As a merchant in New Zealand, especially within the hospitality industry, you've probably already had an encounter or two with credit card fraud.
From the prevalent 'dine and dash' issue that many Kiwi cafes and restaurants struggle with weekly, to fraudulent credit cards presented to insure a hotel room booking, there's an abundance of techniques that fraudsters use to hoodwink honest business owners out of their hard-earned cash.
With the advancement of technology and increase in payment options, the audacity and sophistication of fraudulent attacks increase also. So much so, that it's quite difficult to stay on top of what to be on the look out for - let alone how to protect your business.
Fortunately, we've put in the research and collated the most common and emerging credit card fraud techniques and paired them with suggestions on how to safeguard your hospitality business, so you can feel a little more 'in the know' and get on with doing what you love to do.
Without further ado, here are the top five emerging credit card fraud trends to be aware of in 2020. Let us know if you've experienced any of these!
1. Hotel Loyalty Point Laundering
Many large hotel chains (including here in NZ) offer various loyalty schemes that reward customers with points that they can use to book hotel stays, upgrades and discounts.
Unfortunately, due to the way that online bookings systems operate and the ability to pay for your stay through online portals, this is become an opportunity for credit card thieves to use stolen credit card details to set up new accounts and book expensive holidays.
Once the holiday is booked using the unfortunate victim of credit card fraud's funds, thieves then transfer the accumulated points from their purchase onto their legitimate account, and book a free (or discounted) holiday without ever having to actually present a fraudulent card.
"Hackers and thieves see points as a currency with funds waiting to be used." - Accertify, 2017
Once the victim becomes aware of the fraudulent credit card transaction, it's likely that your establishment will receive a 'charge-back', meaning you'll foot the bill and lose a nights' revenue, so it's important to be aware of this scheme.
Regulate your loyalty scheme through auditing all large transfers of loyalty dollars, or potentially restricting transfer of loyalty points at all. Putting a system in place that ensures an in-person touch point for loyalty point redemption could also be a good idea, asking customers to present a credit card or ID that matches their account or the account that the transferred loyalty points from would also reduce the likelihood of being targeted.
2. Function Booking & Balance Transfer Fraud
This is a trend that first emerged in New Zealand in early 2019 when a series of Christchurch restaurants were successfully hit by the same scheme, and has continued to pop up around the globe ever since, and manifested itself here in New Zealand in other creative ways.
The concept is quite simple. The fraudster calls or emails the merchant asking to book in a large function or event for thousands of dollars. Happy for the business with the promise of a large sum, merchants are usually immediately thrilled to comply with what the customer is asking for.
The credit card thief then asks if they can pay for the entire bill upfront, plus an extra sum on top, which they would then like the restaurant to transfer to the account of their 'event manager' or a 'courier' - which of course was simply the fraudster's bank account. Sometimes, the scammer will even offer a tip for the inconvenience.
You might be wondering what happens once the restaurant in question realises that they've fallen victim to fraud?
Well, in the instance of the aforementioned Christchurch business: the bank was notified the card was stolen and the restaurant owner was told she had 60 days to pay the bank back the full $5700 that was taken. The restaurant is a credit card merchant so is obliged to pay the money back.
This is one where that's just simply good to be aware of. If a booking comes through that looks a little too good to be true, is happy to pay upfront and then asks for a bizarre request, always proceed with caution and ask for confirmation of ID and the credit card they are making the purchase with. If you're not sure, request that they come down to the restaurant to make the payment in person.
3. Online Booking System Exploitation for Card Testing
An emerging trend in the hotel industry is an increased number of no-shows, despite a room having been paid for. Sometimes this can occur in bulk, where all of a sudden a large portion of your rooms are booked in a small time frame - which at first appears as a positive thing, but when observed at closer range is something a little more sinister.
Due to the increasing expectation of an online booking system, to keep up with the industry standards, most hotel chains allow customers to book as long as they enter their credit card details and a 'pre-authorised payment' goes through. Some fraudsters have taken advantage of this system, and used pre-authorisation to test whether or not a stolen credit card has been cancelled or has existing funds.
When your property appears to be fully booked because inventory is being held in part by fictitious reservations, you risk turning away your most loyal customers, giving them a reason to try an alternative property. - Hotel Management Net, 2018
Pre-authorisation is an excellent way to ensure that a credit card it not fraudulent and does in fact have the funds to cover a payment which is absolutely integral for the hospitality industry.
In the same way that we advocate for pre-authorisation, we also advocate that you use it following best practice, and make sure that if you're taking pre-authorisations you also ask for ID. Even simply following up by calling the customer who has made a booking can be a good way to safeguard your business from fictional bookings.
You can read all about the benefits of pre-authorisation and the best ways to get the most out of it (and protect your business) by downloading our FREE guide below.
4. Gift Card Fraud
Gift cards such as Visa Prezzy Cards® are a relatively common payment method - and it makes sense, right? They're an excellent gift where the recipient has the freedom to make purchases online just like they would with a credit card.
However, with the ease of use and purchase of gift cards, fraudsters have found an excellent loophole where they are able to launder stolen credit card details through purchasing gift cards online with stolen credentials.
They then use their gift cards to either book hotel suites or pay for dinner and drinks, or alternatively, sell their gift card for cash in return and pay for their stay with the profits.
It's also important to note that on Prezzy® Cards there is a 'disputed transaction fee', where if you dispute any transaction on your Prezzy® card but cannot prove you didn’t use it, then you will be charged $15. To some extent, this discourages victims from coming forward when something goes wrong on their account.
While unfortunately you can't do much when patrons arrive and pay in cash that you suspect has been unlawfully acquired, you can tighten up your security surrounding gift cards. Typically, gift cards fall under less scrutiny than credit cards, which makes it easy for criminals to take advantage of. Always make sure that your customers present ID and a valid credit card with their booking, even if they paid with a gift card online, and consider flagging accounts that are using gift cards with unusual frequency.
5. Non-Payment (Dine & Dash)
We've talked about this one in our blogs before, but it is so prevalent and such a common issue for New Zealand merchants that it's important to bring up. The most common scam of all, is customers simply:
- Not paying at all and leaving their table after eating without settling the bill.
- Attempting to pay at the end of service with a fraudulent or stolen credit card, and when it declines, your patrons proceed to run.
"14% of restaurant owners surveyed have noticed an increase in the number of customers coming to their establishment and intentionally leaving (or attempting to leave) without paying” - Restaurant Association Survey, NZ
If you're running a bar or restaurant, it can be difficult to spot a 'dine and dasher' before they strike, which is why it's so important to preemptively expect this to occur and put some protective systems in place.
Our number one tip for preventing customers leaving without paying in the hospitality industry is to install credit card pre-authorisation on your Eftpos terminal.
Credit card pre-auths allow you to check that your customer has enough credit available to pay the expected cost of your goods or services. The pre-auth also validates that the card isn’t blocked due to being stolen.
You can even simply 'status check' a card, which sends a $0.00 pre-auth to the card’s issuing bank to make sure the credit card is valid and that there are no blocks on the card i.e. the card is not stolen. This is the perfect deterrent for people who have stolen credit cards that are likely to decline after they have already consumed their meal.
For more information on exactly how credit car pre-authorisation works and how it could help to secure your hospitality business and get you out of a few sticky situations, make sure to download our FREE guide below.
Editors note: blog content updated on April 20, 2020