Tokenization, yellow path authentication…impossible to ignore all of this
When one hears that no Apple encryption has been broken yet it comes as a big relief considering the level of fraud that is happening today. Ritesh Gupta, Ai Correspondent takes a closer look at tokenization.
No one likes to waste time on routine tasks that hamper the experience of shopping. One always feels like completing a transaction as soon as possible. The world of mobile commerce has made significant progress in this context, with travel e-commerce entities besotted by the idea of one-click payment.
All of this means no one wants to fill up mundane information again and again. Understandably then a lot is being said and evaluated when it comes to tokenization of payment data.
Going by the spate of fraud incidents in the recent past, more than how PCI compliance requirements shift from the merchant to the payment associate, relatively more important issue is the security of tokenized data. As much as the industry is contemplating about how to modify existing systems to accept tokenization, airlines and other travel companies are also keenly looking at its prowess in terms of combating fraud. Topics like data protection, user authentication and device authentication are valid discussion points in today’s travel shopping environment.
Are consumers savvy enough?
So what is tokenization – just in case one needs to know how it works. It is all about shielding consumer’s data, replacing the payment account information found on a plastic card with numbers that can be utilized to authenticate payment without revealing real account details. When uses a mobile device to complete a contactless transaction, a token is submitted. So customers only need to register their cards once.
Even though Apple didn’t come up with any new payment security standard, the introduction of Apple Pay has aroused immense interest in the arena of mobile commerce. The promise of paying via Apple Pay is enticing enough, considering the popularity of whatever Apple does, but do consumers understand the repercussions of something going awry with their data.
“Absolutely, cardholders are very savvy,” says Melissa Santora, product strategist - Card Services, Fiserv.
She adds, “In fact, security concerns have been one of the top inhibitors to mobile payments adoption. Consumers are being educated by their financial institution and the industry that their card number is not stored on their connect device nor is it seen by the merchant. It’s a powerful differentiator to how mobile payments were introduced to consumers in the past.”
What does Apple Pay support?
Before we understand what Apple Pay is supporting, it is important to know more about dynamic and static tokenization.
Santora explains dynamic tokens change with each transaction whereas a static token remains as one token per connected device. Therefore if you happen to lose your device, you can suspend or delete your token rather than reissuing your card. Additionally, this token can be found on your device as the ‘device account number’. This information can be found on your connected device by either flipping over the card within the wallet or by accessing the Settings portion of the device.
“It’s important to note that tokenization through Apple Pay and the EMVCo. specifications support static tokens only,” says Santora.
Here are some other key aspects about tokenization that are worth knowing:
· HCE: Host Card Emulation or HCE is another flavor of tokenization. When asked about this, Santora mentioned: “We do not have enough information to comment on HCE and the impact/ role that it may have on tokenization however we are actively understanding how HCE may play into tokenization and mobile payments.”
· Benefits and drawbacks associated with tokenization: Just as EMV solves for fraud in the card present space, tokenization is part of offering to mitigate fraud in card-not-present space and digital payments, says Santora. “It’s important for consumers to know that their card number is not stored in their connected device. Also, someone cannot take your phone and use your phone for payments. Touch ID or your Passcode is also required for a tokenized transaction to be completed,” elaborated Santora.
· Definition: It is being highlighted that as per EMVCo specification on tokenization, the definition of token is alternate PAN, which is not the same as one-time use data. Santora says this refers to dynamic vs. static token discussion. The token is considered an alternate PAN or the device account number which is just a surrogate value for the real PAN.
· Not broken yet: It is being emphasised that no Apple encryption has been broken, it’s more to do with how the banks themselves issue credit cards and verify the identities connected to those cards. Santora says, “We have not seen fraud related to Apple Pay and have adhered to the standards and regulations set by the networks for yellow path authentication. We do offer call-center services for yellow path authentication and are thorough in our questions to ensure that cardholder is the rightful owner of that card and provision that cardholder and card with a token.”
