Crown Plaza Venice hotel booking fiasco could have been avoided

August 2009 (Eskenzi PR) - Web site code auditing could have avoided the 90,000 pound online booking loss incurred by the Intercontinental Hotels Group, says Fortify, the application vulnerability specialist.

Richard Kirk, Fortify's European Director, said that the online booking fiasco - in which rooms at the Crown Plaza Venice East Quarto D'Altino hotel were sold for pennies - has lost the group tens of thousands of pounds.

"Rooms, which normally cost between up to 150 pounds a night at the four star hotel in Venice, have been booked by savvy Internet punters, most of whom are well aware of the law of contract," he said.

"After the company initially blamed the fiasco on hackers, they quickly realised their own coding and data mistake - and are now effectively locked into completing the contract with customers," he added.

Kirk says that the incident, which will cause a hole in the hotel's annual profits, could have been avoided if the hotel group - or its booking IT services provider - had used standard code auditing techniques on the Web site server system and its allied data.

Standard auditing techniques that look for non-standard patterns in bookings, as well as erroneous low or high value card authorisations, would have picked up this anomaly, he explained.

According to Kirk, because of these failings in the audit process, more than 5,000 bookings were reportedly made within hours of the one pence rate being offered on the Crown Plaza Web site.

"The irony of the situation is that the hotel - and the Intercontinental Hotels Group - will probably gain in the publicity stakes, but this is an expensive way to learn that your Web site code auditing and allied safeguards have failed you," he said.

"Coming in the wake of a 40 per cent slump in first half year profits for the group, the IT director is probably not going to be too popular in the company boardroom," he added.

For more on the Crown Plaza Venice hotel fiasco: http://preview.tinyurl.com/oj3c54

For more on Fortify Software: http://www.fortify.com

<>