Skip navigation

Join the Vacation Rentals Conversation!

Get answers to all of your questions from fellow owners and travelers.

Join the CommunityX

CommunitySeek, Ask, and Share in the Vacation Rentals Community

HomeAway Insights

News from the Birdhouse
3 Posts tagged with the security tag
brian.sharples
8

Online Booking is Live

Posted by brian.sharples Nov 1, 2012

As you probably know, HomeAway’s mission has always been to make finding and booking a vacation rental as easy as booking a hotel. With our latest product release, I believe we’ve made great strides towards achieving that goal and am pleased to announce the introduction of online booking on HomeAway.com and VRBO.com.

 

With online booking, travelers have the convenience of paying securely online, and the booking process is more streamlined for both you and your guests. While we are aware that this particular release isn’t a “win” in the innovation category, it is a relatively new offering in the vacation rental industry and will indeed be a game changer for some guests.  

 

As we’ve posted in the past, the Internet has fundamentally changed the way we do business. We demand speed and convenience, and the ability to pay online by credit card makes booking a vacation quicker and easier. Plus, it enables travelers to finance vacations, accrue credit card reward points and feel confident in their purchase. Online booking delivers this to the vacation rental category.

 

Because we know conversations between owners and travelers are so important to the reservation process (in fact, 70% of travelers said it was the best part), we made sure to include a review period so there’s time to answer any questions they have about the property or questions you have of them. 


The product is an extension of ReservationManager™, which enables you to accept credit card payments and eChecks through our secure interface. Online booking is a free service, but because we understand you demand choices in terms of how you want to manage your rental business, it is not automatically added to your listing. However, you can easily sign up through the owner dashboard

 

The Nuts and Bolts of How it Works

 

With online booking, prospective renters click the “Book It” button on a listing, which instantly generates a detailed quote and enables travelers to agree to your rental contract (which you store ahead of time).  Travelers then submit their payment information directly from your listing and you are notified about the request. You have up to 24 hours to accept or decline it.

 

When you accept a reservation, the payment is processed immediately and your availability calendar is updated accordingly. Any additional payments are automatically scheduled and invoiced, reducing the manual work involved with confirming a guest.

 

If you aren’t able to confirm a booking within the 24-hour period, ReservationManager will automatically decline the reservation request and the traveler will not be charged.

 

To learn more, check out the video below:

 

 

 

Again, while it’s not a required service, I highly encourage you to take a look at the product and see if it’s for you.  We know travelers want a simpler, easier way to book a vacation home and online booking solves that problem. Ultimately, we believe it is the right choice to delight travelers, simplify the booking process for you, and make the entire vacation rental category more efficient and competitive.  As always, we welcome your feedback.

937 Views 8 Comments Permalink Tags: security, payments, homeaway, vacation_rental, brian_sharples, new_to_renting, bookings, blog, credit_cards, homeaway_insights, online_payments, reservation_manager, online_booking, online_bookings
thale
2

Phighting Phishing

Posted by thale Apr 25, 2012

The phishing storm is brewing

 

The vacation rental industry gathered in Austin, Texas last weekend for the HomeAway Summit. Owners, Property Managers, HomeAway staff, and HomeAway partners discussed the state of the vacation rental industry, saw old friends and made new ones, and compared notes.

 

But this year, a new word entered the conversations in the halls, over drinks, and in the content of the Summit: phishing.  Phishing, loosely defined, is the attempt by criminals to steal your online identity, most frequently via accessing your email account. While our industry continues to thrive, the threat of hackers gaining access to owners’ or property managers’ email accounts continues. If we do not pull together to fight this threat, it will affect the way travelers feel about the vacation rental industry, and ultimately, about booking your property. A storm is brewing.

 

For some, the storm has already come – just ask anyone who has had their email password phished. Scammers have intercepted inquiries, and ruined vacations by stealing money from trusting vacation rental travelers.  Owners and property managers have had to scramble to re-secure their email accounts and protect their reputations. And the reputation of the vacation rental industry is in question.

