11th October, 2019
A recent podcast on loyalty, featuring Joanne Ward, David Canty, David Feldman, Alan Lias and Iain Pringle, discussed the significance of less frequent flyers, and how can they propel a loyalty progam even further.
Airlines are trying to dig deep to ascertain what a loyal member looks like beyond their own purchasing funnel. As highlighted in a recent interview with airline loyalty and big data expert, Mark Ross-Smith, if there is not much activity in the air, then why not be a part of an infrequent or a price-conscious traveller's life via activity on the ground? This consideration is starting to stand out in a striking manner in the case of low-cost carriers (LCCs) and how they are going about managing their loyalty programs.
A lot depends upon the business model, destinations covered etc., but typically looking at any loyalty program 80% of the members, if not more, tend to be infrequent flyers or guests. “Obviously they aren’t bringing in the same average revenue per member when compared with other top members they are still a huge group. It is imperative to assess what’s there in a loyalty program, other than price, that can add value, be it for any benefit or contributes in differentiation of the program. They are mainly leisure traveller in most cases,” mentioned Joanne Ward in the podcast.
Podcast link - https://lnkd.in/e5NE7vd
Alan Lias mentioned that it is important to assess what sort of “other” behaviour is relevant to a travel business. It needs to be assessed - are the travellers genuinely infrequent in terms of what any airline has to offer and if they are how does one create relevance for them. By looking at other things they are doing in their lives and by focusing on partnerships how can airlines end up being more relevant in such flyers’ day-to-day lives and potentially help them in achieving their goals.
It was also highlighted that those who fly infrequently with one airline might be flying with other airlines too. Also, a top member of one FFP possibly can have a similar status with another airline. Also, those who are part of a lesser number of programs offer an opportunity to be engaged. Are infrequent flyers more loyal?
A leisure carrier flying to leisure destinations, featuring infrequent travellers, has the opportunity to foster loyalty.
“Infrequent travellers may be most loyal (in the sense they are giving you a sizable chunk of their wallet). They may be flying infrequently, but they may be flying exclusively with an airline,” mentioned David Canty, from his own professional experience in the loyalty arena. Delving into it, he mentioned that by bringing redemption earlier in the cycle in a program and allowing them to redeem a lot quicker, the audience did look out for travelling again with the airline.
As for those travel brands that are focusing on infrequent customers, David Feldman highlighted Hilton’s approach towards opening up their loyalty program. It was referred to as an example (offering members the ability to pay for purchases at Amazon.com using Hilton Honors Points). Southwest was also picked for their penchant to offer value and serve infrequent travellers.
The attractiveness of a subscription-oriented progam was also discussed. One example is Mexican low-cost carrier Volaris’ decision to embrace the subscription model, v.pass.
“(It is seemingly) starting to make a re-entry into a new generation and something that’s resonating,” said Canty.
Agreeing with the same, Joanne said that Amazon has played a vital role in the same with Prime. A lot of retailers are also looking at that. “If you charge something to be a part of a programme, members can be given certain benefits that means more to them. Also as a member for spending $100 on annual membership you want to make sure that you are also getting something back,” she said.
Iain Pringle referred to two set of loyal customers - spenders and savers - one set is all for instant gratification (spenders), and the other tends to save for long-term rewards (savers). A balance has to be attained in a program to appeal to both the set of customers.
Some of the key points that were highlighted:
By Ritesh Gupta
Join David Canty, David Feldman and a host of other specialists from airlines and in the loyalty arena at the upcoming #MegaEvent, to be held in St Petersburg, Florida (29th–31st October) this month.
8th October, 2019
From a travel retailer's perspective, having the right type of friction, with the right action, at the right time is imperative, writes Ai’s Ritesh Gupta
Planning a trip and travelling can’t be termed as one experience. There are multiple sessions and in all probability multiple devices that encompass the planning, buying and consumption of the travel product.
Travel e-commerce players need to find ways to curb friction, especially in cases where one is returning to access an app/ or an account, or where a traveller isn’t able to enjoy an integral feature (like being able to select a seat and pay for it only via a PC and not via a mobile app/ site!).
One of the areas that e-commerce players have been focusing on is trust data from early on, and counting on the same to mitigate risk for future interactions. If travel companies aren’t prepared for the same then they won’t be able to accelerate transactions from returning customers or being in a position to block fraudsters using spoofed or stolen identities,
Before delving into the same, let’s understand why friction shouldn’t be looked upon as a dreadful word.
