Fighting fraud in the travel industry

Anthony Hynes, Managing Director and CEO, eNett International 

Travel fraud is escalating at an unprecedented rate. In 2017, fraudulent attacks cost travel intermediaries a whopping USD21 billion.[i]

By 2020 that figure is expected to spiral (reaching USD25 billion) as both the number and sophistication of aspiring fraudsters continues to rise.[ii]

Popular new fraud methods, most notably the rise of the ‘fake hotel’, inflated room prices, and dodgy tickets, are leaving online travel agents (OTAs) frustrated and out of pocket.

So, how can travel agencies battle the cybercrime scourge? As eNett’s report, Fraud in Travel Payments highlights, the travel industry can begin to stem the cybercrime epidemic by raising industry awareness around evolving fraudster tactics, and improving industry knowledge on cybersecurity best practices.[iii]

Here are just a few of the top fraudulent tactics to be aware of, alongside some simple mechanisms that travel agencies can implement to improve their security defenses.

Anthony Hynes

The rise of the sophisticated fraudster

Fraudsters targeting the travel industry are becoming ever-more ingenious in their methods, utilising technological advances to strike their victims. Recent developments in travel payment fraud include:

• The ‘fake hotel’:

The notorious ‘fake hotel’ scam is claiming more and more victims. In recent months, fake chalet websites, such as Alps.stay.com (now suspended), have conned unsuspecting holiday-makers out of tens of thousands of euros.[iv]

It is not just consumers who are falling victim to fake hotel scams. Fraudsters are also listing fake properties on an OTA’s website and then using stolen credit card details to make fake bookings.When the OTA then goes to make a payment to the fake hotel, it receives a chargeback. However, by this point, the fraudster will already have withdrawn all the funds paid by the OTA and won’t respond to any contact attempts, leaving the OTA facing financial losses.

• Inflated room prices and supplier collusion:

Fraudsters are also colluding withgenuine hotels tocon OTAs out of their cash. This common scam involves fraudsters approaching a hotel and persuading them to raise the cost of its rooms on an OTA’s site. Using stolen card details, the fraudster will then book these rooms at artificially inflated prices, leaving the OTA to suffer chargebacks, while helping to boost profits for the hotel (who can provide documentation relating to the attendant guest). This provides perpetrators with an easy income.

• ‘Dodgy tickets’

The growing influx of ‘dodgy tickets’ is another scam infiltrating both OTAs and their customers. Fraudsters are now using stolen credit card details to purchase last-minute tickets to tourist attractions and then rapidly selling these tickets on via social media platforms at a discounted price. In this situation, the tourist attraction operator or OTA is left out of pocket after a chargeback, or when the customer arrives at the attraction they find their ticket has been cancelled (as the initial ticket purchase has been reported as fraudulent).

Fighting fraud

So, how can OTAs strengthen their defences against savvy fraudsters? Here are a few best practices they should follow:

• Know your supplier

To tackle fraud, travel agencies need to ensure they are performing appropriate due diligence during supplier onboarding to limit the risk of scams such as ‘the fake hotel’ phenomenon and ‘inflated room prices’. Even a trusted relationship requires attention, since rogue employees may enter organisations at any time or fraudsters could infiltrate payment-related systems and platforms.

• Implement internal controls

OTAs should also implement internal regulations to ensure no single employee has complete control over transactions. To support red flagging of transactions, without fear of retribution and reprimand, there should be a ‘maker’ that enters the transactions, followed by a ‘checker’ who validates data and sanctions the transaction.

• Use payment methods that offer protection mechanisms

Travel agencies need to make sure their payment methods offer a certain level of protection against fraud. Virtual cards, for example, offer a range of control mechanisms that help to lessen the risk of fraud without impeding the flow of legitimate payments. These can only be used once, can incorporate card specific activation and expiry dates, and can include limitations on usage down to a single merchant category or even a single specific merchant. In addition, to help travel intermediaries potentially recover funds should fraud occur, eNettVirtual Account Numbers (VANs) also offer sophisticated chargeback capabilities.

• Introduce fraud pattern reporting and analysis

Rapid detection and reporting on fraud is also essential to aid recovery and inform prevention efforts. Reporting should include information such as IP addresses, account numbers, time of booking, routes or locations included, suppliers, price paid, item price, fluctuation history, time to departure or stay, and other key data points. This information should then be analysed to identify fraud trends and inform preventative activities moving forward. Effective fraud analysis can also lead to a decrease in false positives and less friction for legitimate customers.

To beat fraud, OTAs are starting to play fraudsters at their own game and become more sophisticated in their security measures. Employees should be: educated on ever-evolving fraudster tactics, up to date with the latest know-how on cybersecurity best practise, and aware of the advanced technological solutions now available to them. Only by doing so, can OTAsbegin to stem the cybercrime tide and tackle their own vulnerability.

[i]ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.

[ii]ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.

[iii]ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.

[iv]  See http://www.dailymail.co.uk/travel/travel_news/article-5421545/The-FAKE-ski-chalet-websites-scamming-unwitting-customers.html.