 

For most, the HomeAway Summit marked the first time that they ever heard of phishing, but they understood how both owners and travelers are at risk because of our industry’s reliance on trusted communications via email. (If you are not familiar with phishing, click here for an overview of how it happens, or read Carl Shepherd’s post on phishing.

 

Today, losses due to phishing are small: in Q1 2012, phishing scams affected less than 0.1% of travelers who found a vacation rental via a HomeAway website. 

 

But even one ruined vacation or theft of an owner or property manager’s identity is totally unacceptable. Everyone in the vacation rental industry – from owners to property managers to HomeAway – has a role to play in stopping phishing scams.  While phishing may be a relatively small problem in absolute numbers, recent activity tells us that the phishers are getting smarter and more travelers, owners, and managers are being affected.  It is clear that scammers and criminals have figured out that the vacation rental industry is a great target.

 

Why? Because:

 

  • the standard practice in the vacation rental industry is for travelers to pay large amounts of money for vacation rentals, long before the stay and sight unseen;
  • not everyone understands or uses safe and secure payment methods;
  • many people conduct their business in email accounts from email providers that have been repeatedly compromised; and
  • cybercriminals are good at exploiting communities that rely on trust and a personal connection.

 

Phishing is not new; vacation rentals are not the first industry to be targeted by cybercriminals. Phishers have attacked many online industries ranging from online auctions, banking, social media, travel, e-commerce, even medical and government institutions, impacting major brands like eBay, PayPal, Barclays, Wells Fargo, Chase, and Bank of America.

 

Everyone of us in the vacation rental industry has a lot at stake, and we will all need to work together to stop phishers.  You can do your part by guarding your email password with the same care as you protect your social security number, your bank account, and your most valuable possessions.

 

Our vision on how to fight phishing

 

So what can HomeAway do to fight phishing?  To be clear, we’ve been fighting scammers ever since HomeAway was founded.  But as we look ahead, we have come to the conclusion that HomeAway needs to take a strong stance against phishing.

 

We believe that we can fight phishing by:

 

  • safeguarding the traveler’s money by providing safe payment methods protected by strong security, such as ReservationManager™;
  • protecting owner and traveler email addresses so that phishers cannot readily target those accounts;
  • continuing to provide secure authentication so that HomeAway can ensure that only legitimate owners, travelers, and managers can access information; and most critically
  • moving interactions between owners or managers and travelers into a secure environment where everyone can be confident they are talking to each other, not a crook.

 

Our vision is that we can create an environment where we can protect owners, property managers and travelers with something we are calling “HomeAway Secure Communication.”  This would be a new system, envisioned only in the last few months, and which is now in development. We plan to make it available starting in the second half of this year.

 

This proposed system is similar to sites you may use, like Facebook, LinkedIn and others, where authentication is required by both parties before they can connect. On these sites, once two parties have decided to “trust” each other, they can converse via email. But until trust is established, they CAN still communicate keeping key elements of their identity protected.

 

In our vision, owners and travelers would still receive notifications and messages from each other via email and text message, but they need to reply via a secure system that does not disclose their email address.  This way, HomeAway would be able to ensure the legitimacy of the owner or property manager and the traveler.

 

We’ve already started: we showed one early prototype of HomeAway Secure Communication at the Summit during the HomeAway Sneak Peeks session. We demonstrated how the system will enable owners and property managers to:

 

  • communicate safely with travelers and only reveal their email address when they choose to;
  • have a persistent record of the conversation, payments and other events that have occurred;
  • manage their conversations, bookings and payments via mobile app; and
  • reduce manual and repetitive work for responding to inquiries, sending information about properties and managing bookings and payment.

 

We recognize that many of our customers rely heavily on email to manage their interactions with travelers. We also know that a system like this will represent a significant change for many owners and managers.

 

But it is precisely because your email account is so critical to your business that it must be protected.

 

We are highly sensitive to the needs of our customers and are aware of the scope of change that this solution represents. We are also laser-focused on making this solution as convenient and beneficial as possible; but we are counting on you, our customers – property managers and owners – to help us design and implement a solution that improves the efficiency and effectiveness of responding to inquiries and managing communications with your customers – the travelers.

