This is a guest article by Kelly Davidson from Merchant Savvy
Fraud affects all industries. The airline industry is no different.
Over the past two decades, the airline industry - like many others - has become increasingly digital. Last year, according to Amadeus research, almost 40 percent of all tickets were sold online. This makes the industry a perfect target for would-be frauds. In the last ten years, the situation has gotten worse than ever. Between 2011 and 2020 tripled from $9.84 Billion in 2011 to $32.39 in 2020.
If you’ve read an AltexSoft article on revenue integrity in airlines, you know that ticket manipulations are one of the main sources of revenue leakage. Today, we’re going to see how ticket fraud affects airline companies, and find out:
- What caused the airline industry to go digital
- How online criminals commit fraud most often
- What fraudsters do to obtain tickets and funds
- How airline security loopholes are caused
- What online companies can do to prevent fraud
To learn more on fraud detection systems in general, check this video.
Fraud detection with machine learning
First, we need to discuss…
How Ticket Sales Became More Digital
The way we buy clothes and groceries, listen to music and news, and watch movies now involves the Internet in some capacity. The same goes for ticket booking. Thanks to tech investments, airlines have improved the digital experience of their customers immensely.
With more reliable booking systems and superior data analytics, airlines have managed to make their service more personalized. Companies that are more experience-orientated are reaping the rewards, with more than 200 percent increase in revenue compared to competitors.
Different customers receive different offers at different intervals. The airline companies also invested in cleaner, more user-friendly interfaces. These efforts are paying off. By the end of next year, online booking is expected to account for more than half of all ticket bookings.
But everything has a price. With travel agents playing smaller and smaller roles in bookings, airlines are becoming an easy target for fraudsters. Outdated security systems and a decade old IT infrastructure aren’t adequate for fighting cybercriminals.
Some companies even have trouble monitoring their own employees, due to the size of their organization. And when that’s the case, looking out for outside threats is next to impossible.
All of this brings us to the following question.
Common Types of Airplane Ticket Fraud
What are some of the most widely used fraudulent tactics in the airline industry? Fraud comes in many shapes and forms at almost every point along the ticket booking process. Here are some of the common types of airline fraud.
Image Source: www.cybersource.com
Fake Payment Information
In most cases, criminals simply use someone else’s personal and credit card information to commit fraud. Just a few years ago, in June 2016, the European branch of Interpol cracked down on more than 140 criminals in a 48-hour sting operation.
Stealing Loyalty Miles
Credit cards aren’t the only targets for online criminals. They also steal loyalty miles. This happens more than you think. Every year in the US, $48 billion worth of loyalty points is collected by frequent flyers. What does it take to steal these miles? All fraudsters need to do is hack into someone’s account and use their free miles to book a flight.
Phishing Employee Accounts
In addition to customers, airline employees are also vulnerable to online scams. Phishing is a technique in which a fraudster sends an email impersonating a higher up in an effort to solicit confidential information. According to Digital Trends, in a recent phishing attack, airline employees lost more than $2 million worth of tickets.
Some employees fall victim to fraud while others commit it. Although companies usually trust their employees, as Virgin Australia found out, some employees will knowingly exploit system loopholes to their benefit. A call center employee was discovered to have booked over $225,000 worth of flights for friends and family over a 30-month period.
Fake Travel Agencies
A few years ago, Delta Air Lines discovered a fraud perpetrated by four 3rd-party websites. The websites charged travelers for canceling their flights. Scammers also fabricated stories to Delta about why tickets were being cancelled.
Customer Account Hacks
To save time when making a purchase, people create personal accounts on various websites. As you’re well aware, user accounts get hacked all the time. American and United Airlines found out about it the hard a few years ago, when their customer accounts were compromised and dozens of flights got booked.
State-of-the-art IT systems get hacked every day. What chance does a simple POS machine have? As Verizon discovered back in 2016, these machines have nothing on hackers. Nearly 75 percent of data breaches in the hospitality industry come from POS machines.
Nothing’s safe from fraudsters. Not even in-flight merch. In 2015, two fraudsters conned multiple companies out of expensive in-flight goods, using cards that exceeded their limit. They swiped their cards during the flight, when the transactions would go through. The fraudsters would leave the plane before attendants had the opportunity to find out that the card was rejected.
How Fraudsters Obtain Tickets and Funds
The cybercrime industry is huge. Some researchers believe that the industry generates at least $1.5 trillion in revenue on a yearly level. How do criminals make so much money?
By selling stolen goods, credit cards, and personal information. This also happens often in the airline industry. Here are a few ways fraudsters steal tickets, funds, and data.
For a lot of criminals, fraud is their profession. And they take it seriously. They know the industry in and out, so they know what weak spots to attack. For instance, a fraud will book a near-term departure at any ticket value with an online travel agent service.
