By Jeff Wixted
Digitally savvy consumers are looking to migrate many traditionally offline tasks to digital channels which offer more flexibility, control and convenience. These mobile-first customers are always seeking ways to digitize additional aspects of their lives and are the force behind many powerful market trends and innovations—such as buying online picking up in store, order-ahead restaurant apps and even allowing for remote access to their homes for deliveries.
While hotels and airlines were amongst the early adopters for enabling online bookings, most hospitality brands have only recently expanded their mobile offering to include features such as digital check-in and, in some cases, using a mobile phone as a room key.
Widespread adoption of digital channels offers exciting opportunities for customers to engage in a very personal manner with a brand. However, moving away from a face-to-face check-in process exposes hotel brands to a whole new set of fraud and security considerations that need to be effectively managed to protect the customer and the brand’s reputation while mitigating losses.
While almost all hotel reservations are made online, the majority of hotel guests still come to the front desk to check in. This face-to-face touch point provides hotel staff with the opportunity to interact and engage with the guest and offers hotels an important security and fraud check, with guests showing their identification and providing a credit or debit card prior to getting their room key.
Before EMV, swiping the credit card at check-in transferred the liability for any fraud associated with the credit card from the hotel to the issuing bank. This liability shift still happens for PIN and CHIP enabled EMV transactions—but is not necessarily the case for hotels which are not EMV enabled.
When executed well, digital channels offer a seamless and personal brand experience for your most loyal customers that can deepen their brand loyalty and grow their overall spend. However, if the right levels of authentication and security measures are not in place, the customer journey can be sub-optimal. Additional or step-up authentication requests may insult your best customers and may result in a lost sale and perhaps the loss of a high-value customer to a competing brand.
Alternatively, if there are not enough measures in place, a hotel brand risks providing goods and services to fraudsters that can tarnish its reputation resulting in your customers associating fraud with your brand and hurting your bottom line.
Account takeover, where a fraudster creates an automated scripted attack to gain access to legitimate customer accounts, is a growing challenge for hospitality brands. Once a fraudster successfully logs in into an account, they will quickly change the contact information and then work to monetize the breached account, often transferring loyalty points, buying gift cards and even booking rooms—especially where digital check-in is available.
Hotels often have lower security and fraud checks for transactions that are occurring via a logged-in customer making it easier for fraudsters to transact without raising as many red flags. To protect themselves, while meeting the needs of the digitally savvy customers, hospitality brands need to implement an account takeover solution that prevents fraudsters from taking over legitimate accounts while delivering a superior customer experience. The best way to manage these competing priorities is to find a partner that has multi-layered approach to solving the account takeover problem.
An important building block of an account takeover solution is device intelligence, which provides deep insights into whether or not the device has been tampered with, if there is malware on the device, the IP address and if the device been associated with previously fraudulent transactions.
Device attributes can be further augmented with user behavioral data, including data points on what pages the customer visited prior to a transaction, time on page and typing speed. These attributes can help identify typical behaviors for fraudsters versus non-fraudsters.
Some account takeover solutions even offer merchants the ability to participate and augment their learnings by opting into a shared community of data, which can significantly enhance the number of data elements feeding a machine learning model by leveraging the wisdom of the crowd to identify good and bad actors.
Lastly, to be an effective and efficient account takeover solution, the platform needs a robust rules engine to support policy rules, a case management solution for efficiently handling transactions that require an additional human review and, finally, integrated API calls to support step-up validation as needed to limit the number of customer disruptions.
Jeff Wixted is VP, Operations & Product Management for Accertify, a provider of fraud prevention, chargeback management and payment gateway solutions.