Why an “Automatic Transaction Decline” Fraud Strategy Isn’t Good for Business 

Hotels and other players in the hospitality space regularly experience chargebacks and fraud. Even with a product like Sertifi, which includes free advanced fraud tools, hoteliers will still see fraudulent activity. Many hoteliers opt to automatically decline transactions flagged as fraudulent, but what most don’t realize is that also means the subtraction of potentially good business. Our resident fraud expert and customer success manager, Peter Laspas, filled us in on the importance of analyzing fraud alerts and other fraud-related misconceptions. 

Mimi McNulty: How does Sertifi protect its customers from chargebacks and fraud? 

Peter Laspas: Sertifi protects all the data that you feed it, but our credit card authorization solution in particular allows users to securely collect, authorize, and tokenize credit card details in a PCI compliant manner, protecting our customers from data breaches, chargebacks, and other types of fraud. The solution verifies card information and card activity along with about 200 other factors during a risk analysis to produce a fraud score to help assess whether or not a charge is real business. 

MM: Is it 100% foolproof? 

PL: Sertifi doesn't guarantee the prevention of chargebacks because cardholders are able to evoke the chargeback feature at any time for any reason, legitimate or not. I think there's always that misconception when you have technology. Some think that because they are using a digital solution that they don’t have to worry about humans taking certain actions and that’s not the case.  

Steve Jobs had a great quote about technology. He said, “Technology is nothing. What's important is that you have faith in people, that they're basically good and smart — and if you give them tools, they'll do wonderful things with them.”   

We're in the hospitality industry because we love people. We believe people are inherently good, and when we are utilizing technology, we are showing our faith in people. But, at the end of the day, pieces of technology are just tools, right? It really depends on the actions associated with those tools. And in the hospitality industry, because of our caring nature, there are bad actors out there that want to take advantage of that. 

MM: What does the industry need to know to effectively use technology and ward off bad actors? 

PL: First off, they shouldn’t feel bad because there hasn't been a lot of support for merchants. The important thing is to be committed to the level of education needed to understand the tools you have. You have to know that not every transaction is going to go according to plan. Instead of planning for perfection, you want to prepare your team to be able to identify fraudulent activity tropes before something bad can happen. 

MM: Can you give us an example? 

PL: I like to use airports as an analogy. 30 years ago, all you needed was your ticket to fly, and that's kind of like today with Sertifi’s credit card authorization form. Without it, a guest can't secure their room at check-in. That’s the bare minimum of security.  

Now, airports require tickets and getting past security to fly. Together, that authorization form and Sertifi’s advanced fraud tools work the same way TSA does by collecting information and looking for suspicious activity. So, you have your ticket, and you go through the x-ray machine, and if it beeps then that means something is not right. That beep is fraud showing up on a hotel’s dashboard. 

Now, you are stuck beeping in security causing the TSA agents to take a closer look just like staff at a hotel would if a charge were showing signs of being fraudulent. However, just because you beep doesn’t mean you are trying to smuggle something dangerous through the airport. TSA realizes you forgot to take your belt off before walking through. So together, you and TSA figure out what happened so you can get on the plane. And really, that's what we attempt to do with the risk analysis. We take another look at the authorization form, use the resources and tools to evoke your processes, and help you make a decision with confidence by looking at the data with a trained eye. And then that helps you put yourself in a position where you're not just assuming or declining what could be a potentially good transaction. 

MM: It sounds like the best strategy is knowing how to separate potential fraud from actual fraud 

PL: Yes, the best approach is identifying and understanding the red flags of what’s actually dangerous activity. There are common traits to dangerous activity, such as same day check-in, mismatched guest and payment information, or even a company email address.  

We have a great resource that I always encourage our customers to use that allows them to cross-reference the information on an authorization form with an example from Sertifi’s fraud training side-by-side to see some of those red flags and determine what some of those common denominators are. 

MM: What does “no activity” mean, and how can striving for that affect business? 

PL: “No activity” means no business. There will always be fraudulent activity. You just have to arm yourself with a healthy balance of tech and smarts. You don't want to invoke a process that's so stringent that you are declining a perfectly good transaction. If you rely heavily on technology and decide to not do any research, you could end up building a policy around the data that would decline good business. Instead, you want to build internal processes that are based on a framework you understand and can rely on to make decisions of what you're comfortable accepting or not accepting.