The transaction is paid with stolen credit card information. They do this when they know that there are no staff members in the office to manually check any suspicious activities. Instead, everything is sent to less interested and experienced call center operators.
Phishing, password hacking, and email hacking are just a few ways fraudsters use to get into user accounts and make use of their loyalty points. Sometimes, a fraud will find a company employee willing to compromise user data in exchange for a share of the profit.
Once a fraudster gains access to an account, they will purchase tickets and resell them on the black market, book flights for themselves, or redeem stolen miles in another place. Some criminals use loyalty points to book hotels, rent out cars, and even buy luxury items.
While we don’t have the exact information about the number of fake travel agency websites out there, we know that there are lots of them. More often than not, these websites have a system that notifies the fraudster and their team when a gullible traveler tries to book a flight.
Instantly, the fraudster goes and books a real flight using fake payment information. The tickets to this flight are then sold to the customer with an incredible discount. This is what is called a triangulation scheme, since there are three potential victims: the passenger, airline, and possibly an intermediary travel agent.
What Causes Security Loopholes
Why does the airline industry struggle so much with security? Are the fraudsters just so persistent that airline companies don’t have a chance against them? Or are the companies simply too careless in certain situations?
Image Source: www.cybersource.com
Let’s see how security loopholes in the airline industry come to being in the first place.
Lack of Security from the Suppliers
We’ve already talked about the POS machines and how much of a security risk they present. Well, airlines make themselves a target by working with uncaring POS suppliers who provide little to no security. Furthermore, airlines often do work with out-of-date security companies who have no possibilities of securing the IT infrastructure or monitoring the employees effectively.
Poor Consumer Security Habits
The third-party suppliers aren’t the only problem. Fact of the matter is, when it comes to cybersecurity the average consumer simply isn’t literate enough to protect themselves. According to a recent survey, almost two-thirds of people have no idea whether they’ve been affected by any of the major data breaches in the past. By failing to protect their credit card and personal information, consumers are practically inviting hackers to scam them.
Overall Increase in Digital Crime
While the airlines can blame themselves, their clients, and vendors for a portion of the incidents, the reality is, cybercrime has been on the rise for the last couple of years. Airline fraudsters are becoming more and more digital savvy. Researchers assess that around 5 percent of the entire web is made up of the infamous Dark Web. There, one can find cheap airline services, free miles, and stolen tickets in a matter of minutes. With a large illegal market, scammers are working harder.
How to Secure Airline Transactions
Did you know that taking a simple flight carries so much risk? Do you feel more vulnerable? If you’re a part of the airline industry, you probably do. While there’s more cybercrime in the industry than one would assume, there are ways to protect yourself.
Here are a few ways you can secure airline transactions and keep fraudsters away.
Introduce 2-Factor Authentication
Two-factor authentication is a security check that allows users to log into systems more safely. It works by using the traditional username and password generation process. However, it goes a step further by sending the user a security code via SMS. While some users consider 2FA a hassle, it’s not a lot of work for an additional security layer.
Integrate a Booking Platform
Whether a company sells tickets only offline, online, or using a combination of both - like most do nowadays - all sales should be tracked using a central booking system. A booking platform allows the company to detect suspect activities much faster and react almost instantly. They can block tickets, transactions, and blacklist certain accounts, in mere minutes.
Enforce a Series of Security Checks
When you’re running a large operation, having insight into every transaction is a must. That’s why airlines need to have multiple checks that will ensure that every ticket booking is legitimate. These security checks need to be automated because manual checking would slow down the booking process and add even more loopholes to it.
Incident Management Process
When fraud happens, the most important thing is to react quickly. Both the management and low level employees need to know how to react to the situation as soon as it happens and increase the chances to catch the fraudsters. To coordinate their resources properly, airlines need to have an incident management process in place.
Start Using Fraud Detection
Finally, and perhaps most importantly, companies need to use fraud detection platforms that will help them discover these situations in a timely manner. By accessing information across a number of systems, fraud detection platforms are able to discover suspicious transactions and cancel them automatically. They also collect additional information that helps catch the perpetrators.
Airline fraud isn’t something that can be taken lightly. When not addressed properly, it can have grave consequences for everyone involved, including frauds, customers, companies, and even third-party vendors. When it comes to airline ticket fraud, companies need to be proactive.
Airline companies need to educate employees and customers about potential scams. Implementing the right fraud prevention tools is a must. They also need an architecture that will help them prevent fraud, fight fraudsters, and catch them in case something does happen.
Kelly Davidson is the editor, data whiz and main PR gal at Merchant Savvy, a comparison site that reviews and rates merchant account providers, ecommerce platforms and small business software.
Want to write an article for our blog? Read our requirements and guidelines to become a contributor.