Focus on Fraud: Outsmarting fraudsters in the travel industry

Automated technology provides unobtrusive security for genuine consumers, says Forter chief exective Michael Reitblat

Automated technology provides unobtrusive security for genuine consumers, says Forter chief exective Michael Reitblat

Travel faces a growing cyber crime problem. Between 2017 and 2018 alone, land travel and accommodation providers experienced a 19% increase in fraud attacks and research shows that travel is the third-most defrauded industry overall.

While the rise in fraud sophistication is a factor, these attacks can often result from attempts to streamline consumer journeys; with efforts aimed at making experiences more seamless and less friction-filled for customers, opening merchants up to potentially greater risks as a result.

This comes at a time when consumer expectations are higher than ever. Recent studies reveal 32% of customers would abandon a brand after just one negative interaction. Optimising experiences is essential to retain consumer loyalty and protect profits, but it can leave travel merchants vulnerable.

So, what can be done to outsmart fraudsters while simultaneously optimising the user experience?

Attacks on travel systems are increasingly frequent. The recent breach at Amadeus Group was not only the latest in a long line of incidents, but also the second to hit the distribution company this year. The risks these attacks pose however, aren’t limited to reputational damage of the brand alone; they also impact consumer security.

Breaches can cause vast stores of personal and private consumer data to end up in the wrong hands. As consumers often leverage the same usernames and passwords across brands and platforms, fraudsters with just one breach, have the potential to access numerous accounts and capitalise on the hacked details. The first Amadeus Group incident for instance, affected 141 airlines and the second put the details and email addresses of millions of customers at further risk.

As a result, the rise in data breaches is also fuelling account takeover attacks (ATOs). These occur when fraudsters illegally access an individual’s digital accounts and use them for varied fraudulent purposes, such as accessing or changing account details, as well as making purchases with the attached payment methods.

Exacerbating the issue

Criminals are drawn to the travel industry due to its high-value online transactions and the large volumes of sensitive personal data that bookings require. In adopting initiatives to improve and streamline consumer experience, some merchants have enhanced industry appeal for fraudsters by making it easier to exploit these platform vulnerabilities.

Such initiatives involve the removal of security processes viewed as obstacles to the consumer journey — including requesting proof of identity or additional authentication mechanisms. Travel brands have also been incentivising customer engagement by adding loyalty programmes, where each travel purchase earns points or vouchers.

While an effective method of building long-term customer relationships, loyalty systems are also viewed as an ideal attack point by fraudsters. In most cases, rewards or loyalty points accrued are less closely scrutinised by users than their bank balances would be, so any changes in these balances are unlikely or less likely to be noticed. The pitfall here is that once access is gained, loyalty points essentially become ‘free money’ for fraudsters.

Friction-free fraud fighting

The very nature of travel bookings often involves purchasing various tickets and services, resulting in several real-time adjustments and excessive implementation of common security methods, such as 3D Secure (3DS). This adds friction to the customer journey, leading to irritation, higher drop-off rates, and lower revenue. Consequently, fraud prevention must strike a careful balance – ensuring robust protection while meeting consumers’ needs for convenience.

Manual procedures are ineffective methods of achieving this; not only do they increase the time spent on reviews, but human intervention also increases the risk of error and inaccurate results. False positives see genuine consumers unnecessarily flagged for checks and fuel negative brand association. Failure to identify cyber crime however, leaves fraudsters able to operate unimpeded, siphoning off loyalty points and making payments which in turn, drive chargeback costs sky high for travel providers. Instead, merchants should embrace advanced technology that automates fraud and trust assessments at every stage of the consumer journey.

In addition to evaluating multiple risks faster than human fraud teams, automated processes provide greater accuracy. The most precise platforms use an identity-based solution to collate data and analyse consumer behaviour throughout the path to purchase, building a holistic view of individuals. This allows them to address potentially fraudulent activities early on, prior to the point of checkout, preventing later bottlenecks and further disruptions in the customer flow.

It can seem as though travel merchants are in an impossible position. Delivering a friction-free shopping experience is critical to meet rising consumer expectations, as is offering worthwhile loyalty programmes to incentivise lifetime value (LTV) of customers. Yet, when cyber criminals exploit vulnerabilities these added platform values create, the ultimate victim is the travel provider.

There is however, a way out of this conundrum: using automated technology to ensure fraud prevention whether at the point of transaction, or beyond, merchants can outsmart sophisticated fraudsters and provide unobtrusive security for genuine consumers.