Guest Post: Pilotless problems - The impact of ‘bad bots’ on the travel industry

Tim Ayling, VP of cybersecurity solutions EMEA of Imperva, helps us decipher what they even are and why they are a threat

After several challenging years, the travel industry has returned to a real growth stage with more people traveling than ever before.

However, this isn’t the only traffic that has seen an increase in recent years. Only 51.1% of travel and airline internet traffic is driven by humans… 44.5% actually comes from malicious online bots.  

What actually are malicious bots? Why are they a problem for the airline industry? And what security measures need to be put into place?

Bad bots taking off across all industries 

Bots are automated software applications on the internet that perform tasks, such as filling out forms and collecting website data. While some of these bots are harmless and helpful – bad bots are also one of the most pervasive and growing threats facing every industry. 

Whether it’s malicious account takeover, web scraping, spam or DDoS attacks, malicious bots can have a negative impact on an organisation’s bottom line and reputation. 

No organisation is immune from the threat posed by these bad bots – but with bad bot traffic growing from 37 to 44% in the past year, it’s a threat the travel and airline sector needs to address. 

How Bots target the travel sector

Unauthorised scraping: This causes higher look-to-book ratios for airlines – which eventually leads to lost revenue from OTAs not paying booking fees. Airlines also lose visibility into legitimate customer journeys. 

Seat spinning: Bots post as genuine customers to reserve seats on flights without making any payments – often for up to 24 hours at any given time – before either releasing those seats at extremely short notice, or reselling bookings at a premium. The impact is mostly seen on departure day; with seemingly full flights suddenly indicate more and more empty seats, with a huge hit to airlines’ revenue as well as wider reputational impact. 

Loyalty programme account takeover: Criminals run brute-force attacks on login pages to gain access to customer accounts and, once inside, steal loyalty points, transfer them to other accounts. This leads to angry customers, higher customer service costs, extensive forensic investigations, reimbursement costs and customer retention problems. 

Credit card fraud: In a similar vein to the above, criminals can use similar tactics to steal customer credit card information. 

Each of these problems alone is enough to impact customer experience and brand reputation – as well as creating a significant headache for the IT team. Left unaddressed, bot activity can cause poor website performance and downtime. 

Mitigating the risk 

In the face of the escalating threat posed by malicious bots, the travel sector must adopt a multi-layered defence strategy to safeguard its digital ecosystem. First and foremost, it is essential to implement an advanced bot management solution that can distinguish between legitimate users and bots. This solution should employ behavioural analysis, device fingerprinting, and challenge-response authentication to accurately identify and block nefarious bot activity.

Furthermore, continuous monitoring and real-time analytics are crucial for detecting anomalies and potential threats. By analysing traffic patterns and user behaviour, companies can quickly respond to irregularities that may indicate bot interference.

Another key measure is public and private API security. APIs are a primary target for bots, and securing them requires robust authentication, rate limiting, and encryption. Regularly updating and patching systems will also close vulnerabilities that bots could exploit.

Collaboration within the industry to share intelligence about emerging bot trends and attack vectors can enhance collective security. Establishing a shared database of known bot signatures and participating in industry-wide forums will contribute to a more proactive defence.

Lastly, educating customers about the risks of bots and how to recognize suspicious activity will empower them to be part of the solution. Clear communication about security measures and best practices can foster a safer online environment for all.

By integrating these recommendations, the travel sector can significantly reduce the impact of bad bots and protect its customers, reputation, and revenue from this growing cyber threat.