CHAPTER ONE

INTRODUCTION

1.1 Background of the Study

The use of online services or software with Internet access to defraud victims or to otherwise

take advantage of them has become paramount in the society we live in today. A very

common form of online fraud is the distribution of rogue security software. Internet services

can be used to present fraudulent solicitations to prospective victims, to conduct fraudulent

transactions, or to transmit the proceeds of fraud to financial institutions or to others

connected with the scheme. Hospitality online transaction is not left out. Presently most

hotels, resorts and tourism centers engaged in online transaction/payment such as room

reservation and other services. Online fraud can occur in during the cause of reservation

transaction. Online fraud could result from chat rooms, email, message boards, or on

websites.

Hospitality reservation online fraud could occur in two ways. The first is when a criminal

approaches the hotel management for online reservation and proposes a business transaction,

and then uses fraudulent means to pay for it, using such as a stolen or fake credit card. As a

result, the hotel management do not get paid for the transaction. The hotel who accepts credit

cards may receive a chargeback for the transaction and lose money as a result.

Secondly, the most common fraud is taken place using credit cards this is when the account

numbers and pin numbers are obtained by malicious people (hotel staff) when a transaction is

done and they use this information to withdraw money from the guest’s. , e.g.: a person

named Kushela does a transaction using a credit card with hotel staff. During this transaction

people (hotel staff) may steal this guest’s identity and act as him and request payment to an

offshore account with an excuse that isn't verified to be true and just an excuse to steal the

said credit card.

1
2
1.2 Most Common Fraudulent Activities

Credit Card Fraud. Roughly one-third of all credit card fraud cases originate in the hotel

industry. Credit card fraud can take many forms and can be perpetrated by either an

outsider (guest, vendor or third-party) or an insider (employee).

Some examples of insider credit card fraud and theft include:

 False Account Credits. A common instance of this type of fraud occurs when a

guest checks out from a hotel making full payment of the balance due by credit card.

After the guest leaves, the front desk cashier makes a “guest complaint” adjustment and

credits the cashier’s personal credit card, even though the hotel received no complaint

from the guest.

Hotels can help to prevent this type of fraud by requiring manager approval for all guest

charge adjustments and by reviewing the credits without debits report generated by the

hotel’s property management system (PMS). This report can identify situations where

credits are issued to credit cards without the corresponding debit charges.

 Use of a Skimming Device. This type of fraud occurs frequently in quick-service

restaurants, but can also affect other hospitality businesses, hotels included. Low-wage

employees are typically targets recruited by organized crime to perpetrate the fraud. In

such scenarios, a fraudster provides a cashier or server with a concealed handheld

skimming device to capture a customer’s credit card data from its magnetic strip. The

employee is compensated by the fraudster for each credit card he or she is able to

capture. The credit card information is then used by organized crime groups to create

counterfeit cards to make fraudulent charges. This practice can be mitigated by

understanding the fraud scheme and educating supervisors about the scam.

Hand-held credit card swiping devices are commonplace in European businesses because of

their portability and ease of use. If this device gains popularity in the U.S., business owners

3
should be cognizant of the potential for misuse of the device and implement the appropriate

controls to mitigate potential losses.

Some common credit card frauds perpetrated by outsiders include:

 Fraudulent Credit Cards. This type of fraud occurs when the perpetrator uses a

fraudulent credit card to book a hotel room, as well as to pay for charges incurred while

they were a guest at the hotel. Generally, hotels first become aware of the fraud after the

guest checks out and the payment is charged back by the credit card company, at which

point it may be too late to recover the loss.

1.3 Problem in Hospitality Industry

Online bookings for reservation in the Hospitality Industry are paramount. Hence, the

increase of online fraud in course of reservation bookings online. Criminal activity involving

the perpetration of a fraud through the use of the computer or the internet can take many

different forms. One common form includes “hacking,” in which a perpetrator uses

sophisticated technological tools to remotely access a secure computer or internet location. A

second common criminal activity involves illegally intercepting an electronic transmission

not intended for the interceptor. This may result in the interception of private information

such as passwords, credit card information, or other types of so-called identity theft.

The impact of online fraud on the Hospitality Industry has resulted to fear, distrust, loss of

profit in business, bankruptancy etc.

1.4 Fraud in the Hotel Industry

“Among the leading reasons that hospitality companies are exposed to high levels of fraud is

that the industry's culture tends to focus much more on providing great customer service than

on the internal financial controls that go into running a hotel, resort or restaurant.”

