Hotel Fraud Prevention: Protecting Your Property Against Card Testing Fraud

Hoteliers must combat a variety of fraud types. In this post, we’ll dive deeper into one lesser-known area: card testing fraud.

What is card testing fraud, and how does it impact hotels?

Card testing fraud when a fraudster purchases a stolen credit card via the dark web and tests it with an authorization to see if the card still works. For hotels, this means the fraudster books several rooms, and if the bookings go through, they know they can use the card to make larger purchases.

This is harmful not only because it limits the number of rooms shown available to your true customers, but you’re also paying for those authorization charges.

How can I reduce card testing fraud?

There are several strategies you can implementing to help mitigate the risk of card testing fraud.

Card Verification

1. Card Verification Value (CVV): Require guests to provide their CVV code, the three-digit security code on the back of the card, during the booking process. This adds an additional layer of security since fraudsters typically don’t have access to this code.
   
   
2. Address Verification Service (AVS): Use AVS to verify the address provided during the booking or reservation matches the billing address associated with the credit card.
   
   
3. 3-D Secure (3DS): Implement 3DS to authenticate a cardholder before the transaction is able to be completed.
   
   
4. Fraud Detection: Invest in robust fraud detection solutions, like Sertifi’s advanced fraud tools, that use machine learning algorithms to identify patterns and behaviors associated with card testing fraud. These systems can analyze multiple data points, including transaction history and user behavior, to flag potentially fraudulent activity.
   
   

Booking Processes

1. Data Protection and Compliance: Ensure robust data protection measures are in place to safeguard guest information and comply with relevant data protection regulations. This includes securely storing and handling credit card data.
   
   
2. Two-Factor Authentication (2FA): Implement 2FA for guest bookings or reservations. This could involve sending a verification code to the guest’s mobile phone or email, which they must enter during the booking process.
   
   
3. Rate-Limiting and Transaction Monitoring: Implement rate-limiting measures to restrict the number of authorization attempts allowed within a certain time frame. Using transaction monitoring systems can detect patterns indicative of card testing, such as multiple small transactions within a short period.
   
   

Staff Procedures

1. Training and Awareness: Train hotel staff to identify suspicious behavior or signs of card testing fraud. Provide them with guidelines on how to handle suspicious transactions, including when to escalate the issue to management or contact the cardholder for verification.
   
   
2. Collaboration and Information Sharing: Participate in industry networks or forums where hotels can share information and insights about fraudulent activities. Collaborating with other hotels and industry stakeholders can help stay updated on the latest fraud trends and prevention strategies.