Skip to main content

The Definitive Hotel Fraud and Chargeback Guide

Proactively protect your property from fraud and save thousands a year

What's Covered
  • The common ways hotels are targeted
  • Ways to reduce fraud and chargebacks at your property
  • How to prepare for chargebacks so you can minimize their impact


Hotel Fraud and Chargebacks 101

Common Ways Hotels Experience Fraud

Chargeback Fraud

The cardholder is aware the transaction is legitimate yet initiates a chargeback with their card issuer to get their money back anyway.

Friendly Fraud

The cardholder believes a legitimate transaction is fraudulent and contacts their card issuer to dispute it (unknowingly committing chargeback fraud).

Card Testing Fraud

A fraudster purchases a stolen credit card via the dark web and begins testing it with authorizations to see if the card still works.

Account Takeover Fraud

Bots or fraudsters themselves go through different credentials in hopes that they’re able to crack the code on accounts.

Card-Not-Present Fraud

Any type of fraud that takes place when the card is not physically present – most commonly online but also via mail and over the phone.

Criminal Fraud

A purchase is made with a stolen credit card and therefore an authorization never should’ve been made in the first place.

Understanding Chargebacks

Chargebacks occur when a guest disputes a transaction, either because they suspect fraudulent activity (friendly fraud) or because they want their money back from a legitimate transaction (chargeback fraud).

Guests can initiate a chargeback at any time for any reason, legitimate or not, making chargebacks impossible to eliminate altogether.

A chargeback differs from a refund in that the guest disputes the transaction with their card issuer instead of you. This triggers an investigation to determine the validity of the transaction and guests’ request for a refund.

Ultimately, the issuer can (and typically will) will approve the refund, meaning the funds from a completed transaction are taken out of your merchant account and returned to the cardholder.

In a Chargebacks 911 report, the typical cost of a single chargeback is $190. Not only do you lose the disputed payment amount; you also have to pay a chargeback fee.

This figure doesn't take into account the time your staff loses trying to remedy the situation or the loss of trust your guests may experience following a true fraud-related chargeback.

Getting too many chargebacks is also bad for business. If you get too many chargebacks in a month, you could face steep penalty fees from the card network. You could even lose your merchant ID.

Unfortunately, it's very common. According to a article, around 50% of guests initiate a chargeback instead of a refund. Even a small issue during a stay can result in a guest disputing an entire charge with their card issuer and expecting their money back. 

And remember: chargeback fraud isn't always intentional, making it friendly fraud. Maybe the cardholder forgot about a transaction or a family member made a charge with their card without permission, leading them to contact their card issuer.

Either way, you have an unexpected dispute and loss of revenue on your hands.



Ways to Reduce Fraud and Chargebacks

Investing in Guest Communications

If a chargeback does occur, best practice is to reach out to your guest first so you can help prevent a full chargeback. Even if a disgruntled guest committed chargeback fraud, you may be able to appease them through other means (partial refund, future discounts, etc.).

One of the easiest ways for friendly fraud to happen is through a confusing and vague hotel policies. Routinely review your existing policies, update accordingly, and make sure updates are made anywhere your guests have access to existing policies. There should be no confusion when a guest leaves your property. They should know exactly who the invoice is from, what it is for, and what they owe at checkout.

Always make time to check in with your guest to find how their stay is when they’re at your property. You can get their feedback both in person and from your website and other systems. Give your guests multiple ways to provide feedback during their stay and add notes to your PMS.

It’s important to observe any unusual interactions you have with guests. As you’re building a fraud prevention plan, talk with your guest-facing teams about what they’d consider strange patterns. What have they experienced in the past that ended up turning into a chargeback?

Reviewing Your Credit Card Authorization Form

Your form can give you helpful clues a fraudster may be at work.

Fraudsters like to act quickly (up to 48 hours prior to check-in), so many hotels have adopted a policy to not accept same-day reservations. While that may not be an option, here are some best practices to follow if you can adopt it:

  • Adopt an advance deposit policy and charge a minimum or full amount immediately. If the transaction’s being made with a stolen card, the true cardholder will get a notification of the charge, which will prompt them to contact you.

  • Require a second form of payment. If the first card fails or results in a chargeback, the second option is available. This process can be implemented for all same-day reservations.

  • Be on the lookout for vague, mismatched, or incorrect addresses, as well as any address with a P.O Box.

  • Run a Google search of the provided business name to verify that it's real. Google Streetview can show you if the provided address is really a home, empty lot, bus stop, etc.

  • If the provided cardholder and guest names are the same, that's a red flag since that would mean an authorization isn't necessary at all.

  • Don’t accept a credit card if the address provided for the card and the address provided for the authorization are drastically different.

  • Take note if a business email wasn't used with a business selection.

The signature should match the cardholder's or guest’s name. Hotels have been known to accept authorizations signed with false signatures, such as “AAAAAAA,” resulting in chargebacks.

These sections are typically not required to fill out, so fraudsters may skip them to suggest billing was not approved.

