Web Exclusive: How to mitigate fraud with contactless check-in

Contactless check-in has provided a way to both streamline hotels operations and keep guests and employees feeling safe post-pandemic. However, as the industry embraces this technology, it is also seeing an uptick in fraudulent activity.

With guests bypassing the front desk and headed straight for their rooms, it’s no wonder why fraudsters would take advantage of this time when photo ID isn’t required.

“In today’s environment, fraudsters are looking to take advantage of situations where businesses are adapting to unfamiliar changes and implementing new processes,” said Jeff Wixted, VP, marketing & client solutions, Accertify, an American Express company. “This reinforces the need for hotel companies to continue mitigating risk through fraud controls and safeguards, such as two-factor authentication. These risk mitigation strategies should continue to be top-of-mind for hotels as they roll out touch-free initiatives, such as digital check-in and checkout and using digital room keys.”

According to Wixted, a way to avoid potential theft or fraud is for hotels to link the digital key to the guest’s mobile device, rather than the guests’ phone number. This enables the hotel to know they are communicating with the verified and valid customer.

“There are two types of fraud that may come into play here—the first is payment fraud, where a reservation may be made using a compromised payment method, such as a stolen credit card, and the second is an account takeover, which occurs when a guest’s loyalty account is compromised and their account details are then used to make a reservation, either via a card on file or using loyalty points,” Wixted explained. “As mentioned above, more hotels are taking the necessary steps to implement new fraud controls and safeguards, such as two-factor authentication to help mitigate potential fraudulent attacks.”

Wixted said that a regular check-in compared to a contactless check-in may not necessarily be “more secure” but rather, the methods differ in the types of information they collect and the process by which they carry it out.

“Traditional, in-person check-in involves a face-to-face interaction, so hotel staff can work with the guest and review their necessary documentation, such as a photo ID, in real-time,” he said. “However, contactless check-in involves layers of digital security, including multi-factor authentication, device intelligence and location services, all which help to discern and trust who is on the other end of a digital transaction.”

Another step that hotels can take to limit fraud exposure is to manage who they offer contactless check-in to, like their loyalty members or guests who have previously stayed on-property.

“Some industry best practices to help reduce risk include enabling two-factor authentication in cases of new enrollment or for returning customers where out-of-pattern behavior might be detected,” Wixted said. “In addition, when the member makes changes to their account profile, such as updating an email address or phone number, the hotel should notify the guest of these changes immediately via email and through a second-factor authentication on a mobile device to help detect any potentially fraudulent activity or risk of an account takeover. From a guest perspective, they should regularly monitor their account for activity and ensure they have enabled second-factor authentication to confirm the legitimacy of any bookings or account changes.”

Wixted said that Accertify encourages hotel companies to communicate with their internal staff about the contactless check-in process and provide guidelines and tips on how it works.

“It’s important that hotel staff and employees are properly educated and trained since they are the ones on the front lines assisting guests,” he said. “It’s also important that hotels communicate with their guests about what to expect during the contactless check-in process, such as receiving a second-factor authentication, as well as what not to expect, such as a hotel requesting their username/password or Social Security Number. Communication will be key to ensure both audiences are properly educated.”

Although contactless check-in presents these risks, Wixted believes that most travelers see this as a positive shift in the industry that aligns with frictionless travel and other touch-free options.

“Everyone has different preferences,” he noted. “We believe some consumers will continue to prefer a more traditional check-in experience, even if a contactless one is offered. A great example we still witness today is in the airline sector, where despite many contactless options, including mobile check-in, electronic boarding pass and self-service baggage drop, some travelers still prefer to interact directly with an agent to check-in.”

Wixted also anticipates that reservations booked through third-party companies and travel agents will continue to be subject to a traditional check-in process, as the hotel may not have as many details about the guest in the initial reservation.

“We see this [contactless check-in] as a win-win for both hotels and their guests,” Wixted said. “Hotels can provide more focus and personalization on the guest experience, which has been successful for other digital travel offerings, such as ride-sharing services, home and vacation rental marketplaces, among others and that can help drive greater affinity and loyalty with the customer.”