Consumer Watchdog Calls Out Booking.com for Major Security Lapses

• UK consumer watchdog Which? identifies significant security gaps in Booking.com’s system, including weak identity verification and abundant scam listings.
• Booking.com is urged to improve its fraud prevention mechanisms before the Online Safety Act’s illegal harm codes take effect.

The global online travel agency, Booking.com, has been exposed for security shortcomings by the UK’s consumer watchdog, Which?. According to the watchdog, the platform is vulnerable to fraudulent activities due to its inadequate identity verification process and many fake listings.

The Online Safety Act’s illegal harm codes will be enforced later this month, prompting Which? to urge Booking.com to enhance its fraud prevention measures on the platform. Which?’s investigation has revealed that Booking.com’s easily compromised messaging system, ineffective elimination of scam listings, and lack of identity verification for property owners are causing unnecessary risk to travelers.

The consumer watchdog could list a holiday home on Booking.com within 15 minutes without being asked for an ID, unlike other platforms such as Airbnb and Vrbo. This absence of proper identity checks has resulted in a surge of fraudulent listings on the platform.

A search for the term ‘scam’ in the summer of 2024 on Booking.com reviews yielded hundreds of complaints regarding non-existent accommodations. Despite this, Booking.com defended that most of these listings were not scams but rather listings from owners who failed to update their availability status.

Booking.com’s security systems were also inadequate in preventing scammers from listing on the site or hacking into genuine listings. While the platform claims to restrict new hosts from accepting prepayments until they have bookings and reviews, such measures are not foolproof against fraudsters.

In addition to these issues, Which?’s investigation also exposed loopholes in the booking system that fraudsters could exploit. Despite implementing two-factor authentication (2FA) in September 2024 to tighten security, an expert reported Booking.com’s 2FA system as non-functional in November 2024.

The Online Safety Act, effective from March 17, will mandate platforms to increase efforts to prevent user-generated fraud through risk assessments and effective complaints procedures. Which? suggests that Booking.com introduce basic changes like mandatory identity checks for hosts, two-factor authentication for all users, and prohibition of external links in Booking.com messages to reduce fraud on its site.

In response to these findings, Booking.com affirmed its commitment to protecting customers from scams and fraud. Despite acknowledging the challenges of online fraud, Booking.com reassured that it has robust security measures and continuously works to enhance them. The platform also highlighted its verification process for accommodation listings and recommended customers read property reviews and ratings before booking.

The findings from Which?’s investigation underscore the urgent need for Booking.com and similar platforms to address security gaps in their systems, ensuring a safer online travel booking experience for their users.

Discover more at Travel Weekly.