Skip to main content

The Ultimate Hotel Fraud and Chargeback Guide

Learn ways to proactively protect your business from fraud and save thousands a year in chargebacks

What's Covered
  • Part One: Understanding and Preventing Chargeback and Friendly Fraud
  • Part Two: Understanding and Preventing Criminal Fraud
  • Part Three: Why a Better Defense Is Necessary
  • Part Four: How to Prepare Your Chargeback Dispute
  • Part Five: How Sertifi Can Help

sertifi-hotel-payment-processing-series

Chargebacks 101: One Problem, Two Threats


According to a Chargebacks 911 report, the typical cost of a single chargeback is $190, and this figure doesn't even take into account the time your staff loses trying to remedy the situation.

Plus, fraudsters aren't your only threat for chargebacks. Your guests are, too. Proactively preparing for both is your best chance to protect your revenue and reputation.

First, let's review the most common reasons hospitality businesses experience chargebacks.

ILLEGITIMATE CHARGEBACK

Chargeback Fraud

The cardholder is aware the transaction is legitimate yet initiates a chargeback to get their money back anyway.

ILLEGITIMATE CHARGEBACK

Friendly Fraud

The cardholder believes a legitimate transaction is fraudulent and disputes it, unknowingly committing chargeback fraud.

LEGITIMATE CHARGEBACK

Criminal Fraud

A fraudster makes a purchase with a stolen card or creates fake authorizations to check if stolen cards are still usable.

Part One: Chargeback and Friendly Fraud

Why do customers initiate a chargeback for a legitimate transaction?


Unfortunately, chargeback and friendly fraud are very common. According to pymnts.com, around 50% of guests initiate a chargeback instead of a refund.

Here are some reasons customers pursue chargebacks instead of a refund:

With the rise of online bookings and purchasing, many transactions occur without your customer or their physical card present at your business. Unfortunately, most businesses aren't prepared to defend themselves against a chargeback on a CNP transaction, and seasoned customers know they can easily win the dispute.

Customers need to fully understand your booking process and the services, terms, and pricing they're agreeing to. Lack of clear communication regarding policies, fees, and additional charges can create confusion and dissatisfaction. Aside from chargeback fraud, this can also lead to "friendly fraud."

Disputes are common for customers who disagree with your cancellation or no-show policies, and card issuers don't feel as strongly as you do about following the policies.

Most commonly, customers dispute a charge simply because they were unhappy with your services. The smallest inconvenience could prompt them to expect their money back, and because their card issuer is more likely to side with them than you are, they initiate a chargeback instead of requesting a refund or some other kind of compensation.

If the billing descriptor on the customer's credit card statement is unclear or differs from your business' name, they may not recognize the charge and quickly opt to dispute it.

72% of cardholders think disputing a charge with their bank is a valid alternative to requesting a refund from a merchant. Here are the top three reasons why:

sertifi-hotel-chargebacks-refunds

How can I reduce chargeback fraud?

Process Card-Not-Present Transactions Correctly

It’s inefficient, insecure, and much more costly to handle card-not-present (CNP) transactions the same way as card-present transactions. Plus, it can keep you from getting paid. Invest in a secure payment processing system for all areas of your business so you can to protect every customer and make it much easier to prove the legitimacy of transactions when a dispute arises.

Processing transactions online lets you enforce cardholder verification methods like 3-D Secure (3DS). If the cardholder verified themselves before a transaction is processed, it's incredibly sound evidence they were aware and approved the transaction, making it easy to defend the transaction in the case of a chargeback.

3DS also shifts liability. If the cardholder disputes a transaction for fraudulent reasons, the issuer isliable for the funds instead of you.

Tying a payment to a contract signature is further evidence the cardholder verified themselves before a transaction is processed, making it easy to defend the transaction in the case of a chargeback.

Charge a minimum or full amount immediately so disgruntled customers don't get the full payment amount back. If the transaction’s being made with a stolen card, the true cardholder will get a notification of the charge, which will prompt them to contact you.

Ensure your billing statements are clear and accurate, and providing detailed information about the transaction avoids confusion. Custom-branded communications around transactions also help assure customers the information they're receiving is in fact coming from you.

Disabling ACH pre-payments 7 calendar days before the event date, you can reduce your risk of non-sufficient funds.

Fraudsters are able to get card numbers through nefarious means, but they are not able to get the CVV numbers. If the correct CVV is entered, it's sound evidence the card is in possession of the cardholder.

