Wednesday, September 18, 2019

4 Reasons You Should Never Use Booking Engines With An Iframe

Having a safe secured website and creating trust for your guest is extremely important especially when you have a booking engine.

Consumers have been warned for years about the potential danger of compromised payment card readers. Now, a recently uncovered threat called formjacking is basically doing the same thing, only it is happening when you enter your payment details on a website. By inserting malicious code into the site, cyberthieves can swoop in and steal your card number, security code, zip code, and much more.

Websites having Iframes can cause the above threat. Here are four main reasons why we strongly suggest not to use booking engines with an iframe:

1. Security Risks

Iframes bring security risks and site becomes vulnerable to cross-site attacks. This vulnerability is called formjacking.  Formjacking is a term we use to describe the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites. You may get a submittable malicious web form, phishing your users’ personal data.

2. Usability Issues

The iframe tag is notorious for creating usability annoyances. Often it tends to break the browsers’ “Back” button or confuses visually impaired visitors, using screen readers Or suddenly opening the iframe content in a new browser window.

3. Iframes Cause SEO Problems

SEO these days play a very crucial role in getting you visible out there on search engines. However, having iframes on your website/booking engine it may affect on your search engine optimisation. Google also recommends refraining from creating iframes. Iframes can cause problems for search engines because they don’t correspond to the conceptual model of the web.

4. Stealing Personal Detail Threat

 As a property, you would not want any of your guest to complain of having their personal details stolen. Having a secured website and booking engine creates trust. Iframes often cause hackers to collect information, such as payment card details and the user’s name and address.

How to rectify it?

Simply contact your web developer to remove iframe code or apply direct booking engine links to open in a new tab.

We strongly advise you to stay away from using the iframe tags, as STAAH takes security seriously and helping clients get rid of any form of risk is our job to notify them.


This post originally appeared on the STAAH website and is reproduced with their permission.

STAAH Ltd is a New Zealand-based technology company that specialises in cloud-based channel management and booking engine for accommodation providers to maximise online revenue. Founded by Gavin Jeddo in 2008, a pioneer in the field of distribution technology, STAAH’s industry-leading technology powers a property’s distribution through online travel agencies (OTA), direct bookings and digital marketing services. STAAH works with more than 6,000 partner properties in more than 80 countries through its operations in New Zealand, India, Malaysia, Philippines, Thailand, UAE and UK.

Newsletter Signup

By signing up you agree to receive emails from Hotel Speak and select partners



09octAll Day10FeaturedThe Annual Hotel ConferenceHilton Manchester Deansgate Hotel, 303 Deansgate, Manchester M3 4LQCountry:UKCity:ManchesterRegister

15octAll DayFeaturedHotel Revenue Distribution Summit 2019Marina Bay Sands, 10 Bayfront Avenue, Singapore 018956Country:SingaporeCity:Singapore

22octAll Day23FeaturedCustomer Experience Exchange for Travel & Hospitality 2019The Hurlingham Club, Ranelagh Gardens, London, SW6 3PRCountry:UKCity:London

22octAll Day23FeaturedDirect Booking Summit MiamiLoews Miami Beach Hotel, 1601 Collins Ave, Miami Beach, FL 33139, USACountry:USACity:Miami

31octAll Day01novFeaturedHOST 2019Business Design Centre, 52 Upper St, The Angel, London N1 0QHCountry:UKCity:London

19febAll Day20FeaturedDirect Booking Summit BangkokVenue TBCCountry:ThailandCity:Bangkok

Recent News