In 2019, the travel and hospitality industry accounted for a whopping 10.3 percent of global GDP. While this share decreased to 5.3 percent in 2020 due to pandemic restrictions, in 2021, the industry saw a rise of up to 6.1 percent, which is about $5.7 trillion. Of course, everyone knows that fraudsters won’t be far from where money is, especially when most transactions happen online. And due to the industry's characteristic high-value one-off payments, a large number of businesses across the world, and rapid customer consumption of services, the travel and hospitality sector is a huge target for fraud.
This article discusses various types of travel frauds and how travel managers can combat scams at inception with early detection and prevention.
What is travel fraud protection and why is it important?
Travel fraud prevention or travel fraud protection is a set of proactive measures that can and should be taken by businesses working in the travel and hospitality sphere to timely detect fraudulent activities and prevent them from happening.
How to fight financial fraud with ML-powered fraud detection software
Time dictates its rules: More and more companies are moving to the digital landscape. This delivers convenience to customers who can easily search for holiday destinations, book accommodations, and make payments online. On the flip side, the increased flow of money online has provided more opportunities for fraudsters.According to the 2022 Global Digital Fraud Trends Report conducted by TransUnion — an American consumer credit reporting agency — suspected digital fraud increased by 52.2 percent between 2019 and 2021 with travel and leisure being one of the industries that suffer from scamming the most.
“It is quite common for fraudsters to shift their focus every few months from one industry to another,” says Shai Cohen, Senior VP of Global Fraud Solutions at TransUnion. “Fraudsters tend to seek out industries that may be seeing immense growth in transactions. This quarter [2021], as countries began to open up more from their COVID-19 lockdowns and travel and other leisure activities became more mainstream, fraudsters clearly made this industry a top target.”
The latest estimates by IATA show airlines alone lose a minimum of $1 billion annually because of payment fraud. And this number doesn't even include related areas such as frequent flier programs or revenue integrity problems.
So, if you own or manage a business that has something to do with travel and hospitality or are responsible for revenue management in your company, you want to know how to avoid or at least minimize being scammed.
Forewarned is forearmed, right? Let’s get you forewarned about what fraudulent activities there are and how they can be thwarted.
Types of fraud in the travel industry and ways to combat them
Due to the nature of the industry, the face of scamming in travel wears a lot of masks that often look quite credible to the naked eye. Travel frauds can range from bonus/loyalty abuse to bookings made with stolen credit cards leading to chargebacks to fake online travel websites, etc. To know how to mitigate fraud attempts, you first have to get acquainted with the most common travel fraud schemes, the industry players that suffer most, and who’s responsible for combating them.
Major types of travel fraud
Travel insurance fraud
Key fraud victims: insurance carriersIn 2021, a man from London tried to eat forged documents after he was found guilty of making a fraudulent claim for £13,000 (nearly $16,000) for alleged medical costs in treating an ear injury while in Florida. While ridiculous, this is not an isolated incident of travel insurance fraud.
Travel insurance fraud is the act of making false claims to a travel insurance provider. In other words, the insured seeks to obtain money for losses that did not occur or aren’t subject to insurance coverage.
Below you can find a list of various types of false claims and misleading statements that can be considered travel fraud:
- applying an insurance claim for lost baggage when nothing was actually lost;
- exaggerating the value of items a traveler allegedly had in baggage that was misplaced (when there’s suddenly a new iPhone in a $2,000 Prada handbag);
- fabricating injuries that are said to have been received during a trip to get insurance payment; and
- canceling a trip because of illness or emergency when in reality it’s been canceled for other reasons not covered by travel insurance.
Travel expense fraud
Key fraud victims: companies that need their employees to go on many business trips, travel management businessesIt's not rare for employees to take business trips. Travel business expenses are then reported by an employee to receive reimbursement. Unfortunately, this may lead to expense fraud.
Travel expense fraud is an intentional attempt at fabricating business travel expense claims and/or inflating reimbursements. This can be, for example, submitting a refund claim for hotel costs for a business trip an employee actually turns into leisure (do not mistake it for bleisure).
Here are a few popular types of travel expense frauds:
- providing fake receipts that look real;
- submitting personal expenses under the category of those required for a business trip;
- inflating the costs of a legitimate expense like extra mileage; and
- submitting the same receipts multiple times.
