With the uptick and evolution of fraud execution in recent years, no industry is safe from the fleet of fraudsters waiting to take advantage of customers and companies at their most vulnerable points. Now, attackers have found another method to attack the already vulnerable hospitality industry. This burgeoning trend can be most clearly seen in a recent social engineering attack on a Marriott Hotel employee near Baltimore, leaving more than 300 guests’ credit card information exposed. Fraud isn’t new or uncommon in the hospitality industry, and not to Marriott either; data breaches in 2014 and 2020 alone put more than 345 million Marriott guests’ information at risk.

In some cases, fraud is unavoidable, especially when a company’s current security measures are outdated in comparison to the advanced, ever-evolving methods of fraudsters. The time is now for the hospitality industry to modernize its defenses to protect its customers’ information and rely less on hotel staff, such as receptionists, to discern whether a user is genuine or not.

ID cards and pins are not sufficient to ensure that only authorized employees are entering the company’s system and network. It’s hard to verify someone online or over the phone because physical characteristics aren’t readily available or have proven possible to compromise. However, new solutions, such as behavioral biometrics, enable businesses to better protect their sensitive data and customers’ identities to combat fraud while also reducing friction in the identification process.

Improving The Customer and Employee Experience

As hotels become wary of the consequences and dangers of cybercrime and build out their security defenses, the user experience remains paramount. That applies to both guests and employees. For employees, jumping through multiple authentication hoops to identify themselves or a customer can be time-consuming and cause login friction between the business, its employees and customers.

There’s no one-size-fits-all solution to verification and authentication issues, but businesses can improve the lives of their customers and employees through the use of passive biometric technology. Passive biometrics give companies the ability to perform online identity checkpoints, requiring users to authenticate themselves by identifying what makes a user truly unique. Examples include: pinpointing the way a person swipes the screen to unlock their device, types on a keyboard, moves their mouse, or holds their phone.

Keep Your Guests Coming Back

Authentication methods that rely on user input such as single passwords, multi-factor authentication (MFA) and knowledge-based authentication questions (KBAs) are easy to crack and are replicable, making it even more difficult to verify and protect users. For example, fraudsters can easily gain access to others’ personal information through social engineering scams through payment or chat apps or by purchasing passwords on the dark web. Instead, adopting a passive approach to authentication requires the user to do less with their unique behaviors to access their information while allowing the company to simultaneously monitor for and alert any red flags to the user. This creates a frictionless experience for customers and gives businesses peace of mind that they are protected.

Fraud in the hotel industry won’t make customers avoid hotels altogether – but the businesses that put the security of their guests at the forefront of their operations will strengthen their relationship with customers and offer better, safer experiences than competitors. Smart hoteliers will invest now in the right technologies that ensure their business and customers have not only safe but seamless experiences. Those who don’t could be left behind by the competition.

Bill Sytsma, VP, North America, Callsign