When passengers and airlines are confident enough about the role of tokenization, then one can expect a spurt in the use of mobile payment services such as Apple Pay and others.
Time for airlines to minutely scrutinize Bitcoin as an option for commerce
Bitcoin is an attractive option for airlines, be it for lower transaction fees, relatively quicker money transfer or even the sheer experience of using a digital currency. Ritesh Gupta, Airline Information Correspondent finds out more about this emerging option
Technology and devices continue to surprise us, delight us. Be it for the paucity of time, convenience or pure indulgence, travellers are embracing alternative payment methods. And Bitcoin is definitely one such emerging option that gained traction last year. The idea of mobile bitcoin wallet sounds cool, with info including transactions getting updated in real-time.
Travel companies, including airlines and OTAs, are today accepting Bitcoin and other digital currencies. The biggest development is the rise of payment processing platforms that make it simple for airlines and OTAs to accept Bitcoin in a simple and risk-free manner, says Reading, UK-based Akif Khan, VP Solutions Strategy, Bitnet Technologies.
There is a definite trend for airlines and OTAs to be exploring non-card payment types. Be it for lower transaction fees, expanding reach or combating fraud, there are several aspects that are proving to be promising for Bitcoin.
As Khan says, the drivers for this will vary depending on the airline and OTA. “For some, the driver is cost, as they seek to encourage travellers to pay with payment types that charge less than the 1-3% typical of cards. For others, it is about expanding into new and emerging markets, where card penetration may not be high. Finally, for some, it is about brand differentiation, and offering new avenues to pay for travellers that differentiate the airline and OTA from competitors,” he explains.
Even as there are some concerns about this currency’s volatility, accessibility, creating right awareness (especially the perception of Bitcoin being meant for buying illicit drugs) and the uncertainty surrounding regulation, there are clear benefits too.
One shouldn’t ignore the prowess of Bitcoin especially when it comes to the economic inclusion of those underserved by the current banking system.
Bitcoin has multiple benefits for an airline or OTA compared to more traditional payment methods such as cards, says Khan. He explains: First, it is typically cheaper to process a bitcoin payment than it is a card payment. Second, unlike cards there is no chargeback risk when accepting a payment in Bitcoin, which leads to further cost savings for the airline or OTA. Third, there is no cross-border friction when accepting bitcoin, since it is a truly borderless global payment type.
“From a traveller’s perspective, paying with bitcoin can be quicker and simpler than keying in a card number. In addition, due to the elimination of chargeback risk, airlines and OTAs can accept your payment with confidence,” he says. This eliminates the many situations where travellers are inconvenienced when an airline or OTA rejects their card transaction because they suspect it might be fraudulent – for example if the traveller is making the card payment whilst in a foreign country. “Finally, over 2.5 billion in the world do not have access to traditional financial services like credit cards. However, if they have Internet access via their phone, they can get bitcoin. So many travellers will actually be able to book online for the first time, benefitting both them and the airline/OTA,” says Khan.
Where are savings going?
One critical question as a traveller I would like to know is - are travellers going to save any money, or is it only airlines who are going to benefit in this regard?
Khan says some airlines or OTAs may choose to keep the cost savings entirely for themselves, but the smarter ones will use the cost saving to incentivise travellers to pay with bitcoin.
The huge cost savings for airlines and OTAs not only in processing fees but also in not having to apply costly fraud management checks, mean it is in the interest of the airline or OTA to encourage the travellers to pay with bitcoin. This could be done by offering discounts when paying with bitcoin (the opposite of surcharging for credit card use, in fact) or offering frequent flyer bonus awards for example when Bitcoin is used.
