June 01, 2003
Credit Card | Security
David Bleser
-
dmbleser@aol.com
View Magazine Version of This Article
© 2003 Hospitality Upgrade. No reproduction without written permission.
Internal credit card fraud is a problem that happens all too often and nothing is ever done to prevent it from reoccurring. Internal credit card fraud is quickly, if not already, becoming the No. 1 type of fraud committed against hotels. In the late 1990s, the general manager of a hotel received several calls from city ledger accounts stating that they had paid their invoices but only partial payments were reflected on their bill. This and the fact that the former assistant controller had been transferred, prompted the general manager to have an internal audit conducted. The corporate office was notified concerning the discrepancies. After reviewing the information provided by the general manager, an independent consulting firm was asked to perform the internal audit.
During the audit, an unusually large amount of credit card credits was noticed. Research revealed that three credit cards had numerous credits issued to them. It appeared that the former assistant controller would adjust the revenue instead of applying the payment. He would then issue a credit to a credit card for the same amount. At this point the corporate office was notified about the possible fraud. It was requested that the corporate office contact the credit card companies requesting them to provide the names of the individuals belonging to these credit cards. It was explained to them that the hotel company believed that these cards were used to commit a fraud against the hotel.
The credit card companies were able to confirm that one of the cards belonged to the former assistant controller. The other two cards belonged to his father. Subsequent investigation revealed that among the three credit cards, credits were fraudulently issued totaling over $16,000.
It was then suggested that an internal audit be conducted at the hotel in which the former assistant controller was now the controller in Florida. An internal audit revealed that numerous credits were issued to the cards fraudulently, this time totaling over $10,000. The scam at the new location occurred within a three-month period. Total losses between the two hotels exceeded $26,000.
During the course of the investigation, a credit report was completed on the individual. The credit report indicated a lien for $500,000 from a school board located in New York. It turns out that the assistant controller had been convicted previously of embezzling $500,000 from a school district.
Cleaning Up After Fraud
A 1099 was issued by the corporate office for the amount of money embezzled at the two hotels. Many companies fail to file a 1099 when a theft occurs.
The state of Florida decided to withhold prosecution on the embezzlement that occurred at the hotel until the controller serves his sentence in New York. We have learned that the Florida Attorney General will prosecute the controller under the Federal Racketeering Act (RICCO) because it would be his third conviction for embezzlement. If convicted he most likely will spend the rest of his life in prison.
The hotel could have been proactive in obtaining the credit/criminal checks for a nominal fee. Had either a credit check or a criminal check, if not both of these, been reviewed at the time of hire, chances are the amount of loss suffered by the hotel would have been drastically reduced–or avoided altogether.
It is important that hotels realize that even with improved technology there must be several layers of fraud detection and protection.
David Bleser is vice president of operations for Hospitality Safeguards, Inc. He can be reached at dmbleser@aol.com or (800) 568-8111.
© Hospitality Upgrade 2003 Reproduction without written permission is prohibited.
1 Background Check. Had the hotel done either a credit check or criminal background check at the time of hiring, the prior
embezzlement conviction would have been discovered. All management staff and accounting personnel, including night auditors,
should undergo either credit checks and/or background checks at the time of hire.
2 Limit the Ability to Issue Credits. A review of the property management system revealed that numerous individuals
had the ability to issue credit card credits. A hotel should limit this ability to two individuals. If this is not possible then at least one if not
all of the following (steps 3 through 6) suggestions should be implemented.
3 Review Reports Often. The hotel should implement a procedure where credit card credits are reviewed on a daily basis.
This would include ensuring that the card that was credited was the same one charged. If this cannot be implemented, then a
procedure at the corporate level done on at least a monthly basis can determine if more than one credit has been issued to a particular
card. Such reports are available from most credit card processing firms for a small fee.
4 Protect Your Guest’s Identity. When the hotel reviewed the other actions undertaken when a credit is issued, they
noticed that in many cases the entire credit card number appeared either on the guest folio or the banquet event order. Ensure that
only the last four numbers of credit card information appears on the folio. By doing this you reduce the potential for identity theft.
5 Verify Your Customer’s Card Before Issuing a Credit. Implement a procedure in which the guest requesting
a credit faxes a copy of the credit card front and back to the hotel. Instruct the guest to black out all but the last four numbers of the
credit card. Again, this reduces the potential for identity theft.
6 Routinely Review. Establish a “routing pack” in which all adjustments are routinely reviewed and signed off by members of the executive committee. Previously no one but the accounting department was reviewing the daily adjustments.