The hospitality industry consists of a broad category of fields within the service industry that

includes hotels, casinos, restaurants, bars, theme parks, and movie theaters. Perhaps due to its

4
culture where customer service is regarded more highly than internal controls, the hospitality

industry invites numerous opportunities to exploit missing or flawed anti–fraud controls each

year, losses to fraud (in the hundreds of billions) are the inevitable result.

To keep hard earned revenues from flowing out through exploitation of inadequate hospitality

fraud prevention controls, firms in the hospitality industry are obligated to gain a greater

understanding about the fraud risks that can undermine their business objectives and

implement control frameworks to reduce exposure to such risks as well to liability from non–

compliance with regulatory requirements.

Those in the hospitality industry, independent of size, regularly lose profits to counterfeit

transactions including currency, credit cards and either personal, cashier’s, gift or travelers

checks. These operations are also frequently victimized by counterfeit identity.

The best news is the same devices that are used to verify driver licenses can also be used to

detect counterfeit money, fake credit cards, counterfeit traveler checks and a wide variety of

other counterfeit documents including passports, travelers checks, and money orders.

Those businesses involved in “covered transactions” as defined by the Bank Secrecy Act, the

Gramm–Leach–Bliley Act and other legislation, must proactively establish an identity theft

prevention protocol.

1.5 Objectives of the Study

This project work is aimed at studying the assessment of various internet fraud perpetrated by

staff in hotel industry. Therefore, the objectives are as follows;

i. To find out whether online fraud has been committed by staff in the hotel industry.

ii. To determine various ways online fraud are perpetrated in the hospitality Industry

iii. To examine the impact of online fraud in the Hospitality Industry.

iv. To suggest ways of prevention of online fraud in the Hospitality Industry.

5
 CHAPTER TWO

LITERATURE REVIEW

2.1 Fraud Triangle

The big question is, “why do people even commit fraud?” Years of research have resulted in

an answer illustrated by what is known as the fraud triangle. The fraud triangle demonstrates

the three key reasons people engage in fraudulent behavior. The first section of the triangle is

pressure. Pressure is the original motivator in almost all fraudulent behavior. Pressure can

arise from financial needs, gambling issue, drug addition, earnings goals, business targets, and

desire for more (promotion, new car, new house, and etcetera). The next section is opportunity

which describes the perception of how the fraud can be executed. The potential fraudster sees

a way he can use his position in the workplace to solve the pressures he is facing.

Furthermore, he also believes there is little to no chance of being caught, as long as, he keeps

the fraud a covert. The third section is rationalization which is when the fraudster convinces

himself the fraudulent act is acceptable or justifiable. Rationalizations include, but are not

limited to the following:

 I had to do it for my family,

 My superiors are dishonest, and

 I am not paid adequately.

6
2.2 Types of Fraud

 Occupational Fraud

Fraud is an extremely broad word. Occupational fraud is often referred to as internal fraud,

and the terms are used interchangeably. An example of internal fraud is when an employee of

a business is skimming cash from the cash register. There is also external fraud in which the

perpetrator is not involved in the operations of the company. The Association of Certified

Fraud Examiners (ACFE) issued a global study called, Report to the Nations on Occupational

Fraud and Abuse: 2012 Global Fraud Study. The survey will be referred to multiple times

throughout the paper. Despite previously providing information based solely on the United

States, the ACFE global study is much more relevant because a vast majority of businesses

have transformed and incorporated global transactions. Additionally, fraud is becoming more

of a global issue. According to survey participants, an estimated five percent of revenues are

lost each year due to fraud, and the median loss from each incidence is approximately

$140,000. Occupational fraud is categorized into three main sections: corruption, asset

misappropriation, and financial statement fraud.

7
 External Fraud

External fraud, particularly credit card and identity theft, is becoming an increasingly

significant issue for the hospitality industry. While hospitality executives are focusing on

making hotel guests satisfied with their stay, security controls are suffering. Credit card and

identity theft go hand in hand regarding hospitality fraud. Externals see a deficiency in a

hotel’s network filled with confidential information and attempt to breach the network.