Machine learning-driven software can process vast amounts of heterogeneous data to uncover hidden indicators of fraud and correlate it to data delivered in real time to identify anomalies in expenses. The software then provides automated alerts on suspicious behavior and potential theft.
Stolen credit card fraud
Key fraud victims: travel (and not only) companies of different sizeThis travel fraud involves stealing the credit card information of a cardholder to sell it on the black markets for others to perpetrate online purchase frauds. The information can be stolen through data breaches, card skimming, or malicious programs installed on legitimate websites. If a cardholder doesn't report stealing, the card is considered clear.
Such fraud is often used for last-minute booking purposes. This is due to airlines, online travel agencies (OTAs), and hotels having less than 48 hours to check data and detect possible fraud. Conmen may buy a ticket the day before departure and promptly check in for the flight online. They know that even if an OTA detects the fraud, the airline would hardly deny boarding to a confirmed passenger.
What to do to prevent fraud? While difficult, travel businesses can prevent this kind of fraud by monitoring transactions and creating a risk score. At checkout, companies may pay attention to the type of a credit card (whether it is local or foreign as the latter has a higher chance of fraudulence), the mismatch between a payer’s IP address and billing information, repeated purchases from the same user within a short period of time. Credit card fraud detection, of course, can be automated with the software we’re going to review further.
Fake online travel agency fraud
Key fraud victims: Online travel agencies and travelersBogus OTAs are the source of the most outrageous scams. There have been numerous cases when travelers have been sold counterfeit airline tickets, hotel rooms that don’t exist, false vacation packages, and car rentals from fake vendors.
To commit such frauds, popular websites and apps are cloned and become publicly accessible on the web and in app stores. The fake platforms are well-made and have the look and feel, logo, and features almost identical to the original ones. As a result, users often get confused and use a fake phishing website or download the cloned app. What’s more, there may be malware within the app that can take over the device, resulting in compromising the security and account takeovers we’ll discuss here too.
What to do to prevent fraud? No matter how obvious it sounds, ensure your travel agency is reputable and legitimate in the eyes of your customers. Make it easy for your users to identify your website, so invest in your branding. In addition to that, pay attention to internal linking since it may help users still get back to the original site because links are rarely deleted by fraudsters. If cloning has already happened, discover and block the IP of a clone site and then reach out to the domain provider, host, or CDN to explain the situation.
Also, it won’t harm to conduct some webinars or run information campaigns where you would explain the distinctions between a real OTA and a doppelganger.
Chargebacks fraud
Key fraud victims: Travel sellers and airlinesAccording to research conducted by Amadeus, one of the key challenges many airlines and travel sellers faced as of Q1 2022 is chargebacks.
A chargeback or a formal process of disputing a transaction is the return to the cardholder of credit card funds used to make a purchase. It occurs if a customer claims that the purchase made with their credit card was fraudulent, made without their permission, or wasn’t completed. As a result, the bank takes the money from a merchant and returns it to the cardholder
Many travel providers admit that they find it difficult or even impossible to handle all requests, so they are forced to pay out on almost every occasion, whether a chargeback is liable or fraudulent. Delayed flights or services that haven’t been timely provided are the most popular reasons for chargebacks.
What to do to prevent fraud? One of the key steps travel agents should take is moving towards automation and better information visibility. Check what anti-fraud measures your payment gateway provider offers. Also, use analytics tools capable of collecting information about a customer, purchasing activities, and other behavioral data. This may help you to have a more complete picture and decide whether a particular purchase is fraudulent or not.
Friendly fraud
Key fraud victims: Travel sellers and airlinesOne of the most popular yet difficult-to-catch techniques used for conning travel merchants is friendly fraud.
The so-called friendly fraud is a chargeback-related fraud that is often indistinguishable from a true chargeback query at first glance, leaving merchants uncertain whether they are dealing with a salvageable customer service problem or a purposeful scam. For example, cardholders may falsely claim that they didn’t authorize the charge when in fact they did. Or, they may say that the merchant is ignoring their emails when in fact they never reached out to the travel agent. Or, this can be a parent claiming that their child stole a credit card and booked a vacation in Spain.
What to do to prevent fraud? Communication can resolve issues with friendly fraudsters who don’t actually intend harm. In other cases, travel vendors can use chargeback alert services and programs like Visa Merchant Purchase Inquiry that provide a window of opportunity to resolve customer complaints before the chargeback takes effect.