Khan recommends that airlines should think carefully about whether they want to implement bitcoin processing themselves, which would likely involve them having to process or store bitcoin, or whether they want to use a processing gateway which converts the bitcoin to local currency on behalf of the airline or OTA. In addition, if a processing gateway is being used, the airline or OTA needs to consider whether the gateway is optimized for use in the travel industry with respect to reporting, reconciliation, security, high availability, and connectivity to the appropriate travel ecosystem platforms.
As for the volatility of Bitcoin, Khan says the same can be abstracted away from the airline or OTA if they select the right payment processing partner. Such entities take on any volatility risk, and guarantee the airline their ticket price when a purchase is made. The bigger challenge is that consumer adoption is still relatively modest, albeit growing rapidly. However, since the implementation costs are modest, it makes financial sense for airlines and OTAs to accept bitcoin even if only for a subset of their transactions, as this will further drive consumer awareness and adoption, leading to even greater cost savings for airlines and OTAs accepting bitcoin.
Bitcoin and Virtual currencies will be on the agenda of the 9th Airline & Travel Payments Summit on the 29th & 30th of October 2015 in Forth Worth, Texas. Details at: www.AirlineTravelPayments.com.
***STOP PRESS*** ►Registration is now open here for the 2015 Mega Event & 10th FFP Loyatly Conference!
Although most European countries, Canada and a number of other markets have adopted mandatory Chip & PIN on physical card payments, removing signature as a form of authentication, there are many markets around the world that are yet to go through this transition - most notably the USA. But the pace of adoption of Chip & PIN is heating up, for example many markets in Asia will be going through this transition over the next few years, with the intentions of, and mandates from, the relevant Central Banks and/or international card Schemes already published.
Even though each market is different and has a distinctive history or legacy surrounding its card payment system, before embarking on the Chip & PIN transition it is worth reviewing what has occurred elsewhere and the learnings from countries that have already “been through the change”. In this regard, the Airline Information is pleased to be able to provide access to “PIN@POS: Australian Case Study” - please click here for a free download.
The payments consulting team of the RFi Group led the PIN@POS initiative on behalf of the Australian card industry, culminating in the removal of signature on 1 August 2014. They have written the Case Study based on their detailed knowledge of a two and a half year journey to PIN@POS, and it provides valuable information for those already on or about to start down the same road. Indeed, readers contemplating an industry-wide coordination of any sort may derive benefit from this case study. We hope that our readers can benefit from these learnings in their own implementation efforts.
Follow us on Twitter: @Ai_Connects_Us
***STOP PRESS*** ►Registration is now open here for the 2015 Mega Event & 10th FFP Loyatly Conference!
It’s scary! Yes, time to minimize credit card and personal data exposure. No travel company wants to be a victim of unauthorized cyber-attacks. But today security protocols are under pressure to deliver. Ritesh Gupta, Airline Information Correspondent assesses the situation
It’s blatantly obvious now. The threat of fraudsters deceitfully obtaining confidential information for card fraud is looming large over airlines, hotels and intermediaries. Travel brands are taking a beating. As much as travellers need to be aware of phishing and skimming, travel companies too now can’t ignore the possibility of a scam. Take the recent case of Mandarin Oriental Hotel Group. The chain’s credit card systems in several of its properties across the U. S. and Europe were accessed without authorization.
So what resulted in breach of such magnitude?
The incident apparently was a direct result of an unauthorized cyber-attack. The chain states that despite the group’s leading data security systems, “this malware was undetectable by all anti-viral systems”.
As per the initial update, the breach only impacted credit card data, but not pin numbers or the 3-4 digit security code required for manual authorization. Mandarin Oriental also clarified that no other personal guest data had been compromised.
The situation is serious, says Kristian Gjerding, CEO CellPoint Mobile, as it does have an impact on bottom line and brand equity (consumer trust), especially moving forward with some of the newer payment methods and the increased ownership of the full transaction flow by airlines. With an increase in mobile payments comes an inevitable increase in the potential for mobile payment fraud. These days, smartphones and tablets can be hacked just as easily as computers, adds Gjerding.
