As the Hospitality Industry Revives, Expect Fraud to Follow
7.1.21 | Industry Insights
During the COVID-19 pandemic, when the hospitality sector was operating with a reduced workforce, it might have been easier for employees and guests to circumvent controls and commit fraud. Now that the sector is reviving and grappling with the labor shortage, you must be particularly vigilant. Fraud is ever-present and always busy.
History Speaks for Itself
According to the Report to the Nations on Occupational Fraud and Abuse, a 2020 global study performed by the Association of Certified Fraud Examiners, the typical organization loses 5% of revenues in a given year as a result of fraud, with the median loss for the food service and hospitality industry estimated at $114,000. For hotels, industry statistics indicate that organizations lose 5% to 6% of annual revenue from fraud perpetrated by employees and guests. For example, a hotel operator earning annual room revenue of approximately $10 million may experience losses ranging between $500,000 and $600,000. Losses from fraud would be amplified for organizations owning a chain of hotels. Restaurants have a similar problem. According to the National Restaurant Association, restaurants lose roughly 4% of revenue due to fraud, posing a significant obstacle for still-struggling restaurants with thinner net margins.
Beyond the financial losses that result from fraud, hotels and restaurants can also be subject to various forms of hacking and electronic theft, which can severely impact their reputation and loyal customer base. In such an environment, being aware of potentially fraudulent activity, and devising controls to prevent and detect them, is paramount.
Most Common Frauds
Credit Card Fraud. Roughly one-third of all credit card fraud cases originate in the hotel industry. Credit card fraud can take many forms and can be perpetrated by either an insider (employee) or an outsider (guest, vendor, or third-party).
Some examples of insider credit card fraud and theft include:
False Account Credits. A common instance of this type of fraud occurs when a guest checks out from a hotel making full payment of the balance due by credit card. After the guest leaves, the front desk cashier makes a “guest complaint” adjustment and credits the cashier’s personal credit card, even though the hotel received no complaint from the guest.
Hotels can help prevent this type of fraud by requiring manager approval for all guest charge adjustments and reviewing the credits without debits report generated by the hotel’s property management system (PMS). This report can identify situations where credits are issued to credit cards without the corresponding debit charges.
Use of a Skimming Device. This type of fraud frequently occurs in quick-service restaurants, but can also affect other hospitality businesses, hotels included. Low-wage employees are typically targets recruited by organized crime to perpetrate the fraud. In such scenarios, a fraudster provides a cashier or server with a concealed hand-held skimming device to capture a customer’s credit card data from its magnetic strip. The employee is compensated by the fraudster for each credit card he or she is able to capture. The credit card information is then used by organized crime groups to create counterfeit cards to make fraudulent charges. This practice can be mitigated by understanding the fraud scheme and educating supervisors about the scam.
Hand-held credit card swiping devices are commonplace in European businesses because of their portability and ease of use and have gained some popularity in the U.S. as well. In addition, the use of “chip and PIN” card readers can help alleviate skimming fraud. Merchants that don’t use chip and PIN card readers have to absorb the losses from disputed credit card transactions.
Some common credit card frauds perpetrated by outsiders include:
Fraudulent Credit Cards. This type of fraud occurs when the perpetrator uses a fraudulent credit card to book a hotel room, as well as to pay for charges incurred while they were a guest at the hotel. Generally, hotels first become aware of the fraud after the guest checks out and the payment is charged back by the credit card company, at which point it may be too late to recover the loss.
Hotels can help prevent this type of fraud by requiring front-desk staff to cross-reference the name on a credit card with that on another form of identification, such as a driver’s license, and then comparing it with the name on the reservation. In addition, hotels that request advance deposits should require guests to present the same credit card used to make the reservation when checking in. Since it is common for perpetrators to use a stolen credit card right away in order to avoid card cancellations by the owner through early detection, it is also necessary for front-desk staff to pay special attention to reservations made for same-day check-in.
