When a Donegal self-catering host accepted a booking for a full week in August last year, everything looked legitimate. The Airbnb profile had a verified badge, the booking was made through the platform, and payment appeared to clear. The guests arrived, stayed four nights, caused significant damage to the kitchen, and disappeared. When the host filed a damage claim, they discovered the account had been created with stolen identity documents and the payment had already been flagged as fraudulent by the card issuer. The revenue was gone, the repairs cost over €3,000, and the property was offline for a week during peak season.
Donegal's self-catering market is booming. Airbnb, Vrbo, Booking.com, and direct bookings generate significant income for property owners across Donegal, from Letterkenny to Bundoran to the Inishowen Peninsula. But that success has made the sector a target. In the past twelve months, self-catering hosts across Ireland have reported fraudulent bookings, payment chargebacks, identity fraud, and organised damage events. Most hosts have no idea how common these incidents are, because the platforms do not publicise them.
WHAT: The Real Threats to Self-Catering Hosts
Fraudulent bookings are the most common problem. An attacker obtains stolen credit card details, creates a new platform account or takes over an existing one, and makes a booking using the stolen card. The booking clears initially. The guest checks in. Days later, the card is reported as stolen, the charge is reversed, and the host is left with no payment and potential damage to the property. The guest is untraceable.
Payment chargebacks follow a similar pattern. A guest books, stays, and then disputes the charge with their bank after checkout — claiming the property did not match its description, or that they never made the booking at all. Many banks side with the cardholder in disputes, leaving hosts out of pocket. Keeping detailed property documentation, including timestamped photos before and after each stay, is your primary evidence in a chargeback dispute.
Identity fraud is increasingly sophisticated. Criminals use AI tools to generate convincing fake identity documents, complete with matching names, photos, and document numbers. Platform verification processes are improving but are not infallible. A guest who refuses to provide ID, provides documents that seem inconsistent, or whose name does not match the booking details is a warning sign worth acting on.
Unauthorised parties are a separate category of risk. A guest books for two people and arrives with fifteen. The property sustains damage, neighbours complain, and the host faces potential liability. This is particularly common for properties that sleep six or more during holiday weekends.
Are you a Donegal host concerned about fraud or guest screening? Book a free 20-minute strategy call — we advise Irish hospitality and property businesses on practical security and risk management.
WHAT NOW: Practical Protections That Work
Guest screening is your first line of defence, and the platform's verification badge is not enough on its own. Before accepting a booking, check the guest's review history carefully — not just the rating, but the content of reviews. A new account with no history is not automatically a red flag, but a new account combined with a vague stated purpose, a request to take payment outside the platform, or an unusually urgent check-in timeline are patterns worth questioning.
Communicate with guests before confirming. Ask about the purpose of their stay, the size of their group, and whether they have any specific requirements. Legitimate guests almost never object to these questions. Guests with problematic intentions often respond vaguely or become evasive.
Smart locks are the single most effective physical security investment for self-catering properties. A keypad or app-controlled lock allows you to generate a unique access code for each booking, change it automatically after checkout, and audit when the property was accessed and by whom. If a guest causes damage and claims they were not at the property during the relevant period, your access logs tell the real story.
Install cameras in common areas — entrance, living room, and external areas — and disclose their presence clearly in your listing. The Data Protection Commission has published guidance on lawful CCTV use in properties accessible to third parties.[^3] The key requirements are clear signage, a legitimate security purpose, appropriate retention periods, and no cameras in private areas such as bedrooms or bathrooms. Cameras that are undisclosed or in private areas create GDPR liability rather than reducing your risk.
Document your property's condition systematically. Before every check-in, take timestamped photos of every room, noting any existing wear or damage. Use a consistent checklist and store the records for at least two years. An Garda Síochána recommends maintaining detailed records of all bookings, communications, and incidents in the event of a fraud or theft report.[^2]
For insurance, do not assume your standard homeowner's policy covers short-term rental activity. Many do not. Contact your insurer explicitly and ask. A number of Irish insurance providers now offer dedicated short-term rental policies. Platform host protection insurance, where offered, has specific limits and exclusions that you should read carefully before relying on it.
WHY IT MATTERS: GDPR Applies to Your Guests
Hosts who collect guest identity documents, operate CCTV, or store payment details are processing personal data under GDPR. NCSC Ireland advises all businesses handling personal data to implement appropriate technical and organisational security measures.[^1] For a self-catering host, this means keeping guest records secure, deleting them when no longer needed, and not sharing them with third parties without a lawful basis. The Data Protection Commission has the power to investigate and fine data processors regardless of their size. A single well-founded complaint from a guest about how their data was handled can trigger an investigation.
The practical implications are straightforward: store guest ID documents securely (encrypted cloud storage, not a WhatsApp conversation), delete them within a reasonable period after the stay, do not share CCTV footage with third parties without legal authority, and have a simple privacy notice available for guests who ask how their data is used.
Running a self-catering property without proper guest screening and property documentation is like leaving your front door unlocked. The risk is real, and it is increasing.
WHAT NEXT: Three Actions This Week
Review your current insurance policy. Call your insurer today and ask directly whether your policy covers short-term holiday rental activity. If the answer is no or unclear, get quotes for a dedicated short-term rental policy before your next booking.
Set up a pre-booking communication template. Before accepting any booking, send a standard message asking about group size, purpose of stay, and confirming your key house rules. Make this a routine part of your process rather than something you do only when a booking seems unusual.
Take a full photo record of your property this week. Every room, every appliance, every piece of furniture. Timestamp the photos and store them somewhere permanent. That record is your primary evidence in any chargeback or damage dispute.
Related Reading
- Card Payment Security in Donegal Restaurants and Bars
- CCTV in Your Donegal Hotel, Restaurant or Pub: GDPR Obligations
- Cloudflare Bot Traffic and Fake Bookings: How to Stop Fraudulent Reservations
[^1]: NCSC Ireland. Advice for Organisations. https://www.ncsc.gov.ie/advice-for-organisations/ [^2]: An Garda Síochána. Cyber Crime. https://www.garda.ie/en/crime/cyber-crime/ [^3]: Data Protection Commission. Guidance for Organisations. https://www.dataprotection.ie
Pragmatic Security — Cybersecurity advisory for Irish businesses. Based in Donegal, Ireland. CISA, CISSP, CISM certified advisors.