Friendly fraud chargebacks can be disputed. For this, merchants will need enough information to prove that a buyer is committing chargeback abuse. The data may include browsing information, proof of delivery, positive payment results, address matches, phone and email matches, IP connections, etc. Instead of manually doing it all, travel providers can use AI-powered platforms like Riskified, Signifyd, or SEON, for example, that help identify the individual behind online interactions.
Account takeover
Key fraud victims: Travelers and travel agenciesAccount takeover (ATO) is a popular scam occurring when fraudsters obtain a person’s credentials to get access to their accounts. These may be airline loyalty program accounts with points and miles a passenger has been rewarded with over a long period of using airline services. Since these points and miles can be spent like money in a variety of ways, fraudsters can take advantage of them to book travel or get other discounts.
What to do to prevent fraud? Travel managers can strengthen their privacy settings by maintaining a multi-level account authentication process and custom sets of rules for accessing travel accounts. To handle account takeover, you can also opt for Address Verification Service (AVS), verify the card security code (CVV or CVC), and recognize photos of identity documents online.
These are major examples of travel fraud happening today. Keep in mind that new scams are emerging regularly, so it’s important for online travel agencies to stay informed about changes to protect themselves and their customers. Luckily, fraud detection technology can come in handy and identify fraud early so that timely preventive measures can be taken.
Existing fraud detection software to spot and mitigate travel fraud attempts
In recent years, larger companies have almost all employed more staff whose task is to detect and investigate fraud. Needless to say that it is quite costly and not always efficient as humans are prone to error. Travel industry-specific data is particularly hard to analyze for humans as it involves a huge array of points such as arrival and departure dates, booking details, transaction data, and more (read our articles on vacation rental data and hotel data management to better grasp the problem)So, to mitigate the risk of being scammed, ideally, there should be fraud analytics and detection software in place. Today, there is a large selection of providers offering an especially rich portfolio of services. They have extensive experience and operate on all sales channels and in any geographical location. Everyone can find an offer tailored to their need, from a basic rule system installed in-house to the full outsourcing of fraud detection.
Here are a few key features to look for in fraud detection software:
Transaction monitoring — examining every transaction for various fraud indicators including checking the credit card type, geolocation of the transaction that has been made, and transaction velocity.
User profiling — composing a complete customer profile by analyzing such information as behavioral data, identity info (credit card details, emails, social media accounts), etc.
Risk rules — creating risk rules for specific scenarios that would filter users based on their actions and provided data. An example of the rule: Repeated purchases from the same user from different geo-locations in a narrow timeframe = block account.
Risk scoring — assessing a particular case and giving it a score for more sophisticated risk analysis.
Machine learning module — ML algorithms are capable of taking into account a plethora of factors both external and internal, learning from past user interactions, recognizing patterns, and identifying thousands of signals for hundreds of fraud schemes and attack vectors. And the best thing is, they can do it automatically, so it is a must-have module in your fraud detection software.
Here are a few solutions to consider that are designed to combat fraud at inception.
Please note! We do not promote any of the solutions listed.
Amadeus Fraud Management: Solution designed for the travel industry
Amadeus is a global distribution system (GDS) that has been in the heart of the travel industry for over 30 years. So, the company knows that fighting fraud is a major struggle for airlines, hotels, and travel agencies.Amadeus says that their “aim is to increase acceptance rates, reduce crime, and lower costs for your business.” So, they teamed up with industry-leading fraud management providers and created their own solution that allows you to detect fraudulent transactions with increased precision and prevent attempted fraud across all channels. The software is equipped with automatic real-time screening for fraud, omnichannel security, customizable fraud rules, and a variety of system integration options to connect to your booking or ticketing flow.
As a part of Amadeus Worldwide Payment Acceptance, the Fraud Management module check the transaction against certain risk indicators during the acceptance process and returns a status:
- green means transactions will be ticketed automatically;
- amber means transactions will be sent to a queue and checked manually; and
- red signifies that transactions are rejected and the ticketing process is stopped.
SEON: Easy-to-use tool to fight fraud
SEON is an AI-driven fraud prevention tool that collects all accessible data points about a customer's digital footprint from open, social sources.
