One thing I am curious about is whether the hotel CRM shows the booking channel. Most true corporate travel is booked through something like Concur, AMEX GBT, CWT, etc. If the agent sees the booking come through one of those channels with a person's name on it and then gets a card or photo ID (not corporate ID) from said person, it's a pretty low fraud risk. But if it is a reservation through the hotel's channels using just a typed-in code, then I'd think they would have reason to be more strict in seeking proof of affiliation.