Think of a fraudster or other online criminals, and you likely imagine people trying to get customer details from Amazon, hacking into bank accounts to siphon off money, or extracting data from one of the big eCommerce retailers, software providers, or marketplaces.
You probably don’t think of online travel businesses, such as travel agents, rental car companies, airlines, or hotels. The truth is that online fraud is a particularly big thorn in the side of travel merchants. Attack vectors and techniques are evolving quickly — online travel agents (OTAs) and anyone else involved in the travel industry needs to stay ahead of these fraudsters to protect their already thin profit margins.
It’s easy to understand why fraudsters target these organizations:
- They are difficult businesses to manage, with many moving parts — keeping track of purchases and processes is a challenge.
- These are businesses with high volume and lots of orders, creating a large number of transactions to review.
- The sales processes happen across thousands of different routes and products, featuring a vast number of data points with widely varying levels of risk.
- Airline tickets, hotel bookings, rental cars, and package deals all cost a lot of money. A fraudster has to get far fewer fraudulent sales approved to make this type of fraud worth their while.
Unique Challenges that Online Travel Merchants Face with Fraud
Fraudsters target all types of industries, and a number of merchants face the same issues listed above. But travel merchants face some unique challenges that make it especially difficult to deal with attacks.
The Speed and Type of Transactions
In online travel, tickets need to be provided quickly, and there is no tangible object provided, making this a ripe target for criminals. Tight timelines require travel merchants to make a quick decision and leave little time for manual fraud review. And because these transactions don’t require a shipping address, a valuable data point is unavailable. High price, low margins, and limited information mean travel merchants often turn away good transactions out of fear of fraud.
Tourists make many first-time bookings when traveling – with airlines, hotels, and car rental companies, which means they have no transaction history with the merchant. Certainly some purchases are from repeat customers, but the nature of travel makes first-time purchases more common than in other online industries. Without a purchase history to rely on, travel merchants are – pun intended – flying blind, and are therefore more likely to decline good customers.
Online travel agents and other travel businesses receive transactions from across the world. That’s how travel works – someone in Tokyo books a vacation to Los Angeles and decides – while there – to take a flight on Air Canada and check out Vancouver. That purchase – Japanese credit card being used in the US with a Canadian merchant – might look suspicious in other industries, but in travel it makes perfect sense. That means that travel businesses can’t rely on fraud solutions that regard travel like any other industry. Doing so will turn away a large number of legitimate customers.
The Impact of Fraud on Travel Businesses
As difficult as it is to manage the threat of fraud, failure to do so is extremely costly. Criminals can steal anywhere from hundreds to thousands of dollars in online travel transactions, with average order amounts ranging from $250 to $600. Cumulatively, CNP fraud costs the travel industry many billions of dollars a year, with airlines shouldering anywhere from $2.5 billion to $5 billion in annual credit card fraud. This is exacerbated by travel having tight margins and extremely high competition.
How Fraudsters Target the Online Travel Market
There are many attack methods that fraudsters use to target travel merchants. Criminals will do any of the following – sometimes combining tactics – to pull off their scams:
- Book travel using stolen or cloned credit cards — as the fraudsters aren’t spending their money to purchase the tickets, they can sell them at a discount – either to unscrupulous customers through Dark Net forums or to unaware customers through legitimate-looking fake travel websites – and pocket all of the profits.
- Getting refunds or chargebacks on high-value bookings — criminals often attempt to convert their travel purchases to cash by demanding refunds to another payment method.
- Account takeovers — account takeovers (ATOs) occur when a fraudster has access to a legitimate customer’s account on a travel website, like American Airlines or Expedia. They can then book tickets posing as that customer, and it becomes much more difficult to verify their identity.
- Cashing out reward points or miles — this is a frequently used tactic when fraudsters have account access. They’ll log in to a legitimate customer’s account (via ATO), redeem the rewards or miles, and sell the result for profit.
There’s another danger for travel merchants — where being risk-averse leads to them rejecting legitimate transactions. Chargebacks and inventory lost to fraud creates a lot of financial pain for a merchant. Because of this, they may approach purchases as risks rather than opportunities, rejecting good sales through manual review or legacy fraud solutions. This can result in many false negatives, ultimately losing the sale to a competitor and upsetting a legitimate customer. This is a widespread problem. Overly cautious merchants often move too far in the other direction, and their fear of fraud becomes a bigger problem than the fraud itself.
Dealing with Fraud in the Travel Industry
What can travel merchants do to reduce the likelihood of fraud and minimize their losses? We believe that a scalable, intelligent fraud-detection system based on machine-learning algorithms is the best approach.
Riskified provides an automated, accurate fraud-detection system with machine learning models tailored to online travel. We recognize that online travel merchants need to maximize their revenue, and our modular solution is designed to meet merchants’ evolving needs. Learn more about our solution.