Cybersecurity
Protecting your business against online threats
Every day, you rely on Booking.com for seamless and secure online transactions to maintain and grow your business. We want to make sure you have the confidence and peace of mind that your investment in our platform will lead to more bookings, minimal risk and a secure stream of income for many years to come. That's why, every day, we employ around-the-clock defensive efforts to safeguard partner and customer accounts.
Keeping every account safe and convenient requires top-notch security and vigilance. We employ a wide array of people, tools and processes to protect your business and the data it relies on. One key component of that effort is making sure you, our partner, has access to all of the information you need to recognise, report and manage any potential threats.
The people and processes keeping you safe
As a partner doing business on our platform, you know first-hand that setting up a property isn’t automatic. We have teams of people working to identify and block fraudsters and scammers from creating fake properties. But the vigilance doesn’t stop there. We have teams of professionals working behind the scenes to protect you from fraudulent reservations, to safeguard your account details, and to monitor payments made through our platform. We’d like you to join us by being vigilant and reporting anything that seems out of the ordinary.
Our systems connect millions of people every day. They require holistic, always-on monitoring of the highest calibre.
- Always-on monitoring: We use automated tooling and machine learning to detect and flag suspicious activity or irregular behaviour related to your account.
- Strict authentication rules: We observe strict authentication rules to prevent hacking and identity theft. Two-factor authentication isn’t just recommended for partners – it’s required.
- Payment monitoring: Protecting your revenue may be the most important job of all. We have robust tools to quickly detect fraudulent payment attempts across dozens of payment options in countless currencies.
The two most common security threats and how to report them
Online criminals and scammers who seek to take advantage of a website or system often don't attack it directly. Instead, they look for the most obvious point of weakness: Busy people going about their everyday lives.
Phishing
Social engineering
If you receive an email that claims to be sent from Booking.com, scammers may ask you to open an attachment or visit a fake website to perform an urgent transaction. We ask that you be vigilant and aware of these and other common signs of phishing attempts, so you can report it to us immediately.
If someone you don’t recognise calls you claiming to be a Booking.com representative, they might be trying to employ social engineering strategies to get you to reveal sensitive info. If you’re ever unsure whether you’re speaking to a Booking.com employee, follow that instinct and report it to us immediately. We’ll never ask you for your username, password or two-factor authentication PIN by phone or email.
Phishing
Social engineering
If you receive an email that claims to be sent from Booking.com, scammers may ask you to open an attachment or visit a fake website to perform an urgent transaction. We ask that you be vigilant and aware of these and other common signs of phishing attempts, so you can report it to us immediately.
If someone you don’t recognise calls you claiming to be a Booking.com representative, they might be trying to employ social engineering strategies to get you to reveal sensitive info. If you’re ever unsure whether you’re speaking to a Booking.com employee, follow that instinct and report it to us immediately. We’ll never ask you for your username, password or two-factor authentication PIN by phone or email.
Phishing
If you receive an email that claims to be sent from Booking.com, scammers may ask you to open an attachment or visit a fake website to perform an urgent transaction. We ask that you be vigilant and aware of these and other common signs of phishing attempts, so you can report it to us immediately.
Social engineering
If someone you don’t recognise calls you claiming to be a Booking.com representative, they might be trying to employ social engineering strategies to get you to reveal sensitive info. If you’re ever unsure whether you’re speaking to a Booking.com employee, follow that instinct and report it to us immediately. We’ll never ask you for your username, password or two-factor authentication PIN by phone or email.
Making security an ongoing priority
- Credit cards: Don’t print, write down or save credit card details. We take care of all the payment details for partners enrolled in Payments by Booking.com. If you use a point-of-service payment terminal at your property, keep it up to date with the latest software.
- Two-factor authentication: If you replace your phone or device, make sure you update your phone number so we can continue to send you sign-in authorisation codes. If you can’t access an authorisation code, the Pulse app can be used to sign in and prove that you are you.
- Individual accounts: If you encourage your employees to access the Extranet, we strongly recommend you create individual accounts. You have granular control and can assign specific administrative rights to each account.