Few of us when booking a flight, hotel, or a rental car think twice about the process, or the absence of interaction with another human being.
Over the last decade, we have largely come to trust the web sites we visit to book our travel, and their ability to hold securely the information we have provided. It is little different when we use a travel agent or an intermediary. We take for granted they will be doing much the same, working mainly online to pull together the itinerary we require.
This is because tourism as an industry, perhaps more than any other, has fully embraced ecommerce. Information technology has enabled the sector to grow rapidly, using booking engines and other platforms able to perform complex in-house tasks in ways that make hotel management more efficient and profitable.
So pervasive has IT become in travel and hospitality that statistics from respected industry bodies suggest that in Britain, 76 per cent of all travellers now source and book their vacations and travel online, in the US, 88 per cent do so when it comes to hotels, and around 90% now use the internet to book flights.
For the most travellers, hoteliers and the industry more generally it should be stressed that such online tasks for the most part take place seamlessly and without problems. Unfortunately, however, industry experts suggest that the sector has become a major target for cyber criminals.
This is because it is an industry that accumulates large amounts of data on its clients, involves significant sums of money per transaction, has a high turnover of sales, and stores payment information relating to transactions that are likely to take place months in advance.
Industry experts also say that beyond a growing number of attempts to hack into hotel IT systems – in 2015 major chains including Hilton, Hyatt and Trump C all admitted that their payments systems had been compromised – cyber criminals are now going further. They are stealing and trading in loyalty points, and there has been an increase in the number of ransomware and related distributed denial of service (DDoS) attacks on hotels.
As this column has noted before, there is also a growth in vacation related fraud using fake websites, false advertising, bogus phone calls and phishing scams, with research showing that fraudsters are most likely to target those booking self-catering villas and apartments.
It is also the case that new vulnerabilities are emerging because of the dramatic rise in the number tourists, with access to Internet-connected devices.
Despite this, many Caribbean hoteliers have not considered their financial or logistical vulnerability, let alone undertaken a full professional audit in this area. Moreover, few Caribbean jurisdictions have the necessary legislation, regulations or infrastructure to address cybercrime, for example, to make it punishable to hack into a network to steal Personally identifiable information (PII) and other data.
It is also far from clear whether regional law enforcement agencies have the legal cover or capacity to co-operate with external law enforcement agencies in this area, given that most cyber-crimes are extraterritorial in their execution.
While it is rare for Caribbean cases of cybercrime to ever become public, because of the perceived reputational damage, the few available reports reveal not just a lack of appropriate security, but the existence of outmoded IT systems and software.
The Cipher Brief, a digital, security-based platform that connects the private sector with the world’s leading security experts, recently noted that the number of attacks that target the Latin American and Caribbean region is escalating.
Despite this, Caribbean Governments, companies and police forces have yet to fully understand the threat cyber-crime poses to tourism; an industry that all professionals agree is now dominated by the need for constant connectivity, and that has become dependent for its survival on being able to market and sell online.
That said, some countries are taking the threat more seriously than others. For example, a recent report published by the Organisation of American States and the Inter-American Development Bank suggested that the only countries in the anglophone Caribbean that are well prepared are Trinidad and Jamaica.
None of which should be a cause for alarm, but rather to suggest that it is very much in the interest of the tourism industry in the region to adopt global best practice and the levels of cyber-security that their guests have the right to expect.