Sometimes, externals are even tipped in by internals who witness the business’ internal

weaknesses first hand. When fraudsters or criminals see an opportunity to hack a system

worth millions, they tend to take the opportunity. In recent news, from March to December

2013, 14 hotels managed by White Lodging, experienced a data breach exposing guests’

credit and debit card information (Sutton). It is exceedingly vital the hospitality industry

keeps a close eye on confidential information to avoid losing its guest’s trusts and revenue

Hotels can help prevent this type of fraud by requiring front-desk staff to cross-reference

the name on a credit card with that on another form of identification, such as a driver

license, and then comparing it with the name on the reservation. In addition, hotels that

8
request advance deposits should require guests to present the same credit card used to make

the reservation when checking in. Since it is common for perpetrators to use a stolen credit

card right away in order to avoid card cancellations by the owner through early detection, it

is also necessary for front-desk staff to pay special attention to reservations made for same-

day check-in.

 Hacking. Hackers often target hotels, because hotel reservation systems maintain

valuable credit card information for a voluminous number of guests. If an organization’s

computer system is breached, the organization may not initially become aware of the

hack as it could take months before anyone learns of the incident. Hacking incidents do

not just impact the individuals whose personal data was compromised. The hotel

operator must take action and notify guests who may have been affected, hire

consultants to analyze the level of infiltration, and acquire new and improved

monitoring systems. The financial impact on a hotel could be significant, and may cause

damage to the hotel’s reputation. Hotels can help to prevent this kind of incident by:

o Securing their PMS and point of sale (POS) systems;

o Securing their wireless network;

o Strictly enforcing payment card industry standards by masking credit card

numbers;

o Encrypting credit card data; and

o Restricting customer information access to a select group of authorized

personnel.

Vendor Fraud. Vendor fraud is a type of occupational fraud in which the fraudster

manipulates an organization’s accounts payable and/or payment system for illegal personal

gain. A fictitious vendor scheme is a common vendor fraud that occurs in the hospitality

industry. A hotel or restaurant’s accounts payable clerk can commit vendor fraud by

9
creating a phony vendor file that they control and arrange for the organization to make

payments to the phony vendor. Another example of vendor fraud may involve a chef

placing orders through a preferred vendor in return for kickbacks, or a vendor shipping

fewer goods than were ordered, with the chef receiving a kickback of the differential.

The risk from this type of fraud can be mitigated by:

 Establishing an approved vendor list;

 Requiring proper authorizations for new vendor set-up;

 Requiring new vendors to provide certain information for validation;

 Appropriately segregating duties in the accounts payable department;

 Reviewing purchases from large vendors; and

 Enforcing the policy of verifying the quantity and weight of items received to the

quantity and weights detailed on the vendor invoice.

Inventory Theft. This type of theft is common in the hospitality industry and may occur at

either the front of the house or back of the house. Some common examples may include:

 A chef stealing high-value inventory items, such as expensive seafood;

 A bartender leaving at the end of a shift with expensive liquor that was syphoned

into an empty water bottle;

 A restaurant employee offering free food or drinks to employees of local retailers in

exchange for free merchandise; or

 A bartender over-pouring drinks to regular customers in return for higher tips.

Controls that businesses can utilize to help prevent these types of fraudulent activities

include:

 Implementing a requisition policy;

 Not allowing staff to carry personal back-packs or bags into the work area;

 Supervising and observing kitchen and bar activities more closely;

10
 Hiring undercover spotters to observe bartenders; and

 Periodically analyzing food and beverage costs and margins as well as investigating

large variances.

Coupon Fraud. This fraud normally occurs when a customer pays a bill with cash. For

example, a restaurant places an advertisement featuring a coupon offering a $10 discount

off the dinner bill. A customer has dinner at the restaurant and pays cash, but does not have

or know about the coupon offer. After the customer leaves the restaurant, the waiter

removes $10 of cash from the customer’s payment and submits a coupon that he or she

obtained from an advertisement. The waiter then remits the remaining cash and coupon as if

the customer originally provided it.

Restaurants can mitigate the risk of coupon fraud by mailing promotional coupons directly

to customers, requiring manager approval for redeemed coupons, and investigating if a

particular server has a higher volume of coupons applied to guest checks paid in cash.

2.3 Complimentary (Comp) and Void Fraud.

Some common examples are:

 A hotel front-desk clerk collects cash from a guest for a two-night stay, comps one

night for a “guest complaint” and pockets the cash for one night’s room charge.

 A restaurant server collects cash from a guest, voids the entire check for “customer

dissatisfaction” and pockets the cash.

 A bartender collects cash for a drink, comps the drink for a “loyal customer” and

pockets the cash.