What is friction?
As LexisNexis Risk Solutions highlights, a frictionless customer journey “doesn’t equate to an absolutely friction-free experience. It’s about having the right type of friction, with the right action, at the right time. You have to figure out where and what that is”. From a shopper’s perspective, friction could be any feature or requirement that hinders their path through the sales funnel. It could be a compulsory registration, wearing form-filling and time-consuming authentication processes.
Some recommendations include:
For example, the trend of subscriptions. It today goes beyond Netflix and Spotify. Mexican low-cost carrier Volaris’ decision to embrace the subscription model, v.pass, exemplifies the same. Be it for the idea to the development process to managing a subscription product, its technical complexity and above all, ensuring the passenger experience isn’t diluted, the airline asserts it is making progress. It is counting on possible benefits – thriving on data of members, stepping up the ancillary revenue generation etc. Just like retailers, travel brands are curating offers or offering incentives to travel shoppers to return and complete their transactions in a frictionless environment.
Interested in loyalty-relatd topics? Join Ai at the upcoming edition of MegaEvent, to be held in St Petersburg, Florida (29th – 31st October)
2nd October, 2019
All airline loyalty programs aren’t the same. Working out an apt program structure, encompassing accrual (mileage-based, revenue-based or a hybrid model), tiers, earn-burn ratios etc., and managing the financial liability is vital.
The business model of a traditional carrier vs. a low-cost carrier differs, so does the aspiration of flying in the first class on a long-haul vs. simply being price conscious when it comes to LCCs, and accordingly economics of loyalty also varies, points out airline loyalty and big data expert, Mark Ross-Smith.
If an airline believes that running a classic FFP that tends to rely mainly on frequent flyers and can be actively engaged via flying benefits, rewards etc., then they might not open up to be a completely digital currency. For their part, LCCs are increasing the utility of their loyalty currency. The focus on letting loyal customers gather and spend their miles as freely as cash is standing out. Certain airlines are also trying to expand their reach, and by doing so, offering their loyalty program members the convenience of shopping on 3rd party travel sites. When it comes to redemption, some carriers in Asia are allowing shopper to redeem their currency on 3rd party marketplaces.
As the mobile-savvy generation gets accustomed to using one app or a superapp for ordering food, commuting, digital payments etc., how are airline looking at fostering loyalty via linking the on-demand services with the earn-burn cycle?
25th September, 2019
Ai Editorial: Only 30% of the top 35 global airlines have a gift card. Why airlines should consider gift cards and what they need to be wary of, probes Ai Ritesh Gupta
Exchanging membership rewards points for gift cards is an option that airlines can consider. Not many airlines, especially in the Asia Pacific region, have considered the utility of gift cards as of today.
Only 30% of the top 35 global airlines have a gift card, whereas seven of the top 10 hotel brands have a gift card, according to TripGift’s, Head of Strategic Partnerships, Todd Tomlin.
Explaining the benefits of gift cards as a miles/points burn option, Tomlin highlighted a gift card:
A benefit that stands out from a customer’s perspective is purchasing versatility, as they gain an option to select the item they want rather than receiving a reward chosen by the brand. Gift cards allow customers to buy into the brand as well and utilise that prepaid card to purchase a seat, room night etc. From travel perspective, there is an option to redeem a hotel, tour, cruise, car rental or experience.
Over the next few years, more airlines are expected to enter the gift cards space. The U. S. market is fairly penetrated, however airlines can do a better job in the manner in which they market and utilize gift cards. The APAC region has a great opportunity, AirAsia is one airline that has taken a plunge in this space, shared Tomlin. Instead of counting on gift cards initially as something that’s being sold in the store, airlines can create a product for marketing purposes. Say, for buying airline tickets for certain dates or to a certain destination and then receiving a free gift card for the same. Also, according to Tomlin, gift cards usually feature higher conversion rates than a coupon. Today airlines use miles for such type of behaviour or might involve couponing, but gift cards are 75% more likely to be used than a coupon at the same exact value, mentioned Tomlin. “Consumers when they receive a gift card they feel like they have cash in hand and 75% are more likely to engage whatever behaviour a brand intends them to indulge in with that gift card,” said Tomlin.