Invest in Customer Communications

If a chargeback does occur, best practice is to reach out to your customer first so you can help prevent a full chargeback. Even if they're disgruntled, you may be able to appease them through other means (partial refund, future discounts, etc.).

Customers should have easy access to clearly stated Terms and Conditions, including refund policies and additional charges, both before and during their stay, to reduce disputes. It's crucial to communicate cancellation and no-show policies, along with associated fees and deadlines, during the booking process.

Routinely review your existing policies, update them accordingly, and make sure updates are made anywhere your customers have access to existing policies.

Always make time to check in with your customers to find how their visit is when they’re in the middle of it. You can get their feedback both in person and from your website and other systems, giving them multiple ways to provide feedback so you can get ahead of potential disputes.

Make it easy for customers to request a refund from you upon checkout and post-stay, and be prompt and reasonable when responding to their feedback. It may be better to salvage a portion of the payment than risk losing everything. 

Be sure to also associate refunds with the original payment and card, making it easy to identify and track.

Do not clone cards or ACH without a contract or authorization form that has clear Terms and Conditions that include policies regarding cancellation, refunds, no-show fees, additional costs (such as room service and mini-bar charges), and especially fees for damage or cleaning.

Part Two: Criminal Fraud

Common Ways Fraudsters Target Hotels

Card Testing Fraud

Fraudsters attempt preauthorization on stolen credit cards via online hotel reservations without canceling, resulting in charges to the cardholder.

Loyalty Account Takeover Fraud

Fraudsters use stolen credentials to access loyalty accounts, using points for gift cards or last-minute hotel bookings.

Credit Card Authorization Form Fraud

Fraudsters book same-day arrivals, opt for remote check-in, and present pre-filled, signed authorization forms at check-in.

Same Day Booking Fraud

Fraudsters either use the stay or verify stolen card validity through minimal interaction, often booking with limited details.

Third-Party Booking Fraud

Fraudsters book through third-party vendors, avoiding capture of contact details, opting for same-day arrival and remote check-in capabilities.

How can I deter fraudsters?

Review Your Credit Card Authorization Form

Your form can give you helpful clues a fraudster may be at work.

Fraudsters like to act quickly (up to 72 hours prior to arrival), so many hotels have adopted a policy to not accept reservations within this timeframe, particularly same-day reservations. While that may not be an option, here are some best practices to follow if you can adopt it:

  • Adopt an advance deposit policy and charge a minimum or full amount immediately. If the transaction’s being made with a stolen card, the true cardholder will get a notification of the charge, which will prompt them to contact you. Best practice is to accept a pre-payment no less than six days prior to arrival; do not take a payment five days or less to arrival.

  • Require a second form of payment. If the first card fails or results in a chargeback, the second option is available. This process can be implemented for all same-day reservations.

  • Be on the lookout for vague, mismatched, or incorrect addresses, as well as any address with a P.O Box.

  • Run a Google search of the provided business name to verify that it's real. Google Streetview can show you if the provided address is really a home, empty lot, bus stop, etc.

  • If the provided cardholder and guest names are the same, that's a red flag since that would mean an authorization isn't necessary at all.

  • Don’t accept a credit card if the address provided for the card and the address provided for the authorization are drastically different.

  • Take note if a business email wasn't used with a business selection.

  • Refrain from accepting credit cards if the billing address and authorization address differ significantly.

The signature should match the cardholder's name. Hotels have been known to accept authorizations signed with false signatures, such as “AAAAAAA,” resulting in chargebacks.

These sections are typically not required to fill out, so fraudsters may skip them to suggest billing was not approved.

Verify phone numbers, as well as a person's identity. Ensure the customer has consistent identities across social media platforms.

Hear from Sertifi's manager of customer success how to use Sertifi and your auth form to catch fraud early.

Other Best Practices

Address Verification Service (AVS) is one of the most widely used practices in helping reduce fraud and protecting both you and your guest. The automated system is a way to verify a person’s identity when they are not present at the time of transaction. Check out our AVS guide to learn more.

Typically, fraudsters will abandon the transaction if prompted to submit photo ID as part of the authorization process. Using Sertifi, for example, you can require the signer to upload an image of their ID/Passport in your authorization form.

If they do share an ID, your property can examine the ID and look for doctored images.

