As the hospitality and travel industries begin to make a comeback after a tumultuous year, how are they managing their customer data?
According to PwC’s Hotels Outlook Report 2018-2022, hospitality accounts for the second-most attacked industry after retail. It doesn’t take a genius to work out the common thread between the two industries.
Both the travel and hotel industries collect a wealth of personal and financial information, such as names, date of births, passport numbers, and email and physical addresses. This sought-after data is a hacker’s jackpot, so it should come as no surprise that data breaches in the hotel industry continue to rise.
Just last year, fraudsters stole sensitive information from 10.6million guests at MGM Resorts and 5.2 million guests at Marriott. In addition to this, 9 million customers of easyJet were affected by a similar data breach, 2,000 of which experienced credit and debit card exposure.
So, why are hotel and travel giants such hot targets?
4 Reasons Why Hotels and Travel Companies Are Targeted by Hackers in 2021
1. Sensitive Customer Information
Travel and hospitality companies are often required by law to collect and store valuable government-issued personally identifiable information (PII). This includes passport numbers, social security and National Insurance numbers, and email addresses.
This, paired with the financial information exchanged when consumers make a purchase or booking, amounts to an abundance of data. This leaves the industries incredibly vulnerable to attempted cyber-attacks.
Once the data has been attained, fraudsters can access your accounts for financial gain, or they can choose to sell your personal information on the dark web. Some of the most common problems that arise after your data has been compromised include identify theft, fraudulent account activity and ransom threats.
2. Third-Party Websites
Nowadays, the majority of hotel and travel bookings occur online and, as a result, third-party websites have flourished. Despite often offering discounted rates, third-party websites such as booking.com pose their own threats.
Each third-party vendor can use a different software to navigate the customer journey, adding a layer of complexity to the booking process.
To make an online booking, consumers must go through a series of stages that each requires an exchange of personal data. These multiple exchanges increase the risk of data breaches per transaction, making it much harder for the company to identify the security threat or missing information.
3. Consumers Want an Easy Customer Journey
The travel and hospitality industries are what people invest in to relax. This growing desire for an easy life is demanded from the very start of any customer journey.
Travelers want to use tech-enabled services such as self-check-in kiosks and contactless payments to make the booking process easier. Competitive pressure often means businesses will do everything possible to meet that demand.
This growing tension between comfort and safety presents a major problem for the hospitality industry. Though they want to offer convenience to customers – and every additional step can hamper that – it’s important for companies to find the balance to reduce the risks.
4. Loyalty schemes
Another way in which consumers can be made financially vulnerable is by using loyalty reward schemes. Loyalty program fraud grew by 89% in 2021, and has been described by many as a new currency for fraudsters.
The types of loyalty fraud attacks vary, but can include:
• The direct takeover of existing accounts
• Secret cloning to create new accounts
• Fraudulent transactions
• Policy abuse
Consumers often check their loyalty schemes far less regularly than primary accounts. This leaves an open window for fraudsters to exploit the program’s sharing options between the scheme and other ‘safe accounts’.
What Can Companies Do to Minimise the Risk?
When it comes to cybersecurity in 2021, companies have two options: to increase their data protection or to devalue their old, existing data. But, what exactly does this mean?
Strengthen Your Cybersecurity
Traditionally, most businesses prefer the first option as they don’t have to lose a vital database to which they can send marketing collateral. Often instead, companies opt to purchase accredited cybersecurity software, such as firewalls and intrusion detection.
Industries should also invest in training to ensure employees from the bottom up know how to protect the business from cyber threats. This is particularly relevant for the hospitality industry, as it is often booking and reservation managers who are the first to spot unusual activity and attempted attacks.
Companies may also want to limit employee access to confidential data, so if an account becomes compromised, private guest information doesn’t go with it.
Devalue Your Data
Unfortunately, as hard as companies try to strengthen the barrier between fraudsters and personal data, technology is ever changing and sometimes it may not be enough.
Data encryption has become another form of defense mechanism against hackers. Sensitive information can be disguised with an algorithm and made illegible to anyone who doesn’t have the correct encryption key.
Usually, implementing this method of cybersecurity is the only way to ensure that data doesn’t fall into the hands of fraudsters targeting POS systems with malware.
As you can see, there are a number of reasons why the hospitality industry is often targeted by hackers. There are many ways hotels and travel companies can protect themselves, but it’s never going to be perfect.
By following guidelines set out by the Information Commissioner’s Office (ICO), you can better tackle the issue.
Photo credits:
• Photo 1: Pixaby via Pexels
• Photo 3: Markus Spiske via Pexels
