When Mary Kay Schoen reserved an apartment in Seattle through Airbnb, her confirmation came with a peppy prompt: “Let’s add your ID!”
“This seems like an outrageous and unwise request,” Schoen says. “We’d be happy to show our government ID to our host or even mail a paper copy. But we don’t want it online.”
Schoen, a poet from Alexandria, Virginia, makes a valid point. In the first half of 2019, cybersecurity firm Norton reported an astounding 3,800 data breaches, up 58% from the previous six-month period. That’s more than 4 billion compromised records. Why are travel companies asking customers to upload their IDs at a time like this?
Short answer: It’s for your own safety – at least according to Airbnb.
“Identity verification is an important tool to keep Airbnb secure and fight fraud,” says Charlie Urbancic, an Airbnb spokesman. Urbancic says the company has offered hosts the option of requesting an ID since 2013. In the United States, Airbnb may also run customer background checks against public records for criminal convictions and sex offender registrations.
The vacation rental site only shares a few data points with hosts, including the first name on your ID, whether you’re at least 25 years old, and your profile photo and profile name. “The information helps us check that everyone is who they say they are,” Urbancic says, which keeps “fraudulent individuals” away from Airbnb.
Edward Hasbrouck, a privacy advocate, called Airbnb’s request for such documents “disturbing.”
“It’s especially unfortunate that Airbnb is demanding ID from would-be guests, since many hotels already unjustifiably demand ID from guests, leaving Airbnb and other ‘informal’ lodging as the accommodations of last resort, in many cases, for undocumented travelers,” adds Hasbrouck, who writes the Papers, Please! blog, a site that tracks travel and ID issues.
Jordan Locke, founder of RevPARTY, a hospitality consulting company, says many guests share Schoen’s concerns.
“Hotels and vacation rentals tend to require ID to prevent fraud,” Locke says. “Especially as virtual check-in and online booking becomes more popular and interaction with guests decreases, it’s harder to safeguard against fraud.” Customers, he says, “have been conditioned to be wary of requests for personal information online due to identity theft, scams and spam.”
Asking for your ID before you arrive is still fairly rare. The other major vacation rental site, Vrbo, does not request an ID. To confirm identity, it asks customers for their first and last name, email address, mobile phone number, home address and birth date.
One of the most widely experienced requests to upload an ID before a trip comes from the optional Mobile Passport app, which allows U.S. and Canadian citizens to download their passports in advance and use a faster-moving dedicated line to clear Customs and Border Protection. However, with the free version of Mobile Passport, passport information expires four hours after submission. To keep it on file, you have to pay $15 a year for the premium version.
The app encrypts and stores your passport data on your device and then sends it to CBP for review. Peter Davis, the chief privacy officer of Airside, the app’s developer, says the app transmits only information encoded in the passport’s “machine-readable zone” (name, passport number, nationality, date of birth, sex and passport expiration date) and your answers to the customs declaration form. “We believe that the privacy of personal information is paramount, so none of it is stored on our back end,” he says.
Turo, the car-sharing website, requests proof of identity before you can drive any of its vehicles. Initially, you’ll have to provide your name and driver’s license number. But the site says it “may” also ask for photos, including of your driver’s license, you holding your driver’s license next to your face, your passport and the payment card that you most recently used on Turo.
If you don’t comply with the requirements, you can’t rent one of Turo’s cars. Turo says it takes privacy seriously and promises not to share any document or personal information you provide to the company with anybody in the “Turo marketplace,” which is another way of saying the vehicle owners.
Hasbrouck, the privacy advocate, says United Airlines has recently started requiring passengers using its smartphone app to upload photos of their passports to their phones before obtaining boarding passes for international flights. The airline prompted him to do so on his last flight, he says, but he couldn’t get the app to work. “But this is only if you want a boarding pass on your phone,” he says, “which I don’t recommend since it can cause problems if your phone battery runs out at the wrong moment.”
Other travel companies take various approaches to verifying your identity. For example, most hotels still ask for an ID when you check in, a standard request. But the Hilton Honors app on my smartphone – which allows me to check in from anywhere and use my phone as a key card – doesn’t request an ID. Instead, Hilton, with my permission, accesses information on my phone to connect it wirelessly to the hotel’s doors.
It’s still a lot of information, but it doesn’t feel as intrusive as having to email a photocopy of your passport information to the property.
Taken together, these efforts to collect data before you hit the road are troubling. Given the problems with data breaches, you might expect travel companies to request less information from their customers, not more.
Schoen says she canceled her Airbnb reservation instead of uploading her ID. That’s the right call, according to Hasbrouck. “Customers should say no,” he says.
Christopher Elliott is a consumer advocate, journalist and co-founder of the advocacy group Travelers United. Email him at firstname.lastname@example.org.