Actively managing to reduce the risk of false or problematic bookings and fraudulent credit card payments is climbing the ladder of importance for tourism businesses, large and small. To protect your hard-earned revenue, profits, and reputation you need to have well thought out plans, policies, and practices in place.
It is not a simple task. There is never a 100% guarantee, because fraudsters are clever, inventive deceivers who are often ahead of the authorities. But you can set up a highly effective prevention strategy if you review and implement the following measures.
Let’s start with where you display your business and tourism products to the world, primarily your website. Quickly check to ensure it is secured with SSL encryption to protect your customer ‘s data during transactions. This should be coupled with PCI DSS (Payment Card Industry Data Security Standard) compliant payment processing to safeguard cardholder data.
Using TXA as an example, the booking pages we provide are SSL encrypted and we spend an enormous amount of time and money every 12 months reviewing, testing, and certifying our PCI DSS compliance with a third-party specialist. This is both a technical evaluation and rigorous review of our data handling and security processes.
The next level of security is provided by the transaction processors or payment gateways. These are the technologies that process the credit card payment and transfer the funds into your bank account. They have built-in fraud prevention tools.
Through TXA’s integration with our chosen payment gateways, we overlay third-party fraud detection services that analyse transaction data in real time for signs of fraud.
The online booking payment page should always mandate entry of the CVV (Card Verification Value) number from the credit card which ensures the customer holds the physical card.
These are the technical anti-fraud services. Now for some practical things you can do to push your security confidence level towards 100%.
Firstly, be vigilant for unusual activity, things that ‘just don’t seem right’ often are not.
Look out for danger signs like multiple bookings that have the same email, unusual name IP address, unusually high booking values, or extreme last-minute bookings from new customers or guests who want to extend or add to their booking with the same or different card before they arrive.
Unfortunately, this can only be done effectively manually. My principle is “if it doesn’t feel quite right it probably isn’t” so manually review suspicious bookings and personally call the customer for verification. It will quickly become evident if they are a fraudster.
You can run a pre-authorisation hold on a credit card without it being an actual transaction, to verify funds availability and the legitimacy of the card. I will not go into detail on this here but will cover using ‘pre-auths’ later.
Next, look at your booking process, procedures and Booking Terms and Conditions of Use (T&Cs).
For high-value or suspicious bookings, either send a friendly ‘confirmation’ email as soon as possible after booking and ask the guest to respond to a question (you can create one like confirming their booking details) about their reservation.
In your published Booking T&Cs, both on your website, booking pages and OTA accounts, use a strict cancellation and refund policy that;
- designates late notice bookings as non-refundable.
- specifies a significant ‘free’ cancellation notice period (if you want to offer free cancellation) to avoid last-minute fraudulent cancellations.
- Never refund immediately, leave a period of time so that, if a credit card is stolen or fraudulent, there is time for it to be identified and flagged.
- Never ever refund cash or to a different card from that used to pay for the booking.
Verify your guest as early as possible and certainly when they arrive. Write into your T&Cs that the person nominated on the booking and/or whose card is used to transact payment will be a guest. Advise that you require guests to present the credit card used for booking along with a matching ID (for example drivers’ license or passport) at check-in.
There are also digital check-in methods you can use that verify the guest’s identity through their smartphone or other digital means.
If you have staff dealing with bookings and customers, train them to recognize and handle potentially fraudulent transactions. Give them the authority and confidence to identify ‘red flags and clear steps to deal with it when “something doesn’t feel right.”
Regularly check your transactions and booking data. You will quickly see any unusual patterns, payments, or discrepancies. Get on to them quickly if you do.
Review the suggestions above and have a careful think about the strategies I’ve outlined, and you will significantly reduce the risk of fraudulent credit card bookings. Remember though fraudsters are smart and constantly probing to find new ways to steal a booking or scam funds. That’s why you need to choose the right technology partners but also review your own processes and procedures.