Fraudulent attacks cost travel intermediaries around the world a mammoth $21 billion last year.[1] By 2020, that figure is expected to spiral to $25 billion.[2]
The vulnerability of travel agencies – in particular online agencies (OTAs) – shouldn’t come as a surprise. Accounting for a staggering 10.4% of global GDP, the travel industry is booming.[3] And where there is money, fraudsters will follow. Add to that the challenges associated with rapid consumption, last-minute bookings, and managing a huge global supplier base, and the lure of the travel industry becomes clear.
So, how can OTAs keep an eye out for fraudsters that are becoming ever-more sophisticated in their methods? And what processes should they have in place to reduce the likelihood of being duped? Based on our research, Fraud in Travel Payments, there are some straightforward ways to reduce fraud risk, and improve the rate of recovery if fraud does occur.
Encourage customer registration
A simple way for travel agencies to reduce fraud, particularly when it relates to the use of stolen payment details, is the introduction of a simple customer registration process. Information such as contact details, nationality, date of birth, and payment details should be captured to develop positive and negative lists of customers to better monitor and filter transactions. These can also be used to establish the foundation for fraud control tools and processes, as well as enable better collaboration with other organisations.
Educate employees and promote collaboration
When it comes to cybersecurity, a company is only as strong as its weakest link. Fraudsters can target anyone, at any time. For this reason, it is important that all employees within the company can identify the warning signs. For example, to prevent a company’s payment details or login credentials falling into the wrong hands employees need to be able to identify phishing attacks, such as bogus emails, that claim to be from trusted sources or legitimate external providers. Internal collaboration across company departments and external collaboration, with trade associations or other legitimate players in the value chain, is also essential. By sharing information, and improving visibility across different networks, a system-wide reduction in fraud risk can be achieved.
Know your supplier
Travel intermediaries face a balancing act between offering a wide range of travel services and being diligent with travel suppliers. To be sure that a travel supplier really exists and is who they say they are, it is important undertake a level of background or reference checking. Even a trusted relationship requires due care and attention as rogue employees may enter organisations at any time, or fraudsters may infiltrate payment-related systems and platforms.
Include payments in cybersecurity scope
When developing their cybersecurity strategies, travel intermediaries must consider how to secure their payment platforms and methods. This should typically cover requirements for password complexity, regular password changes, tracking of login patterns for unusual activity (e.g. locations or IP addresses), use of multi-factor authentication, and account lockouts after failed attempts or account inactivity.
Apply internal controls
Regulations should be implemented to ensure no single employee has complete control over transactions. To support red flagging of transactions, without fear of retribution and reprimand, there should be a ‘maker’ that enters the transactions, followed by a ‘checker’ who validates data and sanctions the transaction.
Introduce fraud pattern reporting and analysis
Rapid detection and reporting on fraud can aid recovery and inform prevention efforts. Reporting should include information such as IP addresses, account numbers, time of booking, routes or locations included, suppliers, price paid, item price, fluctuation history, time to departure or stay, and other key data points. This information should then be analysed to identify fraud trends and inform preventative activities, such as stricter controls for high-risk transactions. Effective fraud analysis can also lead to less friction for legitimate customers and a decrease in fraud, false positives, and manual reviews.
Use payment methods that offer protection and recovery mechanisms
Virtual cards tend to include a range of control mechanisms that help to lessen the risk of fraud, and aid recovery if a successful attack does occur. Virtual Account Numbers (VANs), for example, can be created as single use only, can incorporate card specific activation and expiry dates, and can include limitations on usage down to a single merchant category or even a single specific merchant. In total, VANs offer travel intermediaries ten different control options – all of which help to curb fraud risk without impeding the flow of legitimate payments.
With more and more travellers looking to book their travel online, fraud attempts in the industry will undoubtably continue to surge. However, by following these steps, OTAs can significantly improve their defences in the fight against cybercriminals. There’s no reason to let them win!
[1] ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.
[2] ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.
[3] World Travel and Tourism Council, The Economic Impact of Travel and Tourism, 2018.