Read our blog about 'Re-opening safely with Prommt'
Chargebacks are surely among the most irritating obstacles to hotel profitability. Thankfully, they’re also largely avoidable. In this article, we’ll outline why card fraud is a big problem in the hospitality industry, and techniques hotels can utilise to prevent some chargebacks from happening in the first place.
Chargebacks are mainly used to protect consumers when goods or services don’t live up to expectations, or to recover funds when a business ceases trading. They also protect cardholders from fraudulent use of their cards online. Unfortunately there are people who will raise a chargeback on a valid transaction as a way to defraud businesses which have delivered on their obligations, or because they have mistaken a legitimate charge for an illegitimate one.
Regardless of the cause of the chargeback, the hotel suffers significantly, losing the funds, using their room and resources, and having to pay a fee for each chargeback processed. It is very difficult for a hotel to challenge a chargeback and prove that someone stayed at their hotel or received a service. This means chargebacks are very frequently written off at the hotel’s expense.
Card Not Present (CNP) transactions account for nearly 80% of all card fraud. Over the phone payments account for a significant proportion of this, which stands to reason, given that it is not possible to fully ensure the security of payments made in this way as 3D secure is not compatible with over-the-phone payments.
If a fraudster or customer requests a chargeback for a payment made by phone, the hotel has no way to successfully defend the claim, as the claimant can argue they did not authorise the transaction.
This situation is driving a need for hotels to change the way they deal with CNP transactions, replacing over-the-phone with online payments.
Chargebacks can happen to any business that uses card payments. According to the 2016 AFP Payment Fraud Survey, 73% of businesses were targets of payment fraud in 2015 – which means they faced the risk of fraud-related chargebacks.
In addition to this general threat, hotels face a high risk of chargebacks stemming from customer or internal errors, due to the high volume and potential complexity of card transactions they handle.
Today’s hotel guests expect to be able to pay for their stay online or remotely. That’s great news for customer experience and efficient hotel operations – but in some cases it can increase the risk of fraud. CNP transactions such as payments by phone and online are often targeted by fraudsters, largely because legacy fraud prevention methods used with these approaches have proven to be vulnerable.
Chargebacks are an important protection for customers, ensuring they can be reimbursed when wrongly charged or misserved. That said, many chargebacks happen for the wrong reasons, due to fraud, or through error on the customer’s part.
Hotels can cut down the incidence of wrongful chargebacks by taking the following steps:
Online payments can be made safe for hotels through the enforcement of 3D Secure via your payment gateway.
The 3D Secure protocol, which launched in 2001, is a security layer requiring online customers to enter a password at the point-of-payment, in addition to their card details. If you’ve ever bought something online, you will likely recognise this as Verified by Visa, where you have to enter an additional password after typing in your card details.
The key benefit of 3D Secure is that it fully shifts liability for chargebacks from the hotel to the cardholder’s bank. So, if a fraudulent payment is made via an online payment protected by 3D Secure, the bank foots the bill, not the hotel.
3D Secure removes the possibility of fraudulent card payments being made by criminals working from the information they can read off a stolen card, as the fraudster would not necessarily have got their hands on the customer’s 3D Secure password too.
The risk of fraudulent transactions stemming from card theft is far greater where legacy card-not-present (CNP) payment methods are in use, e.g. where the customer reads out their card details over the phone while a staff member enters them into a terminal at the other end, This particular approach carried the added risk of employees criminally recording and using customer card information.
In 2019, 3D Secure 2.0 is set to launch as the successor to the original protocol. The new iteration will be better at detecting fraud and fraud risks, with an expanded range of authentication methods including single-use passwords sent to the customer’s phone, and records of the devices owned by the customer (i.e. the mobile or computer they use to make payments).
The genius of 3D Secure 2.0 is that these measures will enhance security without complicating payments. In fact, by removing the need for customers to memorise a 3D Secure password, the new protocol is set to make payments more convenient, thereby removing a barrier to trade. An issue some hotels have had with the original 3D Secure is that some customers drop out of making a purchase because they can’t remember their password. With 3D Secure 2.0, this will cease to be an issue.
