• Wednesday, 31st December, 2025

Mafimidiwo: Digital Identity Mgt, Staff Training 

Life & Style | 10 months ago

Key to Safeguarding Hospitality Businesses

Ololade Mafimidiwo, is a seasoned  Technical Product Manager specialising in Digital Identity and Access Management for the travel and hospitality industry.  She explains to Funmi  Ogundare why it is imperative for hospitality business owners to prioritise digital identity management, staff training, and proactive threat detection

What are those things hospitality business owners must do to protect their guests from fraud?

The hospitality industry is incredibly vulnerable to cyber-attacks, and there are several reasons for this. First, hotels and travel companies handle a vast amount of sensitive personal and financial data; names, addresses, passport information, credit card details, and even travel itineraries. For cybercriminals, this is a goldmine. The second reason is the industry’s heavy reliance on digital platforms for reservations, payments, and guest management systems. Unfortunately, as these systems become more integrated and convenient, they also create more points of vulnerability. On top of that, hotels and resorts often have large, transient staff populations, and not all employees are trained in cybersecurity best practices. This combination of valuable data, digital infrastructure, and human factors makes hospitality businesses prime targets for fraud.

So, what are some of the most common types of fraud targeting hotels and their guests?

There are quite a few. One of the most common is payment card fraud, where hackers steal credit card information through compromised booking systems, POS terminals, or even fake hotel websites. Another big one is phishing, where cybercriminals send emails that appear to be from the hotel, asking guests to ‘confirm’ their booking details, only to steal their personal information. There’s also account takeover fraud, where hackers gain access to a guest’s loyalty programme account to redeem points or steal personal information. More recently, we’ve seen social engineering attacks, where criminals manipulate hotel staff into disclosing sensitive information, often by posing as senior management or IT support. And let’s not forget ransomware attacks—cybercriminals lock up a hotel’s reservation or management systems and demand payment to restore access. When you’re running a 500-room hotel, you simply can’t afford that kind of downtime, which is why some businesses pay up—unfortunately, this only encourages more attacks.

Given these threats, what are the most important steps hospitality business owners can take to protect their guests from fraud?

The first and most important step is adopting a ‘security-first’ mindset; cybersecurity can’t be an afterthought. It must be embedded into daily operations. Let me break it down into a few key areas. First, secure the booking process. This is often the first point of contact with a guest, so it’s critical to ensure it’s secure. Use SSL encryption for all online bookings and implement Multi-Factor Authentication (MFA) wherever possible—this adds a critical layer of protection, even if login credentials are compromised. Also, regularly scan your website for vulnerabilities and ensure your payment systems are PCI DSS (Payment Card Industry Data Security Standard) compliant. Secondly, you need to train your staff. Staff training is often overlooked, but it’s one of the most effective defenses against fraud. Train your employees to recognise phishing attempts, social engineering scams, and suspicious payment activities. They should know what to do if they encounter something suspicious and understand the importance of safeguarding guest information. Thirdly, you need to perform regular penetration testing and vulnerability assessments to identify and address weak points before hackers exploit them. Implement an AI-powered fraud detection system that monitors guest interactions and transactions in real time, flagging anything that looks abnormal. Protecting Wi-Fi networks is also very important.Hotels typically offer free Wi-Fi to guests, which is great for convenience but a nightmare for security if not properly configured. Use separate networks for guests and internal operations, enable WPA3 encryption, and implement firewalls to block unauthorised access. Only collect and store the data you absolutely need. The less information you keep, the smaller the target you present to cybercriminals. Make sure sensitive information such as passport numbers or payment details, is encrypted both in transit and at rest.

Some hospitality business owners worry that stronger security protocols could make things inconvenient for their guests. What’s the experience like for your guests?

That’s a valid concern, and striking the right balance is essential. The key is to integrate security seamlessly into the guest experience. For example, instead of asking guests to repeatedly enter passwords, hotels can use biometric authentication like fingerprint or facial recognition to provide a secure yet frictionless check-in experience. Another option is to use tokenisation for payment information, which allows guests to make secure purchases without entering their credit card details each time. In fact, most guests today expect some form of digital security, when done right, it can enhance trust and satisfaction.

Are there any recent technologies you think the hospitality industry should be adopting to stay ahead of fraudsters?

Absolutely. One technology that’s making a big difference is Artificial Intelligence (AI) for fraud detection. AI models can analyse patterns of behavior, such as booking frequency, payment methods, and device locations, to flag suspicious activity in real time. Another game-changer is blockchain technology, especially for payment processing and identity verification. Blockchain creates an immutable record of transactions, making it much harder for cybercriminals to alter booking information or initiate fraudulent charges. Digital Identity Verification is also gaining traction. Hotels can use this to verify the identity of guests during the booking process, using facial recognition or government-issued IDs, to prevent fake bookings and identity theft.

 Let’s talk about crisis management. If a hospitality business falls victim to a cyber-attack, what’s the best way for them to respond?

Speed and transparency are critical. First, have a cyber-incident response plan in place—don’t wait until an attack happens to figure it out. This plan should outline how to isolate affected systems, secure data backups, and communicate with both staff and guests. If guest information is compromised, inform them as soon as possible. Provide clear instructions on what steps they should take—such as changing passwords or monitoring their accounts for unusual activity. Being transparent helps maintain trust, even in the face of a security breach. Lastly, conduct a post-incident review to identify how the attack happened and what can be done to prevent a recurrence. Cybersecurity isn’t static—threats evolve, and so should your defenses.

Related Articles

Founded on January 22, 1995, THISDAY is published by THISDAY NEWSPAPERS LTD., 35 Creek Road Apapa, Lagos, Nigeria with offices in 36 states of Nigeria , the Federal Capital Territory and around the world. It is Nigeria’s most authoritative news media available on all platforms for the political, business, professional and diplomatic elite and broader middle classes while serving as the meeting point of new ideas, culture and technology for the aspirationals and millennials. The newspaper is a public trust dedicated to the pursuit of truth and reason covering a range of issues from breaking news to politics, business, the markets, the arts, sports and community to the crossroads of people and society.

Helpful Links

Contact Us

You can email us at: hello@thisdaylive.com or visit our contact us page.