Common Hotel and Restaurant Scams
By Peter Goldmann, President, FraudAware Hospitality
For hospitality security personnel, auditors and controllers, the biggest anti-fraud challenge is the seemingly limitless variety of ways that employees and outsiders find to steal from the organization.
Fortunately, historical experience provides today's hotel and restaurant management with a relatively clear picture of at least the most common types of scams and schemes to which their properties are vulnerable. And, of course, knowledge is the first step toward prevention. Here is a partial list of the main forms of hotel and restaurant scams and schemes to beware of...
Theft of high-value inventory. Steaks and lobster tails are prime targets for dishonest employees who usually find it all too easy to spirit these products out the back door. At the hotel or restaurant bar, bottles (or sometimes even cases) of premium liquor are equally prized by internal thieves.A closely related threat in this area is collusion between kitchen or restaurant management and food vendors who create phony invoices, receipts and other records and/or engage in kickback schemes to steal from the organization.
https://www.issa.org/cgi/issaopnpg.php?page=journals/2006_June/J0606011.pdf
Skimming. In hotel restaurants and bars, large amounts of cash are in play, even with the widespread use of room charges, comps and credit card payments. Whenever cash is exchanged between customers and employees, skimming is inevitable.
This includes stealing customer checks that are made out to "cash"... cashing "hot" checks for friends or relatives... charging restaurant or bar customers but neglecting to ring up the sale and pocketing the cash... voiding sales and keeping the cash...and pocketing cash from guests and claiming they left the property without paying.
Purchasing fraud. Kickbacks and bid-rigging are favored scams among procurement personnel seeking to pad their salaries.
One example came to light when an astute accounts payable employee noticed that one vendor seemed to be winning the majority of the company's bids for large maintenance projects.
An outside auditor's review of the bidding process revealed collusion between the procurement agent and the maintenance company in question. Each time a third-party bid was received by the agent, he would E-mail the amount to his "preferred" vendor. Hours before the deadline, the preferred vendor would submit the winning bid, under-cutting the lowest bidder by just a few dollars.
Credit card/identity fraud. Identity thieves use legitimate individuals' personal information-such as Social Security number, credit card number, date of birth and home address-to fraudulently apply for credit cards, fraudulently open bank accounts, obtain cash advances, etc.
Sometimes they steal credit card applications from mailboxes or post offices and change the addresses (usually to a private mail box number they control) and simply wait for the illegally obtained cards to arrive.
There are two groups of victims in these crimes: The individual whose legitimate personal information was stolen and used to create false identification and fraudulently apply for credit; and the merchants (including hotels, restaurants and resorts) that unintentionally accept fraudulently obtained or stolen credit cards.
When the victimized individual finally starts to undo the damage to his or her identity, and the credit card accounts are shut down, the fraudulent credit card purchases typically get charged back to the merchants that accepted the cards in the first place.
According to David Bleser, Vice President of Operations at Hospitality Safeguards Inc., Orlando, FL hospitality fraud prevention consultants, the only truly reliable way for front desk personnel to avoid processing fraudulent charges by identity thieves is to require all guests checking in to produce their driver's license in addition to their credit card.
Unfortunately, few hotels require this procedure, or if they do, enforcement is lax. That, says Bleser, is simply asking for trouble.
For added security, front desk staff should carefully compare the name on the arriving guest's driver's license with that on the credit card and the reservation information stored in the hotel's system.
Payroll fraud. Ron Reigle, Corporate Compliance Officer at Pinnacle Entertainment lists payroll fraud among today's top vulnerabilities for hospitality management to be vigilant about. "Look at your payroll register and compare a given sample to actual payroll records to determine if checks being cut are for employees who actually exist within the [property]." says Reigle. He points out that false overtime can cost you a great deal...and that closely examining payroll tax deposits is essential to ensure that funds aren't being stolen and covered up in the general ledger system.
Coupon fraud. Hotels or restaurants that initiate promotions by offering discount coupons in local or national newspapers or electronic media can be victimized by dishonest cashiers or front desk personnel who purchase multiple copies of the newspaper and clip the coupons.
When a guest pays a bill with cash but has no coupon, the employee-usually a cashier or supervisor-attaches a coupon to the check, deducts the amount of the discount and pockets it.
Reselling food orders Another all-too-common restaurant scam occurs like this: An order got filled twice, but the restaurant got paid only once. The server held on to the cash from the first sale. This scheme is especially common at hotels offering breakfast buffets.
High-Tech Crimes: A Growing Threat
The news media have lately been full of coverage of high-tech theft of confidential customer information stored on company computer systems. This threat is significant and can target any large company, especially one that stores massive volumes of customer credit card data. Prominent hospitality companies certainly fit into that category.
Among the most serious risks is that when this information is stolen, it often ends up in the hands of identity theft rings that use the information to create counterfeit credit cards... apply for personal loans or commit other identity-related frauds.
Though the laws remain unclear about whether a company that gets hacked in this way is legally required to inform its customers of the breach, it generally makes good business sense to do so, regardless of the legal technicalities. Neglecting to do so can result in negative publicity about the company's weak information security controls...and about a perceived lack of concern for customer privacy.
Of course, the best way to minimize the risk of becoming a victim of this kind of high-tech crime is to ensure that your information security defenses are as effective and up-to-date as possible. This often requires the services of outside information security consultants and technicians who will work in cooperation with your company's IT department.
For additional information about enterprise-wide information security policies, procedures and technologies, contact the Computer Security Institute at www.gocsi.com... or the Information Systems Security Association (ISSA) at www.issa.org
Peter Goldmann is the Developer of FraudAware/Hospitality, the first on-line fraud awareness training course for hospitality managers, supervisors and line employees. He is is the publisher of the monthly newsletters, White-Collar Crime Fighter and Cyber-Crime Fighter. His company, White-Collar Crime 101 LLC also is the developer of FraudAware/Hospitality, a customizable Web-based fraud awareness training course for managers, supervisors and line employees. He is a member of the Association of Certified Fraud Examiners, and The International Association of Financial Crimes Investigators. Mr. Goldmann can be contacted at 203-431-7657 or pgoldmann@wccfighter.com
Republished from the Hotel Business Review with permission from www.HotelExecutive.com