  • Require entry of security codes (CVV) on payment cards to help ensure the buyer has possession of the card.
  • Don’t attempt manual authorizations. Always authorize a card through your system.
  • Don’t accept a booking made with a third-party vendor along with a reservation made within 24-48 hours of check-in without additional verification.
  • Do pre-charge credit card for rates to help validate the card isn’t stolen.
  • Do monitor your booking sites for robotic or automated traffic.
  • Do enforce face-to-face check-ins for high-risk bookings.
  • Exercise caution with bookings made via third-party vendors, especially alongside last-minute reservations, and verify details thoroughly.
  • Monitor booking platforms for signs of automated or suspicious activity.
  • Implement face-to-face check-ins for bookings deemed high-risk.

Part Three: Why Change Is Necessary

Why are these recommendations so important?

The most direct cost is the loss of revenue from the disputed transaction.

Managing chargebacks requires a lot of time and resources, taking attention away from taking care of other customers and revenue-generating activities.

Credit card companies often charge fees for processing chargebacks, which can range from $20 to $100 or more per dispute.

If you experience a high volume of chargebacks, you may be classified as high-risk by payment processors, leading to increased processing fees.

Part Four: Responding to Chargebacks

The Dispute Process


By the time you're informed of the dispute, it takes another 60 to 75 days to resolve it if you counter.

Dispute Created

  • dispute is created and delivered to the merchant.
  • A dispute fee is debited from account balance.
  • The disputed amount is refunded to cardholder.
  • In parallel, the platform should reach out and encourage the customer to withdraw the dispute.

Evidence Submission

  • If you deem that the charge is valid, submit evidence to prove the charge is legitimate.​
  • If no evidence is submitted, the dispute closes automatically. 

Bank Decision

  • If evidence is deemed sufficient, the charge amount is credited back to the merchant (however, dispute fees/penalties are not returned even if you win).
  • If evidence is deemed insufficient, dispute fee and the amount are not returned to the merchant. ​
  • The decision is the bank’s alone and the outcome is final.

Preparing for Your Counter

The burden is on your business to prove:​
  • The person who made the purchase owns the card and authorized the purchase.
  • The cardholder understood and accepted your Terms and Conditions and cancellation / refund policy at the time of purchase.
  • The services to be delivered were clearly detailed.
  • The services were rendered or available.

The best response is to communicate with the cardholder. Solving the dispute without the bank involved is ideal.

When submitting evidence:​
  • Present a clear case. Remember that there is a human reviewing your case. Therefore, a clear, point-by-point narrative makes it easy for them to decide in your favor.
  • Provide screenshots and tell your whole story. Evidence is often transmitted by fax, so the reviewer cannot click on your links or enjoy full-resolution images. Always put all relevant information into your evidence, especially if you have written communication with the customer.
  • Address the specific reason for the dispute. Show that you’ve notified the customer and provide information that disproves fraudulent activity.
  • Keep your evidence relevant and to the point. Provide only the facts surrounding the original purchase, using a neutral and professional tone.​
  • Include proof of customer authorization. Prove the legitimate cardholder was aware of and authorized the transaction in such cases. Any data that shows proof of this is a standard part of a compelling response, such as:
    • Signed receipts or contracts.
    • AVS (Address Verification System) matches.
    • CVC (Card Verification Code) confirmations.
    • IP address that matches the cardholder’s verified billing address.
    • Any other evidence of authorization (e.g., 3DS authentication).
  • Include a copy of your terms of service and refund policy. Provide proof that your customer agreed to and understood your terms of service at checkout or didn’t follow your policies.
  • Cater to the reviewer. Banks use legacy systems to review evidence, so you should:
    • Use clear and concise communication that tells a story.
    • Outline the evidence you are submitting and why it supports your case.
    • Use bulleted lists explaining the evidence and why the charge is legitimate.
    • Use circles, arrows, and callout boxes to highlight and explain important parts of your evidence. Do not cover the text.
    • Include customer communications/emails.
    • Use large, high-resolution images and screenshots (4.5MB limit).
    • Do not highlight text.
    • Put a complete URL instead of a hyperlink.

How Sertifi Can Help

SertifiPay for Online Card Processing


Get paid 90% faster – and securely.

Simplify selling by electronically capturing payments and agreement e-signatures from one secure platform. Behind the scenes, SertifiPay processes payments in a fast, PCI-compliant manner at a lower cost to you.

Sertifi for Card Authorizations


Save thousands in chargebacks and get secure authorization forms back in minutes.

Enjoy a PCI-compliant solution that's easy and secure for you and your customers. Your peers are already getting forms back in minutes and detecting payment risk early with built-in fraud detection tools.