SEON dashboard showing the state of transactions
The tool allows for reviewing risky accounts, uncovering fraud patterns, and discovering revenue opportunities. SEON is the product to consider when you need a fully-equipped and easy-to-use fraud management system powered by machine learning that adapts to how different businesses evaluate risk. With it, you can perform detailed IP geolocation checks, screen personal data for fraudulent indicators, and check for social media profiles (very helpful in the CDD process).Fraud.net: Enterprise travel and OTA fraud prevention solution
Fraud.net is the end-to-end fraud detection and fraud case management platform specifically built for digital enterprises, including those operating in the online travel landscape.
Customer profile with risk alerts built by Fraud.net
It provides APIs to get third-party data for a better understanding of a fraud case and its management. Powered by machine learning, the platform is capable of catching unique fraud signals in real time and providing alerts on possible risks concerning a certain customer. It can help you with detecting and preventing such scams as account takeover, payment fraud, insider expense frauds, etc.Fraud prevention strategy: Where to start and what to consider
You may remember the famous Steven Spielberg film Catch me if you can with Leonardo DiCaprio as Frank William Abagnale Jr. — an uncatchable conman who, among other things, pretended to be a pilot and forged the airline’s payroll checks. True or a bit made-up, this story is a good example of how vulnerable the sphere of travel is and how difficult it is to keep an eye on everything that’s happening within your business.Many travel agencies and companies lack knowledge of best practices and available tools for fraud detection and management. Many don’t really know where to start and how to build a strategy to understand portraits of dishonest customers and prevent fraudulent activities from happening. So, here are a few recommendations that may help you.
Understand the world of travel fraud
That’s basically what the first part of this article was about. You need to be aware of all fraud trends and anticipate emerging risks. Think of the services you provide and work out possible fraudulent scenarios to have some aces up your sleeve. So if you know the approximate number of your website visitors during peak times, some abnormal spikes in traffic out of season may be an indicator that something is wrong and measures should be taken.Encourage employee education
Don't neglect to educate your staff so that they can recognize the warning signs of fraudulent attempts in time. This is especially valuable when it comes to more sophisticated crimes like phishing attacks e.g., fake emails that look like they are from trusted customers or external providers. It’s worth remembering that most scammers use the same schemes and rarely can come up with something unique. So, education can help a lot in reducing the chance of being scammed.Set a fraud prevention policy with clear KPIs
Following the previous statement, raise staff awareness of their areas of responsibility in regard to safeguarding measures against the risk of fraud. The fraud prevention policies should be clear and well-defined KPIs (key performance indicators). KPIs may include measuring the losses from fraudulent activities, understanding why they happened, and deciding what to do to prevent them in the future.Know your customers
While this mainly works for smaller travel companies, having a clear portrait of your typical customer purchasing behavior is a good and simple fraud prevention measure to take. When you know your target customers and their behavior patterns, anything outside of those patterns will be conspicuous and should be checked.Use all available mechanisms and services to identify a cardholder
One of the first steps to protecting your business from fraudsters, especially where credit cards are concerned, is requiring real-time authorization with approval codes, CVV match and mismatch response, etc. In countries that support it, (USA, UK, and Canada), verifying the address of the cardholder via the Address Verification Service (AVS) field is an additional safeguard. Also, implement the 3D Secure protocol if possible.Employ a fraud detection system
Another part of the strategy is to decide whether you need any tools for fraud prevention and if so which software to implement.Truth is, everything depends on the size of your business. If you are a smaller company and process few transactions, having a portrait of your typical customer may be enough to decide whether a certain action is a red flag or not.
Midsize companies usually don’t know who their customers are in person so it is more difficult for them to do manual work for fraud detection. They may want to opt for some basic tools and procedures to confirm the customer’s identity as the cardholder to avoid being ripped off by dishonest users.
Enterprise players that deal with vast amounts of data and transactions with unknown individuals on a daily basis need advanced software to perform fraud detection activities automatically. They may use off-the-shelf solutions such as the ones described above if the suite of services fits their needs. In some cases through, existing fraud detection software providers have limited functionality to offer.
Besides, if your company is constantly growing, you will have to either hire more staff to handle the tasks related to suspicious activity or look for a more efficient fraud detection software. Here’s when custom machine learning solutions can be of great help as they allow you to analyze as many transactions as you need while reducing the amount of manual work and hence errors.
Last but not least, merely buying or creating a fraud detection service will not magically eliminate fraud by itself. It must be a part of a broader strategic plan that covers all the pain points of your business.