How "The Customer Is Always Right" Became a Critical Security Flaw
Your five-star service philosophy is now your greatest vulnerability
Former Multi-Property IT Director & EMEA Security Leader, Marriott International
You have built your business on a foundational rule: "The customer is always right."
It is the engine of your hospitality and the source of your five-star reviews. As of today, it is also your single greatest security vulnerability.
Consider the operational reality. Your teams are trained to de-escalate, to solve problems, and to make people happy. They are empowered, even encouraged, to bend the rules to fix a customer's situation. That well-intentioned, service-oriented impulse is the precise attack vector threat actors now exploit.
Modern threat actors understand this dynamic perfectly. They aren't brute-forcing firewalls; they are exploiting your customer service policies.
The attack comes via a phone call.
The Social Engineering Playbook
The actor impersonates a distressed guest locked out of their online account before a flight. They pose as a high-value client who needs a critical piece of information now. They leverage urgency and frustration to manipulate employees who are conditioned to be heroes.
Every time a team member bypasses security protocol to reset a password, change an email on file, or offer sensitive information to appease a supposedly frustrated customer, they are not just solving a problem. They are potentially granting a social engineer complete access to the kingdom.
This long-standing mantra has created a dangerous blind spot. It has taught your staff that a customer's immediate satisfaction is more important than the quiet, rigid necessity of your security protocols.
The Evolution of Excellence
The solution is not to abandon excellent service. It is to evolve it. The mandate is to train your teams that the most critical part of serving a customer is protecting them, and the business, from exploitation.
Staff must be empowered with the confidence to say, "For your security, I cannot fulfill that request, but here is the secure process we must follow."
Immediate Action Items:
- • Re-examine your customer service policies immediately
- • Train your people on modern social engineering threats, not just service standards
- • Implement verification protocols that cannot be bypassed for "VIP" guests
- • Empower staff to prioritize security without fear of negative reviews
The Hard Truth
The customer is not always right. Sometimes, they are not even the customer. It is imperative that your service philosophy and operational procedures reflect this reality.
Your reputation for exceptional service should never come at the cost of your guests' data security or your business's integrity. True hospitality means protecting your customers from threats they cannot see coming.
Daniel secured 450+ hotels across Europe, Middle East & Africa as Marriott's Multi-Property IT Director and Continental Security Leader, securing high-stakes events like Euro 2024 and Paris Olympics. Beyond opening 7 hotels from scratch, he specializes in the dual challenge every GM faces: maintaining enterprise-level security while eliminating IT waste. His systematic approach consistently delivers 15-35% cost reductions without compromising protection, proving you don't have to choose between security and savings.
Share this article
Secure Your Service Excellence
Get a free 30-minute security assessment of your customer service protocols. I'll identify vulnerabilities and show you how to maintain five-star service while protecting against social engineering attacks.
Schedule Free Security Assessment