Hear from Sertifi's manager of customer success how to use Sertifi and your auth form to catch fraud early.

Deterring Fraudsters

Address Verification Service (AVS) is one of the most widely used practices in helping reduce fraud and protecting both you and your guest. The automated system is a way to verify a person’s identity when they are not present at the time of transaction. Check out our AVS guide to learn more.

3DS helps secure online payment transactions by frictionlessly authenticating the cardholder's identity before a transaction can be completed. The best part: most cardholders are automatically enrolled for 3DS by their card issuer, so taking advantage of 3DS is easy for merchants. Check out our 3DS guide to learn more.

Typically, fraudsters will abandon the transaction if prompted to submit photo ID as part of the authorization process. Using Sertifi, for example, you can require the signer to upload an image of their ID/Passport in your authorization form.

If they do share an ID, your property can examine the ID and look for doctored images.

  • Require entry of security codes (CVV) on payment cards to help ensure the buyer has possession of the card.
  • Don’t attempt manual authorizations. Always authorize a card through your system.
  • Don’t accept a booking made with a third-party vendor along with a reservation made within 24-48 hours of check-in without additional verification.
  • Do pre-charge credit card for rates to help validate the card isn’t stolen.
  • Do monitor your booking sites for robotic or automated traffic.
  • Do enforce face-to-face check-ins for high-risk bookings.

Responding to Chargebacks

Since guests can initiate a chargeback for any reason, legitimate or not, they're impossible to eliminate completely. Being prepared to respond quickly can help you reduce their impact.

To dispute a chargeback, you have the option to submit a representment case, in which you share evidence that proves the transaction was approved by the cardholder and completed properly. The representment gets sent to your acquiring bank, the entity who connects you to the card network that assisted in processing the transaction (learn more about the processing players here).

There are a couple best practices you can follow to prepare you for evidence gathering:

  1. While time consuming, maintain a thorough record of all your guests.
  2. Contact your guest and hear the reason for the chargeback from them directly. Sometimes a small overcharge or incorrect line item could cause them to ask for a complete refund from their bank, so you may be able to resolve it and issue a smaller refund directly.
  3. Get familiar with chargeback reason codes so you can understand the type of cardholder dispute you’re dealing with. This in turn helps you determine which evidence to compile.

Chargeback reason codes vary by the credit card company.

For example, Visa organizes their chargeback codes by categories. Here are codes within their "fraud" category:

  • Reason Code: 10.1
  • Reason: EMV Liability Shift Counterfeit Fraud
  • Reason Code: 10.2
  • Reason: EMV Liability Shift Non-Counterfeit

Here are some examples for Discover:

  • Reason Code:UA01 
  • Reason: Fraud Card Present Environment 
  • Reason Code: UA02 
  • Reason: Card-Not-Present Environment 

Here’s the list of items that’ll help you build a strong case: 

  1. A rebuttal letter summarizing all the evidence you’re submitting.  
  2. A copy of the transaction receipt or order form.
  3. Copies of communications made with the guest who filed the chargeback.
  4. Evidence that proves the transaction was approved and authorized by the guest, e.g., a signed document that describes the product or service being purchased.
  5. Proof that you have cardholder verification enabled, e.g., via 3-D Secure.
  6. A copy of your refund policy (which should also be easy to find on your website and shared with guests before a transaction is made).

You need to be prompt about filing a representment case, so it’s important you have the right processes and technology in place to collect the evidence quickly. 

When the case is received, the acquiring bank sends your representment to the issuing bank, who issued the card used in the transaction. The issuing bank then may accept or reject your evidence.

  1. If accepted, the issuing bank alerts the cardholder their chargeback has been reversed, and you receive the funds as accepted.
  2. If rejected, and the acquiring bank agrees with rejection, the acquiring bank initiates a refund to the cardholder.
  3. If rejected, and the acquiring bank disagrees with the rejection, the issuing bank must conduct its own investigation and make the final chargeback decision.

The short story is that it’s a lengthy process that you have very little control over. Ultimately, it’s easiest for the issuing and acquiring banks to side with the cardholder and reject your case, so that’s typically how the process plays out.

It’s worth disputing a chargeback if it relates to fraudulent activity. However, every hotel is different and not all properties have the bandwidth to devote to fighting chargebacks. With every chargeback filed, there’s a risk for lost revenue, so you need to ask yourself if it’s worth eating that cost.

While it’s smart to be prepared to fight chargebacks, it’s even more important to invest in a fraud prevention strategy. That’ll help you minimize your risk of chargebacks altogether. Secure processes and technology can help you stay ahead of chargebacks.

Reduce chargebacks and get secure authorization forms back in minutes with Sertifi.

Enjoy a PCI-compliant solution that's easy and secure for you and your customers. Your peers are already getting forms back in minutes and detecting payment risk early with free built-in fraud detection tools.


“We use Sertifi for our e-signature and secure link files. It’s amazing how smart this platform is at such an affordable price. The protection alone from unnecessary chargebacks more than pays the annual cost.”