How to Protect Your Hotel Guests from Scams

Unfortunately, hospitality scams are on the rise with guests becoming ever more cognizant that they could lose their money if they click the wrong link. Seventy-one percent of travelers are concerned about fraud when they make a booking, and one in three have been taken advantage of.

No guest enjoys having to call their credit card company and dispute a charge (the hold music alone is enough to make them grit their teeth), so they may not book with you unless you can show that you’ll keep them and their information safe. Here’s how.

Check ID

When checking a guest in, be sure they’re the person whose name is on their payment card. This prevents chargebacks and protects customers. Have guests show ID at the front desk or collect it as part of the self check-in process. With WebRezPro, it’s easy for the guest to submit their ID online so that you already have it when they reach the front desk (or if they skip the front desk altogether).

If an ID is damaged, it could be a sign that the holder is trying to trick you. This isn’t a new idea. In Murder on the Orient Express, one of the suspects used a grease stain on their passport to cover up a name change. Be like Poirot and don’t fall for it!

Communicate with Guests

Don’t make guests search for a way to contact you as they may search in the wrong places. Your contact information should be clearly presented on your website, appearing in your main menu, header, and footer. When you email a guest, use a “from” address with your property’s domain name and include the phone number for your front desk.

Clarify payment details and methods. If you don’t take credit card information over email—and you shouldn’t—ensure guests know that. However, it is useful for guests to pay by credit card because credit card companies can help return scammed funds. Protect guest card payments via a PCI-compliant payment processing integration.

Once guests reach your property, let them know the correct Wi-Fi network and password so that they don’t select any dubious connections. This information can be shared at the front desk, via guest messaging, or on in-room signage.

A smiling guest using Wi-Fi on his mobile device in his hotel room. — *Provide guests with secure Wi-Fi and ensure they connect to the correct network.*

Secure Your Wi-Fi

Of course, the above won’t protect guests if your own Wi-Fi isn’t secure. Encrypt all data passing through your network and have a well-maintained firewall in place. Your guest network and business network should also be kept separate so that a breach in one does not affect the other.

Encourage Direct Bookings

Not only are direct bookings better for your bottom line (as they have no commission fees and result in stronger guest relationships), they’re also better for protecting your guests. When guests book directly with you, you control the security measures in place. If an OTA or GDS channel has flawed security, you don’t have the ability to change it.

Make direct bookings as easy as possible with a mobile-friendly website, intuitive navigation, and a fast load time (40 percent of viewers will exit a site if it takes more than three seconds to load).

Maintain a simple booking process. Though offering upsells and collecting information is necessary for improving the guest experience and your bottom line, resist the urge to ask for too many details. Guests abandon complicated booking processes, so keep required information to the minimum needed to confirm a booking.

Include unit slideshows to establish credibility. With WebRezPro’s booking engine, you can upload up to 16 photos for each unit type to reassure guests as well as customize the booking engine itself so that it aligns with your property’s brand.

Despite the advantages of direct bookings, most hotels also offer OTA and GDS reservations as part of a well-rounded distribution strategy. When choosing partners, assess their fraud prevention measures. Not every OTA is serious about security.

Show the Correct Signals

There are various ways to signal that you’re a legitimate business. In addition to a secure website, strengthen your online presence with social media accounts and plenty of reviews. Partnering with other local businesses and lodging/travel associations shows guests you’re an active part of the community and allows you to take advantage of co-marketing opportunities that boost credibility.

Keep branding and property information consistent across all channels. Not only does consistent branding build trust, it makes it easier for guests to spot any anomalies. Even your SEO can help prevent fraud because it ensures that your legitimate website appears first in the search results, above any scammer sites.

Pricing is a signal as well. If your pricing seems too good to be true, guests think twice. Consider using an automated revenue management system that analyzes market data and adjusts pricing automatically.

Lastly, SSL/TLS certification for your website and booking engine is important because it appears in your URL as “https” rather than “http,” letting guests know your site is safe.

Train Staff

Train staff to be cautious with passwords and vigilant about phishing. If a scammer gains access to your system or account this way, it compromises both your business and your guests. Staff should take the following precautions:

Don’t click on suspicious links.
Be especially wary of emails that claim you need to take immediate action.
Don’t log in to personal accounts via a business computer.
Lock restricted areas of the property.
Use strong passwords and don’t write them down (a digital password manager is helpful here).
Don’t refund payments to a different account.
Know who the property’s supervisors/owners are. Don’t follow instructions from just anyone over the phone… especially if they’re telling you to break into your own offices!

Refresh staff on your security protocol every so often, just as you would with any other aspect of their work.

Staff should only have access to the systems and data they need to complete their work and no more. This prevents breaches if an employee is the malfactor… or simply careless about data theft. WebRezPro uses security profiles to determine employee access levels. When an employee moves on, remember to deactivate their user profile.

Two hotel employees complete front desk training. — *Ensure staff know how to keep your business and guest data safe.*

Choose Protected Systems

Before integrating a new system into your tech stack, find out how the provider keeps their system safe. Measures should include two-factor authentication, SSL/TLS certification, IP-restricted access, and for any system that accepts credit card payments, PCI compliance.

Ask about data privacy policies and ownership. WebRezPro stores data with Amazon Web Services for the highest cloud technology security standards.

Protecting your systems also includes updating software when upgrades become available. Upgrades don’t only include flashy new features; they contain critical bug fixes and security patches.

Keep Detailed Financial Records

You can’t spot anomalies in the numbers that could impact you and your guests if you don’t have those numbers at hand, so detailed financial records are necessary. Have your team go over all transactions thoroughly, keep receipts, and don’t neglect your loyalty program (people can commit point fraud as well!). WebRezPro automatically tracks all transactions and includes several financial reports to help you stay on top of your business.

According to the FTC, the total monetary loss from fraud in the travel industry was $95 million in 2021. Guests are right to be wary, so follow these tips to reassure them that it’s safe to book with you!