The Top 4 Travel Fraud Threats & What You Can Do About Them
If you’re reading this, you’re probably aware that fraud is an issue in the travel industry. You may not realize, though, just how much of a problem it’s become for everyone operating in the space.
Around 60 percent of travel intermediaries surveyed in a recent study by eNett said fraud is a major concern for their business. Furthermore, a majority identified their online channel as having the highest risk. That’s in line with plenty of other data across multiple verticals, all of which supports the idea that card-not-present transactions entail far more risk—and see much more fraud activity—than card-present transactions.
Fraudsters were 81 percent more likely to carry out a card-not-present attack as opposed to a card-present attack at a point-of-sale. That’s according to a 2017 study, and the problem’s only gotten worse since then. Of course, it’s no surprise criminals prefer the card-not-present environment: there’s less immediate risk, and it’s harder to identify an attack.
The numbers are staggering: all totaled, fraud losses came to nearly $21 billion in 2018, according to eNett’s data. In fact, OTAs (online travel agencies) alone suffered $11 billion in losses. And the data suggests that the situation is only going to become more dire, with fraud losses in the travel industry projected to exceed $25 billion in 2020.
That said, direct fraud costs in 2018 came to only $6 billion. While that’s certainly a cause for concern, it’s barely one-quarter of the total fraud losses. So, to what can we attribute the remaining $15 billion in losses?
Send Travel Fraud on a Permanent Vacation.
Our chargeback management solution is custom catered to the needs of the travel industry.
Direct vs. Indirect Fraud Costs
Direct loss of revenue is just one aspect of the fraud problem. As we noted above, the indirect costs of fraud are approximately 150% greater than the value of direct losses.
Fraud is like the proverbial iceberg: you only see a small part of it on the surface. It’s the ancillary losses occurring as a result of fraud that really take their toll on your bottom line. These include:
- Lost Goods/Services: Whether it’s a seat, a hotel room, or goods purchased in-flight, you can’t resell goods or services that are purchased fraudulently.
- Added Fees: To add insult to injury, your acquirer will typically apply a chargeback fee to cover the cost of processing a chargeback resulting from criminal fraud.
- Reputational Damage: These attacks can add up, collectively giving the impression that you’re fraud-prone. As a result, banks may be slack in performing due diligence during future disputes.
- Increased Overhead: Roughly 2-3% of all transactions processed in the travel space must be sent to fraud teams for manual review, costing additional time and revenue.
- Increased Chargeback Rates: Every dispute impacts your chargeback-to-transaction ratio—even if you ultimately win the dispute.
- Threats to Long-Term Sustainability: If your chargeback ratio approaches established dispute thresholds, your acquirer might freeze or even cancel your account, rendering you unable to process card payments.
The Top 4 Travel Fraud Threats
The consequences of fraud can vary, from increasing your costs to potentially destroying your business. With that in mind, let’s examine the top four fraud threats facing travel merchants, and what you can do about them.
#1 - Stolen Payment Method Details
It’s unfortunate, but true: there is abundant cardholder information floating around online. Whether through data breaches, card skimming, or some other tactic, criminals are adept at stealing cardholders’ information to complete fraudulent purchases.
Fraudsters might impersonate users, or they could combine data from multiple cardholders to create a fake persona (a tactic called synthetic identity fraud). The result is largely the same in either case.
The best approach to handle this situation is to employ tactics aimed at verification: making sure the individual presenting the card information is a legitimate, authorized user. This includes seeking authorization for a transaction before providing services, using Address Verification Service (AVS), and/or verifying the card security code (CVV or CVC). Use these in addition to standard fraud scoring tools designed to gauge the relative risk of each transaction and flag suspected fraud.
#2. Cyber Breach
Financial institutions aren’t the only parties subject to cyber vulnerabilities. Any entity who processes large quantities of customer data could be the target of an attempted breach.
While a breach of your servers will likely cause substantial reputational damage, it probably won’t immediately impact you financially: criminals who steal information from your system normally won’t turn right around and try to purchase from you. Depending on the circumstances, however, it can leave you open to potential legal action. All things considered, it’s best to take steps to prevent this.
Ensuring consistent compliance with PCI DSS standards is the first step toward preventing a data breach. Other tips include disposing of data—both digital and hard copies—in a secure manner, holding onto only necessary records. Regularly training employees on data security “best practices” is important too. Finally, be diligent in controlling access to all your business’s computers and private networks, using strong, unique password conventions.
Also, be sure to stay up-to-date with new security developments, and constantly update technologies and patches to address developing threats.
#3. Stolen Security Credentials
Account takeover is one of the fastest-growing and costliest threats across all eCommerce verticals. This involves fraudsters using complete or partial user information (typically obtained via phishing or keylogging) to access a cardholder’s account, impersonating that individual to make purchases.
The methods used to identify account takeover are like many used in identifying stolen cardholder details. The goal in this situation, however, is not to verify that the user is authorized to use the card; instead, we’re verifying that the user is who he or she claims to be.
A mismatch between the user’s geolocation tag and the billing information on file is a sign of suspicious activity. 3-D Secure 2.0 technology can place an additional barrier in front of fraudster, with minimal friction for legitimate buyers. Lastly, it’s not a bad idea to encourage mobile payment apps like Apple Pay, as these tools typically employ two-factor authentication: the user must unlock the device, then provide a secondary ID to authorize a purchase.
These tools should be used in conjunction with other tools for synthetic fraud detection, creating a multilayer strategy. With more redundancy in place, you’re more likely to identify attacks before they happen.
#4. Chargeback Abuse
Of course, not all fraud involves stolen information…or even malicious intent. Chargebacks were intended as a consumer protection mechanism, but the chargeback process was not developed with eCommerce in mind. These days, chargebacks are far more often used to commit fraud than recover from it.
In some cases, consumers complete a purchase with the explicit intent to file a chargeback later. In a practice known as “cyber shoplifting,” the customer deliberately abuses the chargeback process to get something for free. Of course, most contemporary chargebacks are friendly fraud, which could be caused by anything from buyer’s remorse to a simple misunderstanding.
Unfortunately, chargeback abuse is post-transactional in nature: you can’t effectively prevent it on an individual basis, because there are no indications of the abuse until after the fact. The best approach is to engage friendly fraud and cyber shoplifting through tactical chargeback representment.
To dispute a case, you’ll need to gather compelling evidence, plus prepare a rebuttal letter to contextualize that evidence for each incident. Over time, you can optimize your chargeback response and make long-term chargeback prevention possible.
Long-term, Fraud-free Strategies
Developing a viable, actionable plan to manage fraud isn’t easy, especially when the fraud comes from multiple sources. Nevertheless, it’s a vital component of business management, and calls for a multilayer strategy capable of taking on both pre- and post-transactional fraud threats.
The good news is that you don’t have to go it alone. Click below to learn how we can help you start preventing criminal fraud and fighting back against chargeback abuse today.