The recent fraud alerts at Starwood and Marriot has brought payment security for business travellers into sharp focus...
The cloning and fraudulent use of company or personal payment cards can cost thousands of pounds, take a long time to resolve and can have a negative impact on credit ratings.
There is an equal cost to Travel Management Companies - a breach means they have to contact all future bookings and change the cards, which is time consuming and doesn’t work 100% of the time, and which brings an increase of customer disappointments (and support calls) for up to a year in the future.
Much of this can be put down to the fragmented distribution model of the world’s hotels. This presents opportunities to fraudsters for attack from direct fraud – i.e. the reuse of card details if compromised or more indirect fraud attacks based on spoof offers from the hotels themselves.
So, what can the business traveller or business travel buyer do to avoid falling victim to fraud?
- Make sure your IT is secure – How safe is your IT network? Is it free from Trojans or bots looking to skim card information? With today’s bring-your-own-device approach to business, company IT networks are constantly having to deal with unfamiliar devices and multiple log-ins. Keeping it safe is a challenge, but without this security, your network and payment details are at risk.
- Keep your wits about you – Fraudsters will email fake offers from hotels to tempt you to part with your payment details. So check every email carefully. Is anything amiss? Is the grammar correct? Does it look authentic? If it looks too good to be true, it probably is. This is especially applicable to the traveller and business travel buyer.
- Avoid lodge cards where possible – They are out of date, they are insecure and they are open to fraud and misuse. Business travel buyers need to stop using them. Unusual and multiple spending patterns, a key indicator of fraud, are hard to detect on lodge cards and industry reliance on them is playing right into the hands of criminals.
- Consider using virtual card numbers – Single use card numbers for purchasing hotel accommodation are safer and more secure and should be considered by business travel buyers. They protect companies and their travellers from this type of attack as cards cannot be reused if compromised and there is no personal traveller data for the fraudsters to pick up on. And, they have no intrinsic value that can be exploited.
- Check your account for unusual activity – There are tell-tale signs of potential fraud that everyone should be aware of. For example, when fraudsters have cloned a card, they will try small purchases before going for the big spend. So, check daily for iTunes similar payments for less than a pound. This is a sure fire sign that your card has been cloned and money is about to be taken from your account. Whether it’s a corporate account or your own personal account you book travel through, keep an eye on it.
Through a mixture of personal responsibility and awareness and the business travel industry taking fraud seriously, this is a fight that can be won.
But fraudsters are nothing if not clever and so we will have to work together, as an industry, to keep up with new scams and dangers. 2016 will see even more data breaches and while these have as yet to have an impact on consumer ecommerce confidence, it is only a matter of time.
We don’t want to go back to booking by telephone or letter, so we had better make sure that our systems are secure.
Simon Barker is the co-founder and chief executive of Conferma. Prior to establishing Conferma in 2004, Simon accumulated vast experience of the business travel industry during 18 years as managing director of NIS Travel Management Solutions. Barker’s industry experience spans many disciplines and his particular interests lie in emerging technologies, settlement and distribution.