UK’s consumer watchdog finds weak identity checks, fake listings, and flawed fraud prevention and calls for urgent security reforms
Mar 11, 2025
A Which? investigation has revealed significant security flaws in Booking.com’s platform, making it highly vulnerable to fraud. The consumer watchdog found that weak identity verification, lax scam prevention measures, and an easily exploitable messaging system are exposing travelers to fraudulent listings. Some properties listed on the site do not exist, and scammers have taken advantage of these loopholes, leading to numerous complaints from victims. With the Online Safety Act’s illegal harm codes coming into effect on March 17, Which? is urging Booking.com to take stronger security measures, including identity verification for hosts, mandatory two-factor authentication for users, and banning external links in messages.
Key takeaways
- Booking.com has major security gaps, allowing scammers to list fake properties and exploit travelers;
- Lack of identity checks makes it easy for fraudsters to create fake listings, unlike competitors like Airbnb and Vrbo;
- Hundreds of reviews mention scams where users paid for accommodations that did not exist;
- Booking.com removed scam listings only after being alerted by Which?, showing a reactive rather than proactive approach;
- Two-factor authentication (2FA) was introduced but remains ineffective, with reports of it failing for some users;
- Fraudulent messages with external links are being used to move transactions off-platform, increasing scam risks;
- The Online Safety Act will require platforms to strengthen fraud prevention, but Which? insists Booking.com should act now;
- Which? recommends key security changes, including mandatory host identity verification, stricter scam investigation, and banning external links in messages;
- Booking.com claims to have robust security measures in place, but acknowledges that fraud remains a challenge across industries.
Get the full story at Travel Weekly UK
