Airbnb has been criticised by the consumer group Which? after it took nearly two weeks to remove a fake account that was deliberately set up to look fraudulent.
Which? created a series of fake profiles across Airbnb, Homeaway, and Tripadvisor’s Holiday Lettings in order to investigate "how easy" it would be for scammers to use the sites to "hoodwink holidaymakers with fake listings".
It was able set up eight fake listings on Airbnb without any proof of ID, it said. It then deliberately broke the site's rules by providing a contact email address on the listing – a tactic often used by scammers to entice consumers to communicate with them off the site and then encourage them to pay via bank transfer for a fake room.
Airbnb spotted and removed the address. But Which? was able to add it back to the listing again afterwards without it being noticed by the company.
It then used Airbnb's on-site reporting mechanism to flag it as a potentially fraudulent account, but it remained active for 13 days before being taken down, during which time a "real fraudster could have scammed several people", it said.
"More needs to be done to tighten this up and to quickly shut down fraudulent accounts when they are reported," Rory Boland, Which? travel editor.
The publication also created eight fake listings on the site Holiday Lettings, which Which? said did not require ID.
However, when it flagged one listing as potentially fraudulent, the site did take action and removed it "within a few hours".
Holiday Lettings said that during the course of the Which? investigation it blocked the consumer group's attempts to send an email address to a prospective traveller, caught and removed Which?’s attempt to post an email address in a property’s description, and blacklisted the account once it was flagged as fraudulent.
"The safety of our travellers is our top priority. That’s why we have a large team on duty 24/7, an ever-growing collection of fraud prevention tools and systems, give safety advice to travellers every step of the way, and provide payment protection," a spokesperson said. "If a property flags up a security concern, a member of our team completes a manual investigation, which includes requesting documentation and ID."
It also directed BuzzFeed News to a series of places on the site warning customers only to pay via the site, never via bank or transfer.
Which? did not flag any fake accounts with the site Homeaway, because researchers were stopped from creating a listing by requiring a scanned passport or driving license as proof of ID. A spokesperson for the company said it had a range of "checks and balances" to prevent fraudulent activity.
Which? said, however, that a lack of ID checks across some platforms meant it was "extremely easy" for potential fraudsters to set up accounts across sites including Airbnb, potentially putting customers at risk.
"A common type of scam on holiday letting sites is for fraudsters to get guests to contact them directly, usually by including a phone number or an email address in the listing’s photos or description," Which? said.
"In these cases, they’ll usually then suggest the holidaymaker transfers the money outside of the website via bank transfer."
When this happens, the funds are "impossible to recover", Which? claimed, because they have taken place away from the site.
Airbnb's website states that customers should "never share your email address before a booking is accepted or transfer funds outside the Airbnb system" and told BuzzFeed News that "fake or misrepresented listings have no place in our global community".
"Fortunately, experiences like this are rare," a spokesperson said. "We are working with Which? on the results of their investigation and are taking their concerns incredibly seriously."
Airbnb had, he said, introduced new security tools to help "eradicate" scammers from the site and was always working on staying ahead of fraudsters.