 

We’re doing something different than what we normally do. We are announcing our intentions and inviting our community and customers to participate in the process of creating a solution because we believe it is critical to your future success as an owner or property manager: if travelers don’t trust, they will not rent. 

 

And if you have ideas, you can give us your feedback directly by emailing us at secure-feedback@homeaway.com or via the feedback links on all of our sites. While we don’t respond to every email we get, we do READ every one. 

 

If you want to learn more about our vision for HomeAway Secure Communication, check our FAQ here.

 

And please sign up for the Secure Communication group on Community from HomeAway  to join the discussion – we’ll post updates there as we go forward.

 

What can I do now to fight phishing?

 

We all have to pull together to fight phishing. HomeAway has worked hard to educate the industry via emails, messages on our website, and via the Security Center. We continuously invest in technology to actively monitor fraud, to surface suspicious activity, and to harden our systems and protect our customers. More recently, we have introduced new products, such as ReservationManager and Traveler Profiles, and processes such as Phone Verification to support safety.

 

Here are a few steps you can take now to join in the fight:

 

  1. Educate yourself – visit our Security Center to learn about phishing
  2. Read our FAQ to learn how to spot fraudulent inquiries
  3. When you receive a suspicious inquiry or email, please let us know
  4. Accept safe payment methods like those offered through ReservationManager
  5. Include an up-to-date phone number on your listing. We recommend that travelers call the telephone number published on your property listing page to confirm their reservation and payment details
  6. Use two-factor authentication on your email accounts. See this article on how. http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html
  7. If you list on vrbo.com or homeaway.com - log into your dashboard to check your inquiries to make sure you (and not a phisher) are receiving your inquiries.
    Never enter your email password on any webpage via a link sent to you by email, or even if a login page that looks like your email provider’s website pops up unexpectedly.  Always go to the email provider’s website to log in
  8. And don’t ignore warning signs or red flags - if you have a bad feeling, it never hurts to double check

 

Together we can fight this threat to the vacation rental industry, and we’re counting on you, just like you count on us.

 

Sincerely,

Tom Hale

Chief Product Officer

8149 Views 2 Comments Permalink Tags: vrbo, security, homeaway, property_managers, homeaway_summit, property_manager, vacation_rental, new_to_renting, scam, blog, advertising_your_listing, interacting_with_guests, customer_support, tom_hale, fraud, phishing, fraud_prevention, scamming, fraudulent, scam_prevention
carl.shepherd
0

Phishing is a way criminals attempt to acquire your personal information such as usernames, passwords, bank accounts and credit card details. phishing.jpgCriminals do this by masquerading as a trustworthy entity in an electronic communication to which you respond. The simplest form of this is when the crook creates an email that has the exact look of an email from a company you trust, but, when you click on it, you go to a website that is not hosted by the company, but instead, is a phony website designed to get you to sign in using your username and password from the trusted site. HomeAway members make an attractive target for “phishers” because the average transaction value for a stay at a vacation rental is significant. A crook with access to a HomeAway member’s email account username and password is a recipe for disaster.

 

HomeAway has invested in trust & security technology, people and processes to help protect consumers against criminal activity on our sites. We cannot disclose the details but we are very successful in identifying fraudulent listings; in Q1 2011, less than 0.01% of our worldwide listings were both fake and cost a traveler any losses. It is our responsibility to keep fictitious listings off our site so we offer both the free basic rental guarantee and the purchasable Carefree Rental Guarantee to protect travelers from outright Internet fraud we could have prevented.

 

But HomeAway cannot prevent criminals from phishing your personal email account because it doesn’t occur on our site. Therefore, the traveler loss that arises from an owner giving his email password to a criminal is the owner’s responsibility. Your house is real and you are in the business of renting it. When the criminal uses technology to step between you and your customer, they are effectively standing at your virtual cash register while you are out of the store.

 

HomeAway has made it difficult to phish our accounts, but crooks are clever, which is why we continually improve our own security processes. But there is no technology available to us that will keep you from giving a phisher the username and password to your personal or business email account.

 

Like all Internet companies, HomeAway needs you, the advertisers, to do your part to make our websites and this industry safer for all travelers, who are your potential guests.

