In Brief: Duane Overgaard discusses the growing challenge facing the hospitality industry as advanced travel fraud techniques increasingly outsmart existing hotel payment systems, emphasizing the urgent need for technological upgrades and enhanced security measures.
-
What Happens When Travel Fraud Gets Smarter Than Your Hotel Payment Tech – Image Credit DerbySoft
Hotels still stitching payments across legacy tools are the most exposed as AI-driven fraud accelerates
A receipt lands in an expense report. It looks right. The hotel name is correct, the tax lines add up, the total matches the trip. A reviewer glances at it, sees nothing off, and approves it. The problem is that the property on the receipt never issued it. It was generated in seconds by an image tool, and it moved through the system precisely because nothing about it looked wrong.
That is the shape of travel and expense fraud in 2026. It is not clumsy anymore. It is fast, it is convincing, and it is designed to pass the exact checks most of us still rely on.
The numbers are catching up to what a lot of us have felt on the ground. Global losses to fraud and scams rose more than 9% in 2025, and much of that jump traces back to bad actors using AI, according to Nasdaq Verafin. In business travel specifically, fake receipts are no longer a niche worry. SAP Concur reported detecting 18 times more suspected AI-generated receipts after it turned on an AI checker, with roughly 1% of receipts flagged as machine-made. And travel fraud attempts in busy destinations climbed nearly 30 percent during peak seasons in 2025.
Many of the conversations treat this as a detection problem, as if the answer is simply a smarter filter bolted onto the same workflow. I have spent more than three decades in electronic distribution and payments, and I do not see it that way.
The core weakness is not that the fraud got smarter. It is that the systems underneath a hotel payment are still fragmented. A booking comes in through one channel, a payment arrives from another source, and reconciliation happens somewhere else, often by hand, often days later. Every seam between those steps is a place where something false can slip in and not get caught until the money is gone.
Ask what the single biggest vulnerability in hotel and corporate payment tech is today, and I do not think the honest answer is any one scheme. It is the gap between systems. When a card number, a booking, and a settlement live in three disconnected places, no one has a complete picture, and an incomplete picture is exactly what modern fraud is built to exploit.
This is why I keep coming back to the same point in payments that I make about distribution: the problem you are trying to solve is usually a connectivity problem in disguise. Fraud hides in the space between tools. Close that space, and a whole category of it has nowhere left to hide.
The practical move is to stop treating payment as a step that happens after the booking and start treating it as part of the same connected flow. When a virtual card is generated inside the booking workflow and reconciled automatically against that specific reservation, there is no loose card number sitting around, no manual matching, and far less room for a fabricated transaction to pass as real. That is the logic behind embedding payment directly into distribution, which is the approach we have taken with DerbySoft Pay and payment partnerships across the ecosystem.
None of this is about buying one more layer of software. It is about removing the seams where fraud gets in. A hotel that runs payments through five loosely joined tools is not five times safer than one running through one connected flow. It is more exposed, because each handoff is a fresh opening.
The uncomfortable truth is that the fraud will keep improving. It always does. What a hotel actually controls is whether its own systems can see the whole transaction clearly enough to catch a lie inside it. That is not a detection upgrade. It is an infrastructure decision, and it is one worth making before the next convincing receipt lands in an inbox.
Smarter fraud is not the reason hotels are leaving money on the table. Systems that cannot see the whole transaction are. That is the part we can fix.
About the Author

Duane Overgaard is the Divisional CEO, Hospitality, of DerbySoft. With over 30 years of experience in the hospitality industry, he has a diverse skill set that includes account management, business development, and contract negotiation. Duane has held various leadership positions at renowned companies such as Sabre Corporation, Wyndham International, and Hilton Hotels & Resorts, where he has demonstrated expertise in hotel management and marketing strategy. He is known for his strong team-building and competitive analysis skills. Duane is currently based in the Dallas area of the United States.