How to prevent such situation
It needs to be understood that as airlines and brands become more astute at detecting fraud, hackers will also become more sophisticated and organized, able to launch higher-level, intricate cybersecurity attacks. Hackers will always try to find ways in, but airlines have an opportunity to limit the scope of the impact by being just as clever and by instituting constantly evolving security measures from the moment of sign-up – the very barriers that keep hackers at bay.
So what needs to be done on an immediate basis?
Answering the same, Gjerding mentioned that several authentication measures can be taken by airlines to prevent many issues. However, attention to hacking needs to be a continuous process, especially with the increase in consumer smart devices and subsequent direct sales channels. “Airlines need to ensure that their security systems are flexible and scalable, to monitor and security activity around the volume of transactions and the various channels in which they take place,” said Gjerding.
Gjerding emphasised that converged payments can solve many of the complexities of cross-channel digital transactions by providing airlines the technology and architecture they need to make the process uncomplicated, secure at various stages of the process, flexible and holistically visible – not to mention seamless and easy for customers.
The basic concept behind converged payments is that all transactional activities—payments, redemptions, bookings, security step-checks, authentication, etc.—converge into a single, secure infrastructure where they are managed, processed and authorized.
Many steps can be taken to minimise risk of credit card and personal data exposure, such as compartmentalization and tokenization on the inside of the airline’s DMZ (Demilitarized zone. Network added between a private and a public network to provide additional layer of security), said Gjerding. He added, “With the increase in passenger self-service, however, airlines will have to expose access to services and data – a level of vulnerability through which hackers can gain access,”
With a converged payments architecture serving as an organizing funnel, information from varied and disparate sources is fed into a central operation, checked and verified, standardized and normalized, and then exposed to extra layers of security so that the resulting transactions—payments, ticket bookings, boarding passes, rewards redemptions, in-flight purchases, upgrades, baggage fees, refunds and the like—are processed within a common, robust environment.
Converged payments capabilities also provide a centralized view of a customer’s digital/ mobile transactions and activities: payments, loyalty, booking, fraud detection and more.
With silos eliminated and processes streamlined by the underlying infrastructure, payments are executed quickly and seamlessly for the customer and the airline, and protected from hackers and other online threats through real-time alerts and, when necessary, manual verification and processing.
The team at CellPoint Mobile considers “inside the DMZ” prevention to be an important addition to firewalls and external fraud measures. This is a system that monitors, acts and reports on suspicious activity from the inside and can include configurable fraud-alert rule sets, data- profiling modules, and other authentication measures.
With the eventual ability to mix-and-match cash, credit payments and rewards redemptions for financial transactions, airlines will need comprehensive solutions that can detect, prevent and mitigate all types of fraudulent activities that occur in the complicated payments ecosystem.
Follow us on Twitter: @Ai_Connects_Us
Airlines need an infrastructure that lets them manage complex payment ecosystems, passenger smart devices and other vendors, writes Ritesh Gupta, Airline Information Correspondent
Airlines today do acknowledge the significance of setting up a converged payment architecture, but at the same time they also intend to refrain from inviting any sort of complexity. More than incurring new expenditure, and handling complexity of system integration that needs to be taken care of with different gateways for different channels, airlines can’t afford to slip up on the customer experience issue.
Gearing up for change
Today an entity has to deal with numerous back-end systems supporting several channels, all of which have to interact seamlessly with multiple consumer devices, and transaction initiation points.
Kristian Gjerding, CEO of Cell Point Mobile, says the challenge for airlines is to extract themselves from the rapid changes and various ways that alternative payment methods (APM’s) are handled within the payments ecosystem. The entire system is rapidly expanding and becoming increasingly complex, and it needs to be put at arm’s length from the airline. “Therefore, the airline industry needs to gear its infrastructure to manage this rapid change and fragmentation, and not rely on any one provider and channel,” he says.
