Young man arrested in Madrid for violating a payment gateway in the hotel sector

During the first weeks of February 2026, a series of unusual transactions were detected on a travel booking website, prompting Spanish authorities to open an investigation. The agency itself filed the complaint on February 2, after observing multiple apparently valid transactions, but with anomalous deposits in its bank account. Following this complaint, the National Police launched an investigation focused on a payment gateway linked to the booking platform that appeared to be manipulated in a technical way that had not been documented in Spain until then.

The perpetrator of this incident was a 20-year-old man in Madrid who managed to have luxury hotel room reservations, with rates of up to €1,000 per night, registered as paid after paying only €0.01, generating estimated losses of more than €20,000 for the establishments affected. The police managed to identify and arrest the suspect within days, while he was staying at one of the hotels involved, and also found that during his stays he consumed products from the minibar without paying. For these acts, he was brought before the courts as the alleged perpetrator of a computer fraud offense.

The investigation remains open and authorities have not ruled out the possibility of charging the suspect with additional crimes as they continue to analyze the scope of the attack. This incident has highlighted the need to strengthen the security of online payment and booking systems, and has reopened the debate on cybersecurity in the field of e-commerce and digital services.