During a recent stay at a very well known, well respected hotel chain, I was almost the victim of a simple, yet sophisticated con.

I serve on the board of a non-profit that supports the further-education sector in the UK, and whilst traveling overnight for a board away-day, I needed to stay at a hotel in a large UK city. My preference had been to meet the team for dinner, but due to several factors that wasn’t possible and I ended up treating myself to a room service and conference calls.

Shortly after my pizza arrived, the phone rang. “Hello this is Stefano from room service”, the voice said, “my colleague made a mistake putting your transaction through and instead of charging you £32.75 we accidentally charged £3275”.

Well, he successfully got my attention.

He continued, “Don’t worry it’s just a hold against your card, and we can easily rectify it, I just need you to tell me you card details again”.

ALARM BELLS.

I politely conveyed my dismay, the inconvenience it caused and said I’d rather pop down to reception and deal with it there. Upon arriving at reception and asking to speak with Stefano I was told, “Terribly sorry Sir, we have no one here by that name”.

The morning after

The next morning I met with the manager, who had heard about the incident last night and implied it wasn’t the first time this had been reported, but was being addressed. She said the perpetrator had discovered that the Food and Beverage (F&B) staff were less well trained in how to deal with sensitive information than the front of house staff, and had used an elaborate ruse of “my wife just ordered room service, and I need to know whether it has arrived”. He then somehow managed to determine the cost of the order and have F&B put him through to the room – thereby seeming to have information and access to my room that only a member of staff should have.

The moral of the story

The purpose of me sharing this story is two fold; one to raise awareness of this tactic for all the frequent travellers we know, and two, to highlight that, like organisational change and innovation, security can sometimes be considered the responsibility of a select few.

Change, innovation and security can not be devolved to individuals or teams, for real success and progress to be made in any of these domains, organisations need to create shared understanding, ownership, and responsibility.