According to Gjerding, the airline needs a buffer in the form of an extraction layer between the external payment methods and consumer e-wallets such as Apple Pay, MasterPass and Google Wallet, and the digital transactions they support.
This extraction layer can orchestrate and integrate how these various payment methods and data sources become available within the airline’s own channels without compromising control, independence and cost of service.
The bottom line is that airlines need to own their own travel ecosystem, says Gjerding.
“They (airlines) pay a premium for every passenger they get, and once they have passengers in that universe, they should be relentless about ensuring that passengers remains, because that’s where loyalty, repeat business, ancillary revenue and all of the other revenue opportunities happen,” emphasizes Gjerding. Airlines need an infrastructure that lets them manage complex payments ecosystems, passenger smart devices and other vendors, and not be managed by them. “If they own and manage the travel universe - and thereby the user journey - then they can make the payment experience secondary to the overall experience with the airline, process payments more cost-effectively, negotiate better rates with payment providers and focus instead on making everything seamless for the passenger. But do to this, they need control of the payments universe,” states Gjerding.
Airlines need to consider complexity of system integration and handle different gateways for different channels, multiple integrations required into a variety of business systems etc. Airlines need to take into consideration a couple of issues:
And as end-to-end digital commerce shopping becomes a reality, airlines need to not only orchestrate, translate and manage the complex external payments ecosystem but also manage all of the rest of the internal travel-related activities that occur – the issuing of boarding cards, ticketing, and ancillary revenue – anything that is going to be serviced through self-service channels as well as call centers.
Airlines need to relook at their digital commerce infrastructure today to streamline transactions in the multi-channel, multi-device shopping environment.
It’s critical that airlines create a uniform, omni-channel experience. The airline needs a smart infrastructure that can manage the transaction in a way that creates a predictable, recognizable user journey, no matter which channel the passenger chooses, says Gjerding. He adds, “Furthermore, the infrastructure needs to make it easy to continue a transaction if a passenger’s Internet connection dies or the phone line cuts out, without having to start over. The front-end environment also needs the capability to deploy new vendor functions and new payments features simultaneously across channels, maintaining competitiveness and increase passenger satisfaction.”
It’s all about cross-channel seamlessness and un-broken transactions, simplifying the pathway to purchase which is what the digital passenger expects and demands. Getting it right will increase revenues, margin and passenger loyalty.
Follow us on Twitter: @Ai_Connects_Us
The advent of e-commerce has significantly broken down trade frontiers making cross-border e-commerce, wherein consumers buy online from merchants located in other countries, easier than it has ever been. It is now possible for any business to rapidly expand internationally, and payments is a key driver of this opportunity. This editorial, provided to Airline Information by Adyen, will share some best practices and opportunites for cross-border payments for the airline & travel industry.
Best Practice 1: Implement relevant payment methods
The customer journey starts long before setting foot on a plane, and the first best practice is to ensure that the whole customer experience is optimized for local consumers and that each country-specific website enables local consumers to pay with the relevant local payment methods.
Two examples: in China, hundreds of millions of your potential customers prefer to pay with local payment methods such as Alipay or UnionPay. In the Netherlands, around 40% of travel transactions are completed with iDEAL. Without accepting local payments in these two markets, as well as many others, you may lose the opportunity to convert these shoppers into customers.
Best Practice 2: Maximize approval rates
Once the relevant local payment methods have been enabled and the appropriate customer experience has been set up, another best practice is to maximize approval rates in each country, especially for card transactions.
Based on Adyen's data, an analysis was conducted in order to quantify the potential uplift in card approval rates when merchants use a local merchant of record (i.e. a local legal entity) to process transactions for a few key markets.
The research showed that in countries such as Germany, Brazil and the US, a local merchant of record generated an uplift in card approval rates greater than 5%, which is a major impact.