Anthony Hynes, Managing Director and CEO, eNett International 

Travel fraud is escalating at an unprecedented rate. In 2017, fraudulent attacks cost travel intermediaries a whopping USD21 billion.[i]

By 2020 that figure is expected to spiral (reaching USD25 billion) as both the number and sophistication of aspiring fraudsters continues to rise.[ii]

Popular new fraud methods, most notably the rise of the ‘fake hotel’, inflated room prices, and dodgy tickets, are leaving online travel agents (OTAs) frustrated and out of pocket.

So, how can travel agencies battle the cybercrime scourge? As eNett’s report, Fraud in Travel Payments highlights, the travel industry can begin to stem the cybercrime epidemic by raising industry awareness around evolving fraudster tactics, and improving industry knowledge on cybersecurity best practices.[iii]

Here are just a few of the top fraudulent tactics to be aware of, alongside some simple mechanisms that travel agencies can implement to improve their security defenses.

Anthony Hynes

The rise of the sophisticated fraudster

Fraudsters targeting the travel industry are becoming ever-more ingenious in their methods, utilising technological advances to strike their victims. Recent developments in travel payment fraud include:

• The ‘fake hotel’:

The notorious ‘fake hotel’ scam is claiming more and more victims. In recent months, fake chalet websites, such as Alps.stay.com (now suspended), have conned unsuspecting holiday-makers out of tens of thousands of euros.[iv]

It is not just consumers who are falling victim to fake hotel scams. Fraudsters are also listing fake properties on an OTA’s website and then using stolen credit card details to make fake bookings.When the OTA then goes to make a payment to the fake hotel, it receives a chargeback. However, by this point, the fraudster will already have withdrawn all the funds paid by the OTA and won’t respond to any contact attempts, leaving the OTA facing financial losses.

• Inflated room prices and supplier collusion:

Fraudsters are also colluding withgenuine hotels tocon OTAs out of their cash. This common scam involves fraudsters approaching a hotel and persuading them to raise the cost of its rooms on an OTA’s site. Using stolen card details, the fraudster will then book these rooms at artificially inflated prices, leaving the OTA to suffer chargebacks, while helping to boost profits for the hotel (who can provide documentation relating to the attendant guest). This provides perpetrators with an easy income.

• ‘Dodgy tickets’

The growing influx of ‘dodgy tickets’ is another scam infiltrating both OTAs and their customers. Fraudsters are now using stolen credit card details to purchase last-minute tickets to tourist attractions and then rapidly selling these tickets on via social media platforms at a discounted price. In this situation, the tourist attraction operator or OTA is left out of pocket after a chargeback, or when the customer arrives at the attraction they find their ticket has been cancelled (as the initial ticket purchase has been reported as fraudulent).

Fighting fraud

So, how can OTAs strengthen their defences against savvy fraudsters? Here are a few best practices they should follow:

• Know your supplier

To tackle fraud, travel agencies need to ensure they are performing appropriate due diligence during supplier onboarding to limit the risk of scams such as ‘the fake hotel’ phenomenon and ‘inflated room prices’. Even a trusted relationship requires attention, since rogue employees may enter organisations at any time or fraudsters could infiltrate payment-related systems and platforms.

• Implement internal controls

OTAs should also implement internal regulations to ensure no single employee has complete control over transactions. To support red flagging of transactions, without fear of retribution and reprimand, there should be a ‘maker’ that enters the transactions, followed by a ‘checker’ who validates data and sanctions the transaction.

• Use payment methods that offer protection mechanisms

Travel agencies need to make sure their payment methods offer a certain level of protection against fraud. Virtual cards, for example, offer a range of control mechanisms that help to lessen the risk of fraud without impeding the flow of legitimate payments. These can only be used once, can incorporate card specific activation and expiry dates, and can include limitations on usage down to a single merchant category or even a single specific merchant. In addition, to help travel intermediaries potentially recover funds should fraud occur, eNettVirtual Account Numbers (VANs) also offer sophisticated chargeback capabilities.

• Introduce fraud pattern reporting and analysis

Rapid detection and reporting on fraud is also essential to aid recovery and inform prevention efforts. Reporting should include information such as IP addresses, account numbers, time of booking, routes or locations included, suppliers, price paid, item price, fluctuation history, time to departure or stay, and other key data points. This information should then be analysed to identify fraud trends and inform preventative activities moving forward. Effective fraud analysis can also lead to a decrease in false positives and less friction for legitimate customers.

To beat fraud, OTAs are starting to play fraudsters at their own game and become more sophisticated in their security measures. Employees should be: educated on ever-evolving fraudster tactics, up to date with the latest know-how on cybersecurity best practise, and aware of the advanced technological solutions now available to them. Only by doing so, can OTAsbegin to stem the cybercrime tide and tackle their own vulnerability.

[i]ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.

[ii]ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.

[iii]ENett and Edgar Dunn and Company, Fraud in Travel Payments, 2018 Report.

[iv]  See http://www.dailymail.co.uk/travel/travel_news/article-5421545/The-FAKE-ski-chalet-websites-scamming-unwitting-customers.html.