Some controls to help prevent these types of frauds include maintaining a log for comped

and voided sales, requiring a reason for the comp or void to be documented, requiring

manager approval on all comped and voided transactions, and attaching a comp or void slip

11
to a guest check or invoice. If a particular front-desk clerk, server, or bartender has a higher

percentage of comped or voided sales, an investigation should take place.

POS software can be used to compare data of an individual employee with the restaurant

data as well as flag suspicious activities—such as a significantly higher percentage of

comped and voided checks or coupons applied to cash checks, etc. This data can help

management identify questionable situations and take timely and proper action.

Internal fraud can be mitigated by hiring employees (especially those dealing with cash and

inventory) only after performing thorough background checks, setting up a fraud policy that

provides clear guidance on how to report fraud, and strictly enforcing the policy of

terminating employees who commit fraud.

12
As the hospitality industry grows more complex, so does its susceptibility to fraud. Globally,

the hospitality industry generates an estimated $3 trillion of revenue per year. According to

the Association of Certified Fraud Examiners, between 5-6% of this annual revenue is lost to

fraud. That amounts to $150 billion in direct loss of revenue.

Property managers in the short-term rental industry are particularly vulnerable. With

thousands of guests cycling through your properties every year, there’s a lot that can go

wrong. High turnover rates make it nearly impossible to thoroughly screen each guest, and by

not having a firm grasp on who you’re booking, you leave yourself open to issues like

identity fraud, stolen credit cards, property damage, and more.

Falling victim to fraud will not only damage your company’s reputation but can cause major

losses in revenue, whether it be from booking scams or turning away genuine reservations

through over-screening. To maintain your company’s reputation, it’s imperative to strike a

balance between protecting your properties and maintaining that 5-star guest experience.  

Protect yourself against fraud by staying up to date on current trends in the hospitality

industry. To help you out, we’ve created a list of the three most common types of fraud in the

short-term rental industry and how to combat them.

2.4 Types of Fraud: 

Bad Guests - While this is the most benign type of fraud (or, more accurately, “social

engineering”), it’s also the most common. To a guest staying in one of your properties, it

might not seem like a big deal to go behind your back and invite a couple of people over for a

party. The resulting noise complaints and property damage, however, can have a severe

impact on your company’s reputation and revenue stream going forward. 

By violating your house rules (no parties, no extra guests, etc.) guests are defrauding you.

Excessive noise, consumption of drugs and alcohol, and inappropriate behaviour can get you

13
in trouble with your neighbours, your building, and even the police. Not to mention irritating

your cleaning staff who have to spend the next day collecting red solo cups and scrubbing

vomit out of the carpet. 

Worst of all, parties are prime situations for accidents—furniture breaks and guests get

injured.

How to combat it - To ensure only the best guests book your properties, you need a thorough

and comprehensive screening process. This involves collecting the personal and contact

information for all guests who are staying in your property, and requesting their trip details. If

anything seems suspicious, like the guest is a local or has only booked for one night on a

weekend, your next step should be getting in touch with the guest over the phone to confirm

details.

Each guest who books with you should also sign a legally binding rental agreement. This way

you have the guest’s written confirmation that they agree to all of your house rules. To ensure

your house rules are followed, install noise sensors in your property. If there’s an

unwarranted spike in volume, you’ll be immediately alerted. To deescalate the situation, call

the guest and give them a warning. It’s up to you how many warnings you give, but If the

guest ignores you and the noise persists, send in a trained security team to evict the offending

parties. Better safe than sorry!  

Criminal Activity -  Although less common, fraud via criminal activity reveals the darker

more frightening side of the short-term rental industry. These are the incidents you see

plastered on the front page of the morning newspaper: properties rented to gangs with

automatic weapons, drug dealings, sex trafficking, properties falling victim to break-ins and

theft.

14
 Incidents like these should always be left to law enforcement. If there’s criminal activity

going on in your property, contact your local police immediately. These kinds of activities

threaten the safety of your property, the building, other guests, and society.   

How to combat it - Once again, this is when it’s imperative to have a thorough screening

process so that you know exactly who’s booking your property. By not investigating each

reservation, you leave yourself vulnerable to ill-intentioned guests. It is your responsibility to

keep your property and the community safe by screening bookings. 

To deter these types of bookings, collect the guest’s personal information then cross reference

it with the credit card they are using to pay. If the two don’t match, it’s likely that the guest is

using a skimmed or stolen credit card. You also want to get in touch with the guest over the

phone to find out exactly why they’re travelling and who will be staying in the suite.

