Stuart Barwood, director of strategic partnerships, airline and travel at Forter examines the effects of cyber fraud on frequent flyer miles.
When looking to book a holiday through accrued frequent flyer points, consumers may find that they don’t have as many points as they thought. That is because they’ve been stolen by cyber criminals and sold on the Deep and Dark Web. Nearly half of loyalty accounts are inactive, with consumers failing to track points, which is why fraudsters find loyalty miles so alluring.
Loyalty points and miles are being targeted because they are viewed as ‘cash’ to hackers and are untraceable. Similarly, they represent real money for the airlines, who may have to compensate customers and partners for stolen points. Point balances are also a significant liability that sits on the airline’s balance sheet, impacting financials. The faster the airline can turn points into revenue, the better.
Should accounts be hacked, the credentials of any associated co-branded credit cards could also be compromised, since consumers frequently use the same credentials for many accounts. The impact can subsequently spiral into the partner network, leaving all avenues open to attack. With a forecasted increase in unique passengers travelling on scheduled flights, fraudsters are finding creative ways to realise the revenue, such as:
Account Takeover (ATO) is where fraudsters access genuine accounts, subsequently redeeming members’ points for rewards. They purchase tickets in the account holder’s name, changing the name to a third party after selling the ticket.
New Account Fraud allows fraudsters to liquidate points they’ve stolen from legitimate accounts. They create multiple fake accounts, leveraging stolen identities, to earn points tied to stolen credit cards.
Policy Abuse is fraudulent activity by otherwise good customers. Consumers will overshare coupons or promotional codes, breaching merchant policies. Likewise, online fraudsters abuse coupons to gain access to financial pay-outs or valuable services.
Insider Abuse is where employees use any of the above referenced tactics, since they have access to personal customer account details. For example, one employee created loyalty accounts for customers, albeit with his own email address, allowing him to accumulate 2.6 million air miles.
Airlines are starting to recognise the impact of loyalty fraud, and are therefore urgently looking at ways to shift points off their books. CFOs are also pressuring marketing on why there is so much ‘money’ on the balance sheet and to get customers to redeem regularly; doing so will limit the attack surface for fraudsters.
Fraud also impacts brand reputation and trust. Forter’s Fraud Attack Index indicates that airline-focused attacks have increased by 61%. This increase is attributed to the rise in loyalty programme issues (with loyalty fraud attacks increasing by 89%) and high-profile data breaches that have placed customer information at risk.
Many airlines have little protection in place to tackle loyalty fraud, and if they do, they are using legacy methods that rely on manual review. Airlines need an integrated fraud prevention platform that protects consumers throughout the customer journey, enabling the airline to distinguish and protect legitimate customers from fraudsters. Furthermore, this must deliver real-time, instantaneous decisions to satisfy instant customer gratification expectations.
Ultimately, any fraud solution must be able to adapt to the airline’s changing business requirements; they must prioritise preventing loyalty fraud before it impacts their bottom line.