Hacking. Hackers often target hotels because hotel reservation systems maintain valuable credit card information for a voluminous number of guests. If an organization’s computer system is breached, the organization may not initially become aware of the hack as it could take months before anyone learns of the incident. Hacking incidents do not just impact the individuals whose personal data was compromised. The hotel operator must take action and notify guests who may have been affected, hire consultants to analyze the level of infiltration, and acquire new and improved monitoring systems. The financial impact on a hotel could be significant and may cause damage to the hotel’s reputation. Hotels can help to prevent this kind of incident by:
- Securing their PMS and point of sale (POS) systems;
- Securing their wireless network;
- Strictly enforcing payment card industry standards by masking credit card numbers;
- Encrypting credit card data; and
- Restricting customer information access to a select group of authorized personnel.
Other common types of fraud include:
Vendor Fraud. Vendor fraud is a type of occupational fraud in which the fraudster manipulates an organization’s accounts payable and/or payment system for illegal personal gain. A fictitious vendor scheme is a common vendor fraud that occurs in the hospitality industry. A hotel or restaurant’s accounts payable clerk can commit vendor fraud by creating a phony vendor file that they control and arrange for the organization to make payments to the phony vendor. Another example of vendor fraud may involve a chef placing orders through a preferred vendor in return for kickbacks or a vendor shipping fewer goods than were ordered, with the chef receiving a kickback of the differential.
The risk from this type of fraud can be mitigated by:
- Establishing an approved vendor list;
- Requiring proper authorizations for new vendor set-up;
- Requiring new vendors to provide certain information for validation;
- Appropriately segregating duties in the accounts payable department;
- Reviewing purchases from large vendors; and
- Enforcing the policy of verifying the quantity and weight of items received to the quantity and weights detailed on the vendor invoice.
Inventory Theft. This type of theft is common in the hospitality industry and may occur at either the front of the house or back of the house. Some common examples may include:
- A chef stealing high-value inventory items, such as expensive seafood;
- A bartender leaving at the end of a shift with expensive liquor that was siphoned into an empty water bottle;
- A restaurant employee offering free food or drinks to employees of local retailers in exchange for free merchandise; or
- A bartender over-pouring drinks to regular customers in return for higher tips.
The following controls can help prevent these types of fraudulent activities include:
- Implementing a requisition policy;
- Not allowing staff to carry personal backpacks or bags into the work area;
- Supervising and observing kitchen and bar activities more closely;
- Hiring undercover spotters to observe bartenders; and
- Periodically analyzing food and beverage costs and margins as well as investigating large variances.
Coupon Fraud. This fraud normally occurs when a customer pays a bill with cash. For example, a restaurant places an advertisement featuring a coupon offering a $10 discount off the dinner bill. A customer has dinner at the restaurant and pays cash but does not have or know about the coupon offer. After the customer leaves the restaurant, the waiter removes $10 of cash from the customer’s payment and submits a coupon that he or she obtained from an advertisement. The waiter then remits the remaining cash and coupon as if the customer originally provided it.
Restaurants can mitigate the risk of coupon fraud by mailing or emailing promotional coupons directly to customers, requiring manager approval for redeemed coupons, and investigating if a particular server has a higher volume of coupons applied to guest checks paid in cash.
Complimentary (Comp) and Void Fraud.
Some common examples are:
- A hotel front-desk clerk collects cash from a guest for a two-night stay, comps one night for a “guest complaint,” and pockets the cash for one night’s room charge.
- A restaurant server collects cash from a guest, voids the entire check for “customer dissatisfaction,” and pockets the cash.
- A bartender collects cash for a drink, comps the drink for a “loyal customer,” and pockets the cash.
Some controls to help prevent these types of frauds include maintaining a log for comped and voided sales, requiring a reason for the comp or void to be documented, requiring manager approval on all comped and voided transactions, and attaching a comp or void slip to a guest check or invoice. If a particular front-desk clerk, server, or bartender has a higher percentage of comped or voided sales, an investigation should take place.
POS software can be used to compare data of an individual employee with the restaurant data as well as flag suspicious activities—such as a significantly higher percentage of comped and voided checks or coupons applied to cash checks, etc. This data can help management identify questionable situations and take timely and proper action.
Internal fraud can be mitigated by hiring employees (especially those dealing with cash and inventory) only after performing thorough background checks, setting up a fraud policy that provides clear guidance on how to report fraud, and strictly enforcing the policy of terminating employees who commit fraud.
To learn more about the impact of fraud on the hospitality industry, contact Smit Shah at 212.331.7493, SmShah@berdonllp.com, or your Berdon advisor.
Berdon LLP, New York Accountants