As consumers get ready to take their summer vacations, chances are they’re booking a hotel stay (or two). During this time of year, it’s important credit unions take note of the potential fraud threat that comes from consumers’ hotel visits.
Fraudsters increasingly set their sights on hotels. In 2015, several major hotel chains were breached including Hilton Worldwide, Trump Hotels, Hyatt Hotels and Starwood Hotels. Already this year, Trump Hotels experienced a second breach. To fraudsters, these locations are valuable targets due to their often affluent guest lists. These types of guests tend to travel frequently and have higher credit limits, thus making their credit card and personal information quite appealing.
Interestingly, fraudsters are not targeting hotel reservation systems. They are instead hitting up point-of-sale locations at hotels’ gift shops, restaurants and bars. To gain access to these systems, fraudsters typically use malware—malicious software that gathers sensitive information.
Malware attacks are a multi-step process requiring the potential victim’s interaction. Fraudsters spread malware by emailing consumers with a request to click on a specific link. Although this link often leads to a seemingly legitimate pop-up window, it is actually installing software with the ability to retrieve information such as passwords and credit card numbers.
While it is up to hotels to ensure proper security measures are in place to protect their members’ payment card information, there are a number of measures consumers can take to help keep themselves safe when traveling. Credit unions should advise consumers to do the following:
- Scrutinize bills for fraudulent charges. Reviewing credit card statements immediately upon receipt helps consumers identify fraudulent transactions right away.
- Use hotel WiFi cautiously. Hotel computer systems aren’t the only places vulnerable to malware and phishing attempts. Fraudsters may attempt to access consumers’ sensitive information by hacking into their systems through WiFi. Consumers should watch out for suspicious links and unfamiliar email senders.
- Practice safe behaviors at ATMs. Any ATM, regardless of its location, may be at risk of compromise. Consumers should select ATMs in safe, public areas or their hotel lobbies. They should also be on the lookout for suspicious stickers, decals and wires popping out that may indicate the presence of skimming devices.
- Keep cards in a secure location. Consumers should tuck their cards close to their bodies either in a front pocket, money belt or closed bag. It is also a good idea to keep at least one card in a separate location. This can mean splitting cards up among family members or tucking one card in a separate pocket or room safe.
- Consider sharing your plans with your credit union. Credit unions with a rough idea of their consumers’ travel itinerary can better differentiate legitimate transactions from those that aren’t. Consumers can also take advantage of controls and alerts their credit union may have set up to notify them of potential fraudulent transactions.
Data breaches and card fraud can quickly put a damper on summer vacations. Credit unions advising their consumers on safe practices when traveling can help keep vacations stress-free –and even build a little extra loyalty along the way.