To gather more information on the guest, google their name and phone number to see if

anything comes up. Then, look at their social media profiles to figure out where they’re from

and what they do—any information pertinent to their identity and character. If the reservation

is really questionable, your team should meet the guest and vet them in person, making sure

all the information matches their credentials.  

Fraudulent Bookings - Whether it leads to bad guests, criminal activity or both, a fraudulent

booking is guaranteed to rob you of your hard-earned revenue. A guest may try to scam their

way into a free stay by committing identity theft or credit card fraud. The guest could lie

about who they are and use a stolen credit card to avoid having to pay for the stay

themselves.

If the guest does use a stolen credit card, it’s likely you’ll be hit by a chargeback when the

card is reported missing. This means that the money you received for the stay will suddenly

be reclaimed by the credit card issuer.

15
And if the guest is willing to lie about their identity or steal a credit card, they probably won’t

feel obligated to follow your house rules. Bad guests, as mentioned above, can lead to major

issues during the stay.  

How to combat it - The number one way to avoid fraudulent bookings is to confirm the

guest’s identity. This involves cross referencing their personal information with their credit

card, as well as performing an internet search into their background and verifying their social

media information. If you want to be absolutely certain, you could run a full background

check, involving criminal records and credit scores, but this is time consuming and will cost

you extra money.  

If the guest’s credit card doesn’t match their ID, it’s likely they’re using a stolen credit card.

Keep an eye out for same-day bookings—they’re a major red flag. Criminals using a stolen

credit card try to use the card as soon as possible before it gets cancelled. If you do process a

stolen credit card, the guest will not only get a free stay, but the revenue accrued will be

reclaimed by the credit card issuer, leaving you with nothing but a potential mess and a PR

headache. 

Assuming the credit card and ID do check out, you should immediately process the guest’s

payment after accepting their reservation. Ideally, use a global payment fraud prevention

system while processing the payment. All payments should be made online by credit card

with guests required to pay 100% of the booking fee upfront. This way, you guarantee

payment for every reservation. As an added layer of security, keep the guest’s credit card

information for incidentals and charge them a damage deposit. 

If it seems like the guest is using a fake ID or stolen credit card, cancel the reservation

immediately to free up the calendar. You should take no chances with risky reservations.

16
 CHAPTER THREE

CONCLUSION AND RECOMMENDATION

3.1 Conclusion

The only surefire way to protect yourself against fraud in the short-term rental industry is to

use Autohost, an intelligent, guest-screening assistant for vacation and short-term rental

operators. It scans all reservations, using hundreds of tests and data points to collect and

validate guests’ IDs, determining their level of risk.

3.2 Recommendations

Based on the flagged risks, the software provides users with a list of action items to handle

potential issues proactively. Autohost ensures property managers handle all bookings

responsibly, keeping their business safe, their revenues rising, and their guests happy. 

17
 REFERENCES

Albrecht, Chad, Mary-Jo Kranacher, and Steve Albrecht. Asset Misappropriation Research
White Paper for the Institute for Fraud Prevention. N.p., n.d. Web.

Braun, Robert. (2014). "The Target and Neiman Marcus Breaches: What Hoteliers Need To
Know." Hospitalitynet.org. HN, Web.

Fraud Examiners Manual (2014). Publication. N.p.: Association of Certified Fraud Examiner,
n.d. Print.

Gerber, Neil. (2007). "Occupational Fraud and Abuse." Peoriamagazines.com. Peoria

Magazines, Aug. 2007. Web.

Goldmann, Peter. (2014). "Financial Fraud and How to Reduce Your Risk."
Hotelexecutive.com. Hotel Business Review, n.d. Web.

L. "Obama Administration Seeks Tougher Cyber-Security Law." (2014). USA Today. N.p.,
Web.

McConnell, Mike. "How Cybersecurity Laws Are Outdated." (2014). The Wall Street
Journal. Dow Jones & Company, 10 Feb. 2014. Web.

Occupational Fraud: A Study of the Impact of an Economic Recession. Publication. N.p.:

Association of Certified Fraud Examiner, n.d. Print.

Report to the Nations on Occupational Fraud and Abuse: (2012) Global Fraud Study.
Publication. N.p.: Association of Certified Fraud Examiner, n.d. Print.

Singleton, T. & Aaron J. S. (2010). Fraud Auditing and Forensic Accounting. Hoboken, NJ:
John Wiley & Sons.

Sutton, J. (2014) "Report: Hotels Company Apparently Hacked, Exposing Guests' Credit
Cards." CNN. Cable News Network.

18