The value for loyalty currency is of course going to be a key consideration. A benchmark is said to be 1 cent per point. Other than fulfilment, liability and reconciliation, e-commerce players have to ensure that they make it simpler for shoppers to buy and use gift cards, for instance, via redemption widgets. So this way they can avail their gift card during the checkout process or add a gift card balance to their account. Also, as loyalty rewards, they let loyalty program members being in control of how they wish to use or even gifting a gift card reward to friends or family members.
At the same time, airlines need to have a fraud management solution in place for the same.
Fraudsters have been targeting gift cards since other areas for fraudulent activities are getting restricted.
Today there are restrictions in terms of the value for which a gift card can be bought or used. Many retailers place limits on the amount loaded onto each eGift card. This is to deny money launderers from misusing the cards by secretly loading cash onto them. There are also rules that limit shoppers to buying a definite number of eGift cards at a time, up to a certain value. From an experience perspective, the $600 maximum value purchase when stops a user from using a $2000 eGift card fully ends in a disappointing experience.
Fraud prevention specialists highlight that rather than using inflexible rules, it is time for travel merchants to assess a shopper’s behavior to separate genuine and fraudulent behaviour.
Here machine learning and real-time pattern recognition can help. For instance, as shared by CashShield in an interview with Ai, a data point like the movement of cursor paves way for the system to uncover when a fraudster is trying to act as an authentic consumer by making micro-changes between each eGift card transaction, to avoid suspicion for purchasing many cards at once.
Merchants are also trying to ensure that customers are more vigilant of their gift cards.
TripGift’s, Head of Strategic Partnerships, Todd Tomlin is scheduled to speak at the 10th edition of MegaEvent Worldwide to be held in St Petersburg, Florida (29-31 Oct, 2019).
2nd September, 2019
#MegaAPAC, Kuala Lumpur
How can data make a loyal traveller feel more valued? Where do airlines stand in the journey of personalization and in delighting their passengers by recognizing them, plus anticipating and delivering what they are looking for?
No denying that passenger loyalty has become an ever more complex discipline, especially with travellers expecting something more than just a transactional relationship. Airlines have no option, but to live up to such expectations. There is no reason why airlines should be lagging behind the likes of Facebook and other tech companies when one thinks of personalization, asserts airline loyalty and big data expert, Mark Ross-Smith.
Algorithmic optimization isn’t an overnight phenomena; it entails a layered development of ever-increasing complexity. Plus, machine learning isn’t a magic bullet, capitalizing on its prowess demands diligence and a methodical approach. It one of the many building blocks that lays foundation for an astute loyalty initiative. In the initial stages, don’t target BMW of machine learning, recommends Mark. Rather than thinking of AI, focus on simple things. For example, first target simple areas like identifying and addressing a traveller. “How to address someone in the right way at the right time,” he points out. A connection between a brand and its customers will build over time, deepening with each gratifying interaction.
Citing the example of Delta, Mark says the investment in the right areas of data, analytics, CRM etc. makes their loyalty program stand out. It reflects on the performance of the airline, pinned by “good leadership, good technology and apt vision towards marketing”.
In this video interview hear from Mark about personalization and why he equates loyalty programs with market intelligence machines.
Mark Ross-Smith was a speaker at the Mega Event Asia Pacific (#MegaAPAC) held recently in Kuala Lumpur, Malaysia.
Kuala Lumpur, #MegaAPAC
22nd August, 2019
Ai Editorial: Completing every transaction with one app is increasingly becoming common in Asia. How are airlines responding to such a trend, and in the process re-defining loyalty, probes Ai's Ritesh Gupta
WeChat, Meituan, Grab, Paytm...the list of apps that offer a convenient all-in-one shopping experience stands out in Asia. Competing against such ecosystems/ superapps hasn't been easy for travel e-commerce brands. These apps are setting a new benchmark when one thinks of loyalty. The level of stickiness with these apps is quite high and certainly not easy for the likes of airlines to grab the attention of a consumer.
But airlines in Asia, especially LCCs, are trying to capitalize on their biggest strength - the aspiration of flying, and in the process certain carrier are evolving as travel and lifestyle platforms. AirAsia being one of them.
Bonding with infrequent travellers
Airlines acknowledge the gap that results owing to infrequent shopping associated with flying in case of leisure travellers. Such a traveller might only travel once or twice a year, and doesn't engage with the airline for almost 50 weeks. This has been a challenge for airlines. This results in inactivity in the loyalty program. In this case, by working on a travel and lifestyle platform that keeps such consumers with them for their daily or other activities, airlines are getting them closer to flying (via the lure of a free ticket, travel-related offers/ discounts or using loyalty currency for payment) by rewarding them for their non-travel shopping.
The concept of a travel loyalty program operating as “one channel for accruing and spending” points/ miles is drifting away. Being flexible with a program’s loyalty currency is the new norm. Airlines in Asia, be it for Air China or AirAsia, are taking new initiatives. Airlines are looking at ways to strengthen the currency they offer, and increasing the activity within their loyalty programs. The objective is to let loyal customers gather and then spend their miles as freely as cash. Some of the initiatives that are standing out:
"The decision to participate on 3rd party sites depends on several factors, and one of them is related to the profile of travellers. If an airline believes that running a classic frequent flyer program that tends to rely mainly on frequent flyers and can be actively engaged via flying benefits, rewards etc., then they might not open up to be a completely digital currency,” mentioned a source in an earlier interview. “On the other hand, a lifestyle rewards program is different from a frequent flyer programme. For infrequent travellers to open up a range of earn and burn options is understandable. It is important for such progams to understand who their members are, what motivates their purchases, how they eventually spend money etc.”
Those who are keen on running a lifestyle program assert that their goal is to gather as much as data they can. By letting members collect loyalty currency when they spend on products like fuel and relatively frequent buys like movie tickets or dining out, these programs are stepping up its efforts to track the activity of the user.
It is intriguing to assess how carriers are going about both the earn and burn aspects of their respective loyalty programs, their intentions of being a two-sided marketplace, and to what extent gearing up to offer a "super-app" like experience going forward. But one thing is clear - the eagerness to collect data from a variety of sources and act on it is what is going to drive the future of loyalty.
9th August, 2019
How is blockchain technology coming along? If on one hand there is scepticism around the utility, on the other as the likes of Facebook and Rakuten take a plunge in this arena, the potential can’t be ignored. Intriguing situation to say the least.
Blockchain technology isn’t having an easy time and doubts have been raised over its utility in the arena of loyalty. For instance, blockchain enabling an exchangeable currency within different loyalty programs isn’t a proposition that excites loyalty specialists. Another vital question that has been raised is around the exclusivity of blockchain. Is it the only technology that can, for example, interchange a loyalty currency into cryptocurrency?
Still the technology promises to contribute in several aspects – curtailing system management costs with smart contracts (minimize systemic errors and fraud to ensure secure and transparent transactions); processing a transaction in real-time; paving way for a secure environment etc. Also, developments pertaining to Facebook’s new cryptocurrency, Rakuten’s foray into blockchain etc., too, have emerged this year.
Ai’s Ritesh Gupta caught up with Sydney, Australia-based Philip Shelper is CEO of Loyalty & Reward Co, a loyalty management consulting agency, and spoke about various topics, including blockchain marketing. Shelper, who is also one of the course leaders of the recently launched The Australian Loyalty Association’s Customer Engagement and Loyalty Course, believes that Facebook will launch Libra and create the biggest loyalty program the world has ever seen, threatening the dominance of banks and even some governments.
Ai: As a traveller, how do you assess the scope for improvement in loyalty programs or FFPs being run by airlines?
Philip Shelper: I’m currently a Gold member with Qantas Frequent Flyer, and I have to say the experience is pretty good. I enjoy the lounge access and priority boarding, it’s easier to redeem points on flights, I earn bonus points and I can access a better level of customer service. The odd complimentary upgrade would definitely be a bonus.
Ai: How can blockchain technology play its part in fostering loyalty – can you cite real use cases?
Philip Shelper: All the big advancements in blockchain loyalty are happening in the back-end with enterprise grade implementation. Loyyal is leading in this area. They’re working with major airlines and other multi-national companies with their customised Hyperledger solution to solve some real-world problems. This includes real-time points earn, auto-reconciliation, instant settlements, single view of customer, easier onboarding of earn and redemption partners, and more. They are making strong inroads in the US, Canada, the Middle East and Asia Pacific.
Ai: How do you think rewarding members with cryptocurrency or cryptotokens can play its part?
Philip Shelper: When I was first exposed to the concept of a cryptocurrency-powered loyalty program several years ago, I was really excited. I loved the idea of earning a loyalty currency which could fluctuate in value, and saw it as something which would really revolutionise the loyalty industry.
A number of start-ups were raising large sums via Initial Coin Offerings (ICO) and it felt like we were on the cusp of a brave new world. This all came unstuck with the crypto bear market which struck in early 2018. Many of the loyalty start-ups saw their currency valuations plummet by 99% which completely killed their member engagement. A few of those early started, such as Incent and LoyalCoin, continue to push forward with new innovations and global expansion, but time will tell if the model is feasible.
At the other end of town are companies such as LINE, Facebook and now Walmart. These companies are looking to introduce their own cryptocurrencies. This will enable cryptocurrency loyalty programs at a scale not ever seen. They will truly revolutionise the loyalty industry. It’s a very exciting space to watch. Imagine 2.4 billion Facebook members earning Libra for sharing, watching advertising, buying products through Facebook marketplace and spending with a Facebook digital credit card.
Ai: Do you think blockchain is being rightly ignored?
Philip Shelper: There was a lot of hype a few years ago as a result of entrepreneurs seeing an opportunity to earn large sums of money via ICO. Within loyalty, lots of ideas were thrown around, including the claim that loyalty was broken and blockchain could fix it by enabling interchangeability from lots of different loyalty accounts. Investors who didn’t understand the loyalty market were enticed by this and poured in tens of millions of dollars. Unfortunately, there wasn’t the realisation that most loyalty program operators don’t support the idea of their loyalty currency being transferred outside their program, as it represents a cost to them.
Thus, the hype totally overpromised. In addition, since the same solution can be delivered without blockchain, although the promise of blockchain is a system doesn’t require a central administrator to facilitate the transfers, making it potentially more cost-effective and trustworthy.
Ai: Can you talk about blockchain marketing? What does it mean?
Philip Shelper: The core principle of blockchain marketing is providing members with full security and control over their data. Companies such as Bron.tech encourage members to input personal data into a secure blockchain data wallet. Research companies can then reward the member for providing them with access to the data in the wallet. This is quite a different model to most loyalty programs where the members data is collected and then monetised by the program without the member having control over the data or being compensated when the program earns revenue from using it.
This approach is still very new and as a business model it is yet to be proven, although events like the Facebook Cambridge Analytica scandal certainly help its cause.
Ai: Where do you see the future of blockchain technology in loyalty?
Philip Shelper: Companies such as Loyyal will eventually scale globally. They will be connected to many major loyalty management systems and thousand of earn and redemption partners, creating an Internet of loyalty which will allow easy connectivity between businesses keen to participate in a global loyalty ecosystem.
Facebook will launch Libra and create the biggest loyalty program the world has ever seen, threatening the dominance of banks and even some governments. Walmart, Apple, Amazon, Rakuten, Google and other tech giants will have no option but to follow. The end result with be a new global financial paradigm, the outcome of which is difficult to predict, but will include loyalty program elements within the frameworks. We certainly live in interesting times.
Hear from senior executives about the blockchain technology at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).
12th July, 2019
Ai Editorial: Airlines need to focus on tapping the mobility as a service (MaaS) segment, offering a truly interconnected experience via their own digital assets covering all of the transportation requirements, writes Ai’s Ritesh Gupta
MaaS paves for the amalgamation of numerous modes of transport into one single mobility service, available when users want. Importantly, it results in a digital touchpoint for consumers to access various different mobility offerings.
As Voyego explains, MaaS isn’t just about integration of various modes of transport into one single mobility service, it also simplifies making a choice plus paying for it, all via a single platform.
In a blog post this week, Voyego highlighted that MaaS “transfers the previously physical transport experience to a digital-first environment and connects with users in the environment in which they are most comfortable and most active in. This allows for a strong personal bond of passengers with their personalized mobility”.
So what is driving excitement around the mobility offering? The travel industry has witnessing intriguing developments of late.
Is it the availability of inventory via API? Other than choice, is it the ability to come up with a relevant, contextual offer for a consumer that’s going to propel an airline as a merchant or even in running a two-sided marketplace? And as it is emerging, rewarding points for any mobility-related transaction, too, is starting to happen.
B2B travel technology company CarTrawler has accentuated on the fact that airlines “need to offer travel solutions that can exist alongside car rental – the ride-hailing market alone is estimated to reach a value of $285 billion by 2030 and the overall MaaS market will grow by 25% over the next five years”. According to CarTrawler, only 59 of the world’s 473 airlines currently offer mobility services to customers.
The Dublin-based company this week introduced its global travel mobility platform. According to CarTrawler, it allows airlines to offer a range of travel solutions in-app so that they can “own the last mile” for their customers. CarTrawler asserts that it is time for airlines to maximise revenues from MaaS market, which is estimated to reach a value of $1.75 trillion by 2030. At the time of the release of their new solution, CarTrawler’s Chief Commercial Officer, Aileen McCormack, stated, “By owning the first and last mile, airlines can maximise revenues from this rapidly growing sector and future-proof their business. At the same time, they will be able to offer customers every possible travel option, strengthening brand loyalty as a result.”
Capitalizing on high frequency for loyalty
CarTrawler shared that it is providing a market-first mobility SDK which affords customers the ability to earn and burn loyalty points as they ride.
Referring to the huge potential of loyalty marketing in mobility, loyalty specialist Currency Alliance highlighted the frequency aspect of moving around on a daily basis.
This frequency “…is much higher frequency than customers have with their supermarket – where we find customer engagement levels in the loyalty program as high as 70-80%. Higher frequency in mobility should lead to record levels of loyalty activity with the right mechanics and mix of partners,” stated the company in one of its blog postings.
In one such move, Lufthansa Innovation Hub chose to introduce a reward program for all urban mobility services as well as air, rail and bus travel between different cities in March this year. The initiative was taken considering the evolving mobility pattern shown by the digital-savvy audience and it was decided not to reward loyalty shown for only one type of transport. Collecting and redeeming points for rewards works directly via the app, which lets users collect points with different mobility providers and redeem them for rewards.
Intermediaries, too, are making steady progress. European virtual interlining (VI) specialist Kiwi.com aims at allowing a traveller to move from one point to another anywhere in the world via one transaction. The goal is to aggregate the content of all the ground carriers (buses, high-speed trains, etc.) along with domestic flight content (already have the international flights) and build an integrated transportation network.
The end-to-end journey - can one provider do it all? A session about the same is scheduled to take place at the upcoming Mega Event Asia-Pacific, to be held in Kuala Lumpur (20 – 22 August 2019).
Event site: www.MegaAPAC.com
Charging a deposit on loyalty stays without disclosure and changing cancellation policy at will - is the hotel industry being plagued by “franchise fraud”?
I recently booked a Marriott property with my Bonvoy Loyalty Points. At the time of booking, a cancellation policy of 48 hours prior to arrival without penalty was displayed to me by Marriott(dot)com. Additionally, there was no information disclosed about a credit card deposit required with this booking. However, the property subsequently charged my credit card on file with Marriott a $122 deposit for this 3-night stay. This was on top of the Bonvoy Points that were deducted.
As my plans changed, I decided to cancel. I then discovered that my reservation had been changed to a “Pre-Pay and Stay” rate that was not cancellable. To figure out what was going on, I did a test booking for another reservation at this same property. It still was coming up with a 48-hour cancellation policy with no deposit disclosed.
Accordingly, I called the elite number of Marriott to cancel. The agent was also unable to cancel my “Pre-Pay and Stay Rate” and so she called the hotel, which informed her that they had changed their policy and that cancellation was now only permitted within 24 hours after booking. The agent also did a test booking while speaking to the property and found the same thing that I had. The hotel showed a 48-hour cancellation policy and there was no information relayed about a credit card deposit.
The property informed this agent that they would refund me the points and the credit card deposit since I was an elite member of the Bonvoy Program. I have since been refunded the deposit and the loyalty points were re-deposited into my account. However, I have a few questions:
- How is a hotel property changing loyalty redemption reservations with a 48-hour prior cancellation policy to a non-cancellable pre-paid rate?
- Why is the hotel charging a deposit on loyalty stays without disclosure to the customer?
- Is the property purposefully turning cancellable rates into non-cancellable ones and keeping deposit monies that it collects without disclosing to the customer that a deposit will be collected in the first place?
- Is this franchise fraud?
To look at these questions and many more related to loyalty program frauds, gaming and database breaches, join us at the Loyalty Fraud Prevention Conference (http://www.LoyaltyFraudEvent.com) in Brighton from the 7th to the 9th of May 2019.
Editorial by Christopher Staab
Managing Partner, Ai Events and Co-Founder, Loyalty Fraud Prevention Association
First Published on 26th March, 2019
Ai Editorial: Most enterprises rely on static verification measures to shield loyalty accounts or make sure there is no unauthorized FFP access. But are these enough? Not really, writes Ai’s Ritesh Gupta
Specialists point out that initiatives such as two-factor authentication (2FA) and multi-factor authentication (MFA) can be bypassed by fraudsters (e.g. via SIM hacks or SIM swaps) and result in needless friction for customers. More must be done in terms of ensuring user accounts are secure from fraud. It is clear that many merchants face a tussle when it comes to balancing the need for security and optimizing UX, which is tough to attain if they tend to rely on 2FA/ MFA.
There are issues, be it for lack of stringent security or increasing friction in the user experience.
It is pointed out that 2FA is not completely secure. Most organizations rely on 2FA for account protection, which can be overcome by fraudsters with deceptive tactics, such as SMS phishing to trick users into giving up their 2FA reset codes; it is also not uncommon for fraudsters to intercept the confirmation SMS messages, proving that 2FA is not sufficient to prevent fraudulent account takeovers. For many other enterprises, the focus on improving user experience takes priority, and therefore no measures for account protection has been taken, leaving their accounts vulnerable to fraud attacks.
Fraudsters don’t find it tough to bypass the feeble implementations, either by intercepting codes or exploiting account-recovery systems. There have been reports about illegitimately amending a mobile device’s accessibility settings, activating a mobile operating system’s overlay accessibility feature, and eventually imitating a user’s clicks to access the legitimate app and committing a fraudulent act like using miles or transferring money from an app. An example of the same is an Android Trojan, being termed as a malware that blends the proficiency of a remotely controlled banking Trojan with a new misuse of Android accessibility services. It is used to target users of the official PayPal app! (The report also explains how PayPal’s 2FA was breached).
Another aspect of 2FA being unable to eradicate the risk completely is owing to the problem of phishing attacks.
Earlier this year, a penetration testing tool challenged the efficacy of 2FA. It emerged that security researcher Piotr Duszyński managed to automate phishing attacks and blow through login operations for accounts protected by 2FA. On his blog, Duszyński referred to the reverse proxy “Modlishka” tool. When users enter their respective passwords, they are recorded in the Modlishka backend panel, while the reverse proxy also prompts users for 2FA tokens when users have configured their accounts to request one.
If fraudsters/ hackers are alert and working to collect these 2FA tokens in real-time, they can use them to log into users’ accounts and set up new “valid” sessions.
Other than feeble authentication, fraud prevention specialist CashShield referred to the limited scope of protection via 2FA. For example, a fraudster who has bought a frequent flyer account from the dark web can bypass the 2FA and proceed to redeem the miles in the account, since there is no security measure implemented at the point of redemption.
Overcoming these issues
Users need to be made aware of unrequested authentication scenarios. Considering the fact in case of 2FA a user is only prompted for authentication when a request is made by them. So users need to reject any initiative related to authentication when they didn’t make any request for the same.Receiving any email that refers to a phone call or push notification for confirmation of one’s identity, one needs to make sure such emails aren’t responded to.
Also when it comes to the user experience, rather than using a blanket rule that forces every user to login with 2FA, real-time surveillance can be used to assess logins in the background, and only logins with borderline risks expected to go through 2FA. This would greatly improve the user experience on the whole, while ensuring that security for accounts is not taken for granted.
Also, machine learning technologies are emerging as an astute option to secure accounts. The efficacy of machine learning, especially real-time machine learning, can be explored for account protection. Rely on both supervised and unsupervised machine learning to comprehend both the historical patterns of use, as well as identify anomalies. According to CashShield, behavioral analytics with pattern recognition will be able to accurately filter fraudsters away from genuine users.
Hear from senior executives about login authentication and account takeover at the upcoming ATPS (21st Century Customer Experience for Payments & Fraud - Airline & Travel Payments Summit) to be held in London (Brighton), UK (7-9 May, 2019).
For more information, click here
Follow Ai on Twitter: @Ai_Connects_Us