There has been a flipside to the fraud-busting capability of 3D Secure. Payments taken by merchants over the phone using a virtual terminal are not compatible with the protocol, and have therefore become a target for criminals who have given up on trying to defraud hotels and other businesses online. So, while 3D Secure has made online payments more secure, it has indirectly increased the risk associated with phone payments.
As Wired reports, “Online transactions are more popular and secure than ever before, thanks to advancements in digital payments technology, demographic shifts, and the evolving cyber-security landscape. At the same time, offline payments seem more insecure than ever before.”
Another crucial security factor for online payments is card tokenisation, whereby the hotel’s payment gateway algorithmically generates a token to represent the customer’s card details during processing. With tokenisation, hotels can process card-on-file transactions without staff ever seeing the customer’s bank details, which are replaced with a randomly generated code. This doesn’t directly prevent chargebacks, but it does guard against the far more serious threat of liability for leaking payment information to fraudsters. If it can happen to Marriott, it can happen to anyone in the industry.
So long as customers are demonstrably well-informed of what they’re paying for and why, the chance of chargebacks stemming from customer disputes is relatively low. For this reason, we advise having your staff explain any upsells and additional charges that may apply. Further, the customer should be made to acknowledge this with their signature at check-in.
A key way Prommt contributes to customer clarity is through its messaging functionality. Hotel staff can use this to send custom messages to the customer’s phone or email inbox, detailing what they are being charged for.
This is especially useful for adding clarity when customers are billed via Autocharge, a Prommt feature that enables hotels to automatically charge a customer’s account for in-stay costs, based on their prior consent. Instead of just seeing a payment go out of their account, they will be sent a personalised message explaining the charge and giving a detailed breakdown of the service rendered. This feature allows hotels to be especially thorough by attaching a file to the message, such as a PDF breakdown of charges or an image showing damage to a room.
Another crucial moment requiring clarity is when the customer is entering their payment information on the payment form itself, as there is a high incidence of customers querying charges at this point. You should make all relevant information easily available to the customer at this stage. With Prommt, you can fully personalise the payment form with item descriptions, clickable file attachments and custom fields such as booking references, room numbers and other meaningful references codes.
While the web has ushered in new ways to make payments safer, like 3D Secure, some online processes have created new risks for hotels.
Let’s consider hotel bookings made online travel agents (OTAs) like Booking.com.
Hotels using the platform can choose between two main types of booking: refundable and non-refundable. Guests typically benefit from better prices if they choose to book a non-refundable stay, while the hotel benefits from securing payment there and then.
Or at least, that’s the theory.
Whenever a guest books with Booking.com, they must provide information including their card details to secure the booking.
For hotels using legacy payment processes, this meant staff had to enter card details for non-refundable reservations via a card reader at the hotel.
Besides the fact it made poor use of staff time, this approach was a magnet for chargebacks.
In some cases, a guest would stay at the hotel as expected, only for a chargeback to arrive a few weeks later, claiming the card was fraudulent. The same could happen a few weeks after guests with reservations did a “no show”. Hotels deal with this in many ways, including limiting their pre-booking to two weeks in advance of stay, to minimise the window for a chargeback to be raised. No solution that requires you to reject a potential sale is a good one.
Our model for a better kind of non-refundable Booking.com payment – a kind that eliminates fraudulent chargebacks – is to have hotel staff send a payment request stipulating that the guest must pay within a day or two in order to hold the reservation
advising the customer that their booking will be cancelled if they fail to pay within the allotted time. It results in a secure advance payment and enables the hotel to respond to all reservation requests, without declining due to the risk of not being paid.
Bring security and clarity to every stage of the customer journey, and you’ll stand yourself in good stead to lose less in chargeback fees and related costs. Plus, you’ll impress your customers with slick, professional payments.
Prommt is the smart way to request, accept and track payment from your customers. We help businesses of all sizes save time, reduce costs, and get paid faster.
8 Castlewood Place, Rathmines, Dublin 6, Ireland – D06 H959