors to fraud will be discussed at our upcoming ATPS & Fraud Events. You can find out more about all of these events at www.AirlineInformation.org/events. And, think twice the next hotel you check into a hotel about the security of your credit card details!
In preparing for the Airline and Travel Payment Summit in Toronto on the 12/13th of October 2011, one of the themes that keeps emerging is payment surcharging. In the UK, where I am based, this practice very advanced, but it's also one which the regulators are also looking at closely.
Although Ryanair is registered in Ireland, it does a lot of business in the UK and it's at the forefront of surcharging here. However, they are not alone. You might be surprised to learn that Lufthansa and American Airlines are also surcharging on their own UK websites for credit card payments.
Here is a chart of airlines charging credit card surcharges in the UK market: