Leveraging payment as a growth and recovery driver for travel

29th January, 2021 

Airlines can’t afford to slip up when it comes to offering a sublime payment experience and their overall payment strategy in the coming months.

Leveraging best payment-related practices will assist merchants to drive recovery, mentioned Pascal Burg during Ai’s "Redefining travel payments in the post-COVID era".

Top priority, as indicated by a recent report released by Nuvei, should be adoption of an approach that supports digital first and touchless travel to reassure customers. Merchants must implement new payment models to respond to the change in customer demand and limit risk or cash flow issues.

Roadmap

The report, produced in conjunction with Edgar, Dunn & Company and with participation from Visa, highlighted that merchants must initiate a detailed analysis to assess all payment-related aspects including internal payment organization, acceptance policies, operational processes and relationships with payment providers.

Philip Fayer, Nuvei’s chairman and CEO, mentioned that payment technology for travel is a strategic growth and recovery driver, “ensuring more customer journeys on their platforms end in bookings”.

As for the roadmap to support their post-COVID-19 growth, merchants need to put in place an automated process for refunds and chargebacks, gear up for SCA for intra EEA/ UK transactions and also identify the most relevant payment features depending on use cases (e.g. ‘hold my fare’, subscription model, installment payments or escrow account usage). 

In addition to payment acceptance, travel companies must look at other critical aspects such as fraud prevention as well as payment orchestration for a multi-acquirer strategy to spread the risk.  The COVID-19 crisis has also reduced the period between the time of booking and the departure date.

“Unfortunately, it is common practice for fraudsters to book last minute to avoid being caught and these changes in non-fraudulent customer behavior require updates to fraud tools used by travel merchants, such as fraud rules and machine learning. As a consequence, this has led to a complete review of existing fraud rules as well as an increase in manual reviews for some OTAs and airlines,” mentioned the report. Fraudsters are availing extra flexibility offered to passengers to their benefit such as the misuse of vouchers for alternate routings.

During the webinar, Charlotta Frohm referred to the significance of "flexibility" on various counts, whereas Yuval Ziv mentioned that merchants have to dig deep to sustain the best possible conversion rate. Travel merchants are also responding to the demand for new payment methods and swiftly introducing them.

Thierry Stucker underlined progress has been made in several areas, be it for the risk profile of #airlines, activity in certain markets or adjustment of fleet and resources to improve performance on key metrics. He also shared that #contactless travel is a key elem. of IATA Travel Pass, expected to be introduced in the coming months.

 

Ai’s upcoming events: https://www.aiconnects.us/events/upcoming-events/

 

Evaluating fraudsters’ proficiency to fight fraud in 2021

11th January, 2021

Interview with Hubert Rachwalski von Rejchwald, CEO, Nethone

 


The expertise of fraudsters in committing a fraud is what merchants/ ecommerce specialists need to be wary of at this juncture.

Experts believe that fraudsters not only act as an organized group and learn fast from their own errors but they are also well aware of which platforms are using which security measures.

Ai’s Ritesh Gupta spoke to Hubert Rachwalski von Rejchwald, CEO, Nethone about the same. Excerpts:

What would you term to be the biggest challenge in managing fraud today – would it be false positives?

Hubert: It’s not that fraudsters stopped pursuing their activities during COVID. In fact, we have actually witnessed an increase in signals that indicate fraud attempts. So it becomes an issue of riskiness of traffic. But at the same time, the volumes are down. False positives cost a lot in such a scenario. Fraudsters have evolved their technology rapidly over the last year, making it more difficult to keep false positives to a minimum. 

 

How to fight fraud with scalable and flexible infrastructure?

Hubert: We recommend cloud-based infrastructures and cloud-based solutions. From an operating cost perspective, on-premise implementation is way too time consuming and costly. We hope to see that all of the merchants that are thinking about implementing these solutions will be more inclined to go with cloud-based systems.

It allows them to be effective because if there are changes in traffic, they don’t need to worry about server capacity. The latest features are added to their solution with minimal cost.

Fraudsters continue to evolve. What new methodology would you like to highlight as far as e-commerce fraud is concerned?

Hubert: There is currently a big offensive among the most sophisticated and organized fraudsters to leverage more and more professional tools. These days it’s actually becoming less about the manual setups and configurations organized by individual fraudsters. It has become a problem of dealing with sophisticated, sometimes ML-based, scalable solutions that were specifically designed for “frauding”.

The barrier to entry to this space is merely having the financial resources to subscribe to these tools; there is less training needed, fraudsters just purchase access, generate credentials, go through basic configuration of parameters, and they’re ready to go. And it’s difficult to detect these tools. We’re happy to share some of the names of the tools that are available in private meetings, but we don’t want to promote them in publicly accessible content. In order to stand a chance in this fight, you need profiling capability that is able to recognize that you’re not dealing with a normal user, but instead an excellent imitation. Just to put in perspective how quickly the evolution happened, 12-18 months ago, these tools just started to appear. The majority of fraud was conducted with easier tactics and less advanced tools.

Just as with any innovation, it’s a matter of convenience and ROI. If you’re a fraudster and  have the financial resources, why not go for tools that will automate your work, supported by SaaS organizations that provide professional, 24/7 customer support complete with YouTube tutorials. It’s an arms race. So much innovation is being poured into methods to extract money from the system. It needs to be met with comparable investment on the merchant side.

Considering that mobile plays a pivotal role in commerce today, how are fraudsters finding ways to commit mobile commerce fraud?

Hubert: The reality is that most of the biggest anti-fraud solutions on the market today were built in the late 1990’s and early 2000’s. The newest ones are from the 2010s. Back then, the share of transactional traffic going through web browsers was dominant. And then in 2012, mobile began to grow. In growing markets like Asia/Africa/LATAM, mobile is dominant.

Merchants who use legacy systems now have a hole in their security. When we were starting in 2016, we saw the future growth in e-commerce, and predicted that the bulk of the growth would come from the mobile channel. So we invested in research and development to find data that will help us fight mobile fraud, such as extracting data from gyroscopes and accelerometers in devices. The R&D helped us build a richer risk profile of a given mobile session. And now the investment is paying off.

Fraudsters are perfectly aware of which platforms are using which security measures. They know which ones are leaky with regards to mobile data. Fighting fraud in native mobile is a whole different game.

There have been interesting discussions around improvising on both traditional/ rules driven as well as machine learning to combat fraud. What’s your advice to merchants when it comes to working out a solid defense mechanism?

Hubert: This is a discussion that we’ve participated in for the last 4 years. We actually understand why fraud prevention managers are in favor of rules. Rules are easy to understand. If something happens, then you can rebuild the logic in your mind and find what triggered an event. With ML the complexity is much larger, hence the hesitation for moving to an automated setup. It becomes difficult for an analyst to grasp what’s happening without some additional help.

That’s why we decided to invest in Explainable AI. It’s a machine learning setup that allows for granular explanation of why a particular prediction is being made. We are able to leverage the analytical potential of the most powerful tools out there, including deep learning where applicable, but still be able to precisely understand why a particular decision and recommendation has been made. We’ve expanded on the ELI5 (Explain Like I Am Five) library/ methodology to be able to provide more context for what an ML model was sensitive to. For each transaction there is a recommendation, and we can provide a prioritized list of arguments why a particular recommendation was made. This is important for both regulatory and adoption reasons. The analysts on the fraud managers’ team are now feeling more in the loop.

Regulations impose strong obligations on the merchant or institution especially if there are disputes, if a transaction was rejected, to provide arguments why an end customer wasn’t accepted. Being able to just go to the panel, search the ID of the transaction attempt and extract a list of features with their weights from the model that suggested the decision, that’s super helpful and powerful.

One of our engineers recently wrote a piece that illustrates the topic well---how studying connections in networks built from transactional, tabular data helps us uncover relationships that are hard to extract when keeping the data flat.

At the end of the day, a client wants to understand why a decision was made. We can pinpoint that this particular model made this particular decision.

My recommendation to merchants: there are so many tools out there, so think about your priorities. I suggest thinking about false positives and the cost of rejection given difficult times. Think about having a setup that allows you to leverage powerful tools while having transparency and control. It’s difficult to jump into unknown waters, and a “black box” ML solution isn’t reassuring. But if you can use a solution that is heavily automated, allows you to maintain some rules logic if your processes require it, then you can take advantage of the most sophisticated tools out there while having the option to see and extract explanations---that sounds pretty compelling to me.

Shopping patterns have evolved – for instance, order during day-time as people mostly worked from home this year. How to ensure there is a balance between security and CX?

Hubert: It’s true, shopping patterns have evolved. That’s why you cannot use rules. If you have a rule that it’s unlikely for a user of a particular card value to make purchases during typical working hours from a certain geography, then you will reject or at the very least send to manual review very legitimate users. The internal cost of modifying dozens of rules is a killer. That’s why we advise our partners (and anyone who asks, really) to leverage as many data points as possible. Save all of the data points of what is being bought and when, which time stamps, etc. and use models that will be retrained periodically. Rules are very aggressive, they like to discriminate right away. With ML we can be much more subtle and look at shades of gray.

It’s good to remember that fraudsters know what might be confusing to merchants right now, because they know what’s changed in the world. It’s all about discerning what is typical and what is not. If they know that the hours of shopping have changed, then they will blend into crowds that are relatively new to confuse the merchants. So we recommend that merchants use all of the available sophisticated techniques to extract information value from this data that the organization possesses.

We hope to see increased adoption of unsupervised and supervised ML. We recently resolved the velocity rules functionality with unsupervised ML. We created a group of models that compare a session against the previous 10,000 session using 5,500 distinct attributes.  With that scope you’re able to spot a lot of similarities, and you can identify a fraud attack as it happens without having to wait for the feedback. The historical way of dealing with this was velocity rules. For example, if a user has the same BIN number that was used in many other transactions in the last 30 min or 30 hours, then the transaction is stopped with velocity rules. What if there are a lot of legitimate users with the same BIN that want to buy from your portal because they’re responding to an adwords campaign? It doesn’t mean it’s a fraud attack. If you can compare 5,500 attributes at the same time, and act on it automatically, then that is power.     

Ai Events | Airline Information: Overview | LinkedIn

5 intriguing descriptions of fraudsters' activity

21st December, 2020

It is always fascinating to read into a description of fraudsters’ activity. Fraud prevention specialists use interesting analogies or context to denote what fraudsters are up to.

Here are some of them made during Ai’s online events or interviews in 2020:

  1. “Fraudsters are taking less shots (fraud attempts) but going for home run”: Kevin Lee, Sift
  1. Merchants must act to avoid having “satisfied” fraudsters: Hubert Rachwalski von Rejchwald, Nethone

  1. “Most fraud prevention solutions fail because they don't think like a fraudster”: Lior K., SecuredTouch
  1. “The fear of unknown has got bigger”: Stuart Barwood, Forter
  1. There has been a rise in the number of “professional refunders": Sandra (Sondra) Feinberg, Microsoft

By Ai Team 

 

 

Evaluating potential of PSD2 and SCA – 5 tips for success

25th November, 2020 

Ekata has identified five markers of success that could also help entities unlock the potential of PSD2 SCA, be it for a provider or a merchant.

In its latest study, the company asserted that the “security enhancements provisioned under PSD2, such as SCA, quickly become more than a legal protection checkbox – they are a matter of vital strategic importance to the bottom line of any organization”.

The markers that also differentiate leaders from the rest of the pack are:

  1. Consistent and clear communication
  1. Identify priorities for merchants: It is paramount that PSPs and acquirers alike understand the pressure that merchants are under in this climate. Merchants must be made aware of the minimum actions needed to take to ensure SCA can be applied and out-of-scope transitions with a lot of nuances, most notably MITs, so that they can submit with the right flags to ensure they do not get declined. Also, help them with more sophisticated transaction rescreening take full advantage of the acquirer TRA exemption.
  1. Build tools and recognise data importance: The better the TRA models that PSPs are able to implement, the better exemption rates their merchants may be able to get.
  1. Understand issuer behavior: Given a central feature of 3DS2 is the ability for merchants to share more data with issuers, this allows issuers to make more informed authentication decisions. Ekata highlighted that the issuer behaviour varies depending on size and geographical location. They also appreciate that issuer response will change over time as operations are refined in the lead up to SCA implementation. Understanding issuers’ overall risk thresholds and their associated behaviours is a reliable way to stand out and stay ahead.
  1. Pay attention to the little guys: Given the top 20 merchants in Europe have less than 20% of the eCommerce market, the small and medium merchants are where acquirers and PSPs should be focusing their attention.

The study featured over 36 PSPs and acquirers who represent over 60% of European card-not-present (CNP) volume.

By Ai Team 

 

 

Avoiding illegitimate access to data asset - 5 key areas

23rd November, 2020

A number of organizations have fallen short of keeping their data secure even though they believe that they have a defense mechanism in place to protect their information and systems. But any breach or illegitimate access to data is a big blow considering that teams are working remotely.

Capabilities of hackers/ scammers continue to get more sophisticated and it is vital to for organizations to identify any unusual behavior before a databreach happens.

Some of the pertinent areas that need to be focused on are:

  • Ensure there is clarity over what to protect and where.
  • One cannot misuse data or leak if there is no access. “So either limit access by default or control the size of the potential leak,” says Jan Kubíček, Kiwi.com’s Director of Security. Do evaluate if there is any data stored in an unsecured external storage service. If it accessed without authorization then it’s a threat.
  • Focus on real-time threat intelligence. This can help in evaluating behaviour which otherwise can be missed by traditional endpoint security technology, according to Daniel Farr, Leading Information Security Consultant, Foregenix
  • Unpatched or old vulnerabilities shouldn’t be overlooked at any cost, said Kubíček.
  • Encourage a culture of security within an entity. Do focus on security awareness and training alongside technical controls.

By Ritesh Gupta

Ai Team 

 

#CoBrand, 2020 – Focus on proposition relevance to sustain cobrand spending

10th November, 2020

“Keep talking, keep innovating” – this is what Kate Morgan, Head of International Partnerships, Auriemma Group recommended to those who are managing co-brand and loyalty initiatives, stressing on the significance of maintaining the existing credit card customer base in today’s environment.  

“Good news from our research – existing customers are still spending across verticals,” said Kate during Ai’s Co-brand & Travel Reward Cards Virtual Conference 2020.

Ref. to UK Finance’s recent figures, Kate shared that debit card spending in the UK reached a record high of £59.1 billion in July. Credit card spending has recovered slightly but continues to be impacted by ongoing economic uncertainty.

As for why consumers haven’t been using credit cards over the past month or so, Auriemma Group’s consumer research indicated that 69% prefer using debit cards and 46% mentioned that credit card is for “emergencies”.

“Very little behavior seems to be driven by the financial aspects of the credit card (for instance, interest rates, credit limit etc.),” said Kate. Outstanding balances on credit card accounts have contracted by 13% over 12 months to July, as a result of repayments outstripping new borrowing in the year.

Even as managing of co-brand and loyalty initiatives has become challenging, the focus must be on maintaining the existing customer base.

Also, referring to Auriemma’s recent research on cobrand spending patterns in the U. S., she said 54% of consumers used co-branded credit card for purchases outside the associated brand.

“Loyalty is a long-term play,” said Kate. She emphasized that airline and hotel redemptions are typically large-ticket items, which take time to accrue. Companies must evaluate:   

  • How confident are you in your customer retention program?
  • How have you managed to offer relevant rewards over the past few months?
  • Is there any incentive to spend on new categories?
  • What commercial partnerships are in the pipeline to support this?

Kate referred to certain offers/ initiatives resulting in more frequent use of cards. The list included discount delivery on food orders, increased cashback rewards in certain category, extended sign-up bonuses etc. are examples of the same. 

Kate also referred to few noticeable developments.  American Express has chosen to extend the period by additional three months (doubled it) to allow one to make eligible purchases to earn welcome bonus for certain cards issued earlier this year. In India, Amazon Pay and ICICI Bank have just shared that their credit card has become the fastest in the country to cross the milestone of one million, in less than 20 months of its launch. Highlights include issuance of reward points directly into Amazon Pay balance and contactless feature embedded in all cards.

By Ritesh Gupta

Ai  Team

 

Striving for a stress-free customer journey

6th November, 2020

The travel sector is going through its toughest balancing act – staying afloat with less. Every penny has to be meticulously spent, contribute to the much-needed cashflow.  And most importantly, every stakeholder is looking to play a bigger role than ever, foraying into unchartered territories to ensure the demand is captured in the best possible manner.

Even as senior travel industry executives, for instance, Travelport’s CEO Greg Webb recommend rapid, accurate testing at airports as a feasible alternative to maintain traveler safety, it is imperative for travel brands to be open and up-dated about every aspect of a trip.

It is not what travel providers usually focus on, even though it is a part of the services they need to provide, acknowledges Manuel Hilty, CEO, Nezasa. “You don’t need to know everything on your own, you just need to build a solid partnership and network of expertise,” he says.

As for what products to offer in order to match expectations of a consumer, Plusgrade 2020 Survey underlined that travelers intend to “travel better” and are showing signs of paying a premium. A seat-blocker is not a “COVID product”, highlighted Pramod Jain, COO, Plusgrade.  

New initiatives are coming along - Airasia.com’s travel vertical has been expanded to encompass non-AirAsia flights; Wizz Air’s mobile app has added ground mobility services for both pre-booking and on-demand requests. The airline launched this mobility platform with CarTrawler.

“This emphasis on the customer will help rebuild the travel sector and offer strong foundations on which we can all grow and thrive,” said Aileen McCormack, Chief Commercial Officer at CarTrawler.

 

COVID-19 tipped to drive investment in payments space

4th November, 2020

Payment specialists are taking vital initiatives to meet merchants’ local and global needs by strengthening their competency across a spate of key areas including digital payment capabilities, cybersecurity and fraud prevention.  

This week Worldline has welcomed Ingenico . The group has expanded the coverage of its payment value chain and its expertise in cross-border acquiring with Ingenico’s global exposure to online commerce.

 

Also, Nuvei has completed the previously announced acquisition of Smart2Pay Global Services to expand its  geographic footprint.

COVID-19 is being tipped to remain an active driver for investment, particularly in the fintech segment.

All this means that specialists are gearing up to support merchants in several areas - transaction routing, authorisation rates and the ability to roll out new payment methods quickly and seamlessly.

Last year witnessed a couple of mega-mergers in this arena. One was the US$42.5b acquisition of WorldPay by FIS. And the other one was the US$22 billion acquisition of First Data by Fiserv.

 

Dealing with old and new risks that trigger a data breach

28th October, 2020

How vulnerable is your critical data? How to respond to a data breach?

Organizations must delve into new risks and repercussions of a data breach with insecure home networks and strained security resources.

Fraud prevention specialists should take note of not only financial aspects, but also associated “soft costs” or hidden cost of data breaches, asserted  Tom Madden, Sr Partner Client Succes + Growth, ICFNext, and Matt Silverman, Sr Partner Corporate Communications and Brand Strategy, ICFNext during the LSA Fall Virtual Conference 2020.

 

A data breach results in a sweeping impact, bringing about not only financial losses but also damages reputation, decreased trust and changed perceptions of organizational strength.

Silverman explained that reputation issues shouldn’t be overlooked. Customers want to feel safe, and since fraud is growing, the probability of an organization’s data assets getting stolen should be brought down.

“Planning is critical,” said Madden.

It is vital for loyalty executives to assess – are they ready to deal with a breach? When it comes to security and transparency – how to communicate? In case a data breach happens, then what to share and what not to share? Timing of communication – within a day or a week? 

“All of this and more has to be a part of a thoughtful decision-making, it can’t be spontaneous,” said Silverman.

Focus on limiting access to data 

Data security isn’t a “set it and forget it” exercise and an ongoing effort is need to address threats to data privacy, data leakage etc.

Experts highlight that within a company,  one cannot misuse or leak what they don’t have access to. So either limit access by default or control the size of the potential leak.

By Ritesh Gupta

Ai Team 

 

“Consumers want to feel secure”: Comarch

27th October, 2020

The significance of consumers feeling secure about their data, including personal information, and all other critical aspects of an individual’s association with a brand, for instance, their garnered loyalty currency,  shouldn’t be undermined.

Almost 85% of consumers “are more loyal to companies that have strong security controls”, highlighted Bindu Gupta, Loyalty & Marketing Strategist, Comarch, Inc during the inaugural session of the LSA Fall Virtual Conference 2020 today. “Consumer loyalty to a brand is at a high risk. Brands cannot take loyalty for granted,” mentioned Bindu.

 

An attack on an entity’s data asset resulting in a breach or on a loyalty program is a big blow, more so at this juncture when teams are working remotely.

Bindu explained that loyalty is more than a rewards program. Trust is what brands must focus on and once this is established, it eventually results in  more transactions (92% more likely to buy additional products and services). Also, “experience” offered too tends to make a huge difference. She also emphasized on the human element of customer experience. Three-fourth of customers tend to be interested in interacting with a human versus an automated machine. “Human connections are needed even more now,” said Bindu. She also mentioned that brands need to personalize the entire earn and rewards experience.  

By Ritesh Gupta

Ai Team