Tucked away in the heart of Knightsbridge, the Special Forces Club provided an intimate and exclusive setting for an event that was as insightful as it was engaging. With a rich history intertwined with World War II and the invaluable contributions of both men and women who fought for the freedoms we enjoy today, the venue itself set the perfect tone for a discussion that was all about protection, resilience, and security - albeit in a modern digital sense.

Gathered in this historic setting were leaders from across the hospitality sector, including attendees from Sarova, Red Carnation, Good Hotel London, Millennium Hotels and Resorts, The Wellesley, and Regency Court Hotel. Spearheading the discussion were Stevan Bias, Business Information Security Officer of FinTech at Booking.com; Spencer Mott, former Chief Security Officer of Booking Holdings; Mark Read, IT Director of Firmdale Hotels PLC; and James Savory, Travel and Hospitality expert at Island. With a wealth of experience between them, the panel delivered an insightful and engaging discussion that resonated deeply with the attendees.

A Crisis in Hospitality: The Growing Threat of Account Takeover Fraud

The focus of the event was Account Takeover (ATO) fraud - a growing crisis in the hospitality sector that sees cybercriminals compromising Online Travel Agent (OTA) platform accounts to commit fraud, steal inventory, and erode guest trust. With global losses estimated in the hundreds of millions, the financial implications are staggering, but perhaps even more damaging is the reputational risk to hotels, hotel groups, and the industry at large.

From the very start, it was clear that this discussion was more than just a theoretical exploration of the issue. The speakers and attendees alike shared a genuine passion for tackling this challenge head-on, with years of experience lending weight to the conversation. This was not a passive panel discussion - it was an interactive exchange of ideas, with participants sharing insights and practical experiences that deepened the conversation.

Understanding the Threat: Why ATO Fraud is a Hospitality Sector Target

The conversation kicked off with James Savory setting the scene, providing a brief history of the venue before outlining the discussion’s framework and introducing the speakers. Under Chatham House Rules, attendees were encouraged to speak candidly, knowing that insights shared would remain in the room.

Spencer Mott then led the discussion by addressing the scope and scale of ATO fraud, questioning why it has become such a pervasive issue in hospitality. Stevan Bias, drawing from his extensive security background, explained how attackers exploit weak authentication measures, social engineering tactics, and outdated security protocols to breach accounts and execute fraudulent activities. Mark Read provided a valuable perspective from the accommodation owner’s standpoint, detailing the operational and reputational impact these attacks can have on businesses.

Identifying the Problem: Why Traditional Approaches Are Falling Short

One of the most engaging parts of the discussion was the deep dive into how these attacks impact real people - both staff and guests - and the warning signs that often go unnoticed. Stevan Bias highlighted the real-world impacts that affect people's lives, from employees facing job insecurity due to fraud-related losses to guests experiencing breaches of their personal data and financial distress.

Stevan Bias and Mark Read’s insights highlighted a stark reality - while best-practice security measures are widely known, they often don’t go far enough. Staff training alone hasn’t proven sufficient, and even with rigorous security layers in place, cybercriminals continue to adapt. The consensus? A new approach is needed - one that simplifies security rather than adding complexity, while also reducing costs and improving operational effectiveness.

A Way Forward: The Role of the Enterprise Browser in Preventing Fraud

As the discussion moved toward solutions, Spencer Mott and Stevan Bias explored how hospitality organisations can rethink their approach to security. Instead of constantly layering new security tools, the focus shifted to rationalising technology - making it more collaborative, intuitive, and seamlessly integrated into daily operations.

One such solution is the Island Enterprise Browser, which offers last-mile controls, real-time visibility, and secure user access. Mark Read shared his own experience of implementing this technology, explaining how it provided not just protection against fraud, but also operational benefits, allowing staff to work more efficiently while maintaining a secure digital environment.

Spencer Mott emphasized that preventing fraud isn't just about security - it’s about integrating technology in a way that supports operational efficiency rather than obstructing it.

A Conversation That Will Continue

The event concluded with a Q&A session, reinforcing just how pressing and relevant this issue is to the hospitality sector. There was a strong sense that this wasn’t the end of the discussion - rather, it was the beginning of a much-needed collaborative effort to combat ATO fraud effectively. The excellent lunch that followed provided an opportunity for attendees to continue the conversation in a more informal setting, exchanging further insights and experiences over great food.

For those who missed this event, or for anyone keen to dive deeper into the conversation, keep an eye out for the next session. If this discussion proved anything, it’s that staying ahead of digital threats isn’t just a necessity - it’s an ongoing commitment.