 

If a phisher can get your username and password for the email account you use to communicate with travelers, they can use this information to steal from travelers.

 

Two Victims

 

Phishing results in two victims. The traveler loses money and often their vacation as well. At the same time, the owner/advertiser has had his online identity stolen, and that thief has not only access to his customers, but to all the information he keeps in his email account.

 

Because the owner is a victim, too, it’s perhaps understandable that some owners do not believe they bear responsibility when their email account has been used to steal from a traveler.

 

In our view, it is the owner’s responsibility to provide restitution when his email password has been phished. After all, the email account was used to steal from a traveler who responded to an email from your email account and but for the criminal getting access to your email account the traveler would not have experienced any loss.

 

HomeAway’s guarantees do not apply to traveler losses due to the theft of your identity via phishing. We have no way to stop your email account from being phished. Only you can do that.

 

Protect Yourself from Phishing:

 

  1. Never share your email account password to anyone.
  2. Only enter your email username and password after verifying that you are on the website of your email provider. Check the URL. If you want to respond to a request that came via email, open a new browser window and go to your email provider’s website to sign in. 
  3. Only change email information after initiating a session with your email provider. 

    

Help Protect Travelers:

 

  1. Do not ask a traveler to wire money via Western Union or another third-party service.
  2. Sign up for a merchant account and accept credit cards. HomeAway offers one through Reservation Manager, but if doesn’t meet your needs; use one of your choice.
  3. Respond to telephone calls promptly. Travelers often want to speak to you before they pay; the call could be your first notification that you’ve been phished, and crooks have better odds when they can get to the traveler first.

    

HomeAway’s Policy Regarding Phishing

 

While HomeAway cannot prevent a phisher from tricking you into giving up your username and password to your personal email or HomeAway account, we will continue to do all we can to insure a fair and trusted marketplace.  It may sound harsh, but listings from owners who ignore their role in maintaining a marketplace that is safe for travelers are not welcome on our websites.

 

When we have reason to be concerned your email account may have been phished, we try to move quickly to limit the possibility that travelers are harmed; we need for you to move quickly, as well. This is how the process works:

 

  1. When we receive information indicating either your HomeAway or personal email account has been compromised, all of your listings will be suspended. This is to keep unsuspecting new travelers from falling victim to the thief.
  2. We will work with you to verify which of your accounts has been compromised. Sometimes the information we have received from a traveler is wrong; in that case, the listings will be reinstated as quickly as possible.
  3. Once we’ve verified your email address has been phished, we will notify every traveler who has inquired on your property so they can avoid sending money to the thief.
  4. If a traveler has paid a thief using the email address you placed on file with HomeAway before receiving a warning notification from HomeAway, it will be your responsibility to either reimburse that traveler for verified losses, or to provide some sort of in-kind value (a free stay at another time, for example) to the traveler.
  5. If you choose not to work with or provide restitution to the traveler, then your listings are at risk of being removed from or not reinstated on HomeAway websites.  This is a determination we make in our sole discretion on a case-by-case basis in order to make our websites and this industry safer for all travelers.

 

Warm Regards,

 

Carl Shepherd

Co-Founder and Chief Strategy and Development Officer

 

** UPDATE **

 

The TODAY show   recently highlighted a case in which  some travelers experienced fraud in Fort Lauderdale, Fla.  Luckily their story had a happy ending, but we wanted to share it with you as a reminder to always protect yourself online.  When booking a vacation rental, always remember do the following:

  • Pay with ReservationManager from HomeAway, whenever possible
  • Pay by credit card, check or bank transfer, and never by cash or wire transfer
  • Call before you pay - After you send an inquiry, call the homeowner or property manager via the phone number on the listing to confirm they've received your reservation request

Also, we wanted to update you that as of now, the HomeAway Carefree Rental Guarantee now covers phishing incidents.  For more information, visit http://guarantee.homeaway.com

 

 

22403 Views Permalink Tags: security, protection, carl_shepherd, guarantee, phising, carl, carefree


Popular Blog Posts

Incoming Links