The month of December is one of the busiest times of year for the hospitality industry, with people traveling near and far to share the holidays with loved ones – or to take much-needed vacations. Which means this is also the time of year when hospitality business leaders should be thinking most critically about their fraud prevention processes.
The fact is, companies across industries lose an estimated 5 percent of their revenue annually due to fraud. Additionally, Shred-it reports that 49 percent of occupational fraud victims never recover their losses. This is especially troubling for the hospitality industry, which accounts for 14 percent of global breaches – second only to retail. Information thieves specifically target hotels because of all the confidential and personal data these organizations handle, including names, addresses, credit card and passport information, personal preferences and medical data.
When it comes to strengthening your fraud prevention strategies this holiday season, there are three key areas hospitality leaders should focus on: their guests’ privacy, employee training and their own business reputation. Here are some actionable steps to help hospitality leaders reinforce their policies to fight fraud.
Trim the tree, cut the clutter
Hospitality businesses hold a vast trove of confidential information from guests used for booking rooms and/or making payments at hotel shops and restaurants – all of which are available for thieves to conduct identity theft and account fraud. Hard drive destruction and on-demand paper shredding must be an essential part of any businesses’ fraud prevention strategy – whether you are an independent hotel or a bed & breakfast – in order to keep guest files up to date and their information secure.
One additional component that is particularly critical for hospitality small business owners (SBOs) is media destruction, which allows for the secure disposal of digital information found on anything from USB keys to old room access cards. For example, guests can fall victim to identity theft and physical theft (i.e. stolen purses and credit cards) that were taken from their locked hotel rooms. Destroying old key cards would be one way to prevent thieves from gaining access to guest rooms.
Finally, establishing a document management process so that confidential information is protected throughout its lifetime – like guest files containing billing information – as well as utilizing a retention policy so data is securely destroyed when no longer needed,
is even more important for SME’s, who may not have the capacity or budget for the same protective services as larger hotels (like surveillance cameras or security guards).
Knowledge is prevention
The importance of employee training cannot be overstated. Up to 25 percent of information breaches are caused by accidental employee error or negligence – and that does not include malicious threats or activity from insiders. In fact, further research shows that “insider and privilege misuse” is one of the top three security threats in the hospitality sector. Hospitality leaders must create a culture of security and trust among their staff.
Start with implementing “Clean Desk” policies so that guest paperwork and information is never left exposed or unattended. In this increasingly digital industry, the same policy applies when it comes to keeping computer screens clear and isolating POS systems from other networks, which will help to mitigate risk and protect guest credit card information. Additionally, a “Shred-it All” policy – or secure information destruction process – will prompt employees to destroy all documents (digital and paper) when they are no longer needed.
Training your staff to identify and report suspicious behavior is paramount to protecting your guests and business from fraud. Establish an anonymous tips line through which employees can notify management of fraudulent and suspicious behavior. This will help to ensure that employees feel comfortable coming forward with information, without consequence.
Human error is inevitable and theft is sometimes unavoidable, even when every precaution is taken. In the event of a physical or digital theft, it is hospitality leaders’ primary responsibility to notify guests and staff, and to take accountability for the breach. Hospitality leaders not only need to know where to turn, but must also leverage the resources available to them. The PCI Security Standards Council, for instance, fights hotel credit card fraud by maintaining global payment card industry standards, which is why hospitality businesses of all sizes must be sure their establishment commits to PCI compliance. Finally, transparency and (several) sincere apologies go a long way in maintaining your business reputation and ensuring that your customers will return time and time again.
By Kevin Pollack, Shred-it Senior Vice President