Best Practice 3: Optimize fraud management
Most importantly, merchants need to ensure that their fraud strategy (fraud policy, fraud prevention tools and processes, and human resources involved in fraud analysis and manual reviews) evolves in line with their international expansion. The clear best practice here is to adjust fraud policies and tools to reflect the unique nature of each market, because fraud patterns vary by country.
These are just a few examples of best practices for cross border payments, and how you can benefit from a better understanding of international payment processing. To read all the findings from the Adyen and Edgar, Dunn & Company (EDC) white paper “Cross-Border Payments - Opportunities and Best Practices for Going Global” click here.
To find out more about payment innovation please join us and your fellow industry professionals at the Networking Evening in Amsterdam, hosted by Adyen, on the evening of Thursday 5th of February 2015. You can register for this event by clicking here.
Today’s technological advancements present a dilemma for airlines. Carriers need to ensure they are in control of the passenger experience, not leaving it free for others, writes Ritesh Gupta, Airline Information Correspondent
Using fingerprint as a passcode, accessing a boarding pass or completing a transaction via mobile - all of it while on the move fascinates me. Managing a particular service or an app via a smartphone is getting simpler day by day. Whatever the likes of Apple and Google do is hard to ignore. The advent of Apple Pay, wearables technology, or even the emergence of Samsung Pay does garner our attention. The buzz is unmistakable, and the curiosity factor does take over.
But, as a traveller, I wonder can I really have a seamless experience today?
So let’s say I access my flight itinerary via Gmail on the day of the travel, and Google smartly sends me a restaurant voucher when I am at the airport. But if I choose to pay via Apple Pay, would it be possible? Or do I end up paying via Google Wallet only in the future?
The mobile payment landscape is changing with many legacy players like PayPal and Stripe coming up against the newer challengers like Google Wallet and Apple Pay and whilst this is great for the movement it’s going to be a confusing time for the consumer as all these systems and payment methods start to cross over each other, it’s going to be especially confusing for iOS users as Google Wallet exists on Android and Apple devices, says Glenville Morris, Head of Consulting at Mobile Travel Technologies (MTT).
Specifically referring to the scenario mentioned, Morris says it depends if the voucher covered the whole amount due, if not you could part pay with Google Wallet and then change your payment method to Apple Pay but moments like this will happen going forward so processes will need to put in place.
Google and Apple
Such issues are going to crop up. The talk of being in control by knowing the passenger better, letting them complete their task with whatever option they use is going to be the key. And coming to grips with what Apple and Google are up to is must.
“Google and also Apple have without doubt brought enhancements to the travel experience. In particular Google Now has had a big impact - out of the 23 possible Google Now cards – 9 are directly related to the travel sphere,” says Morris. However, it presents a dilemma for airlines and they need to ensure they are in control of the passenger experience and not leaving it free for Google to handhold their passengers through their travel preparation and when they are actually travelling, says Morris.
He says airlines instead can work closely with Google to improve how they service passengers on their day of travel as well as before and after by using the data and the app functionality Google provides such as indoor mapping in airports and Google Wallet to enable app payments, rather than letting them step in and take control of the end-to-end passenger experience. Morris says for airlines to properly own and influence the passenger experience, having their own apps and cleverly managing all of the iOS and Android technology as it evolves is key.
“Mobile payments will really help to further the adoption and growth of mobile bookings for airlines so the introduction of Google Wallet and Apple Pay is a good development for airlines. In addition to growing mobile bookings, it will also open up new opportunities to drive ancillary sales via mobile,” adds Morris.
Making every touchpoint count
Airlines need to ensure various touchpoints of a traveller’s journey do not result in a disjointed experience. The biggest opportunity for airlines now is to shape and enhance a passenger’s journey at each one of those steps.
Personalization, context and immediacy are all key to making each individual’s journey what it should be – individual to their needs. And as Morris says, mobile is a key driver to enable all three – the personalised experience, the real-time nature to address immediate needs and the contextual awareness of the stage of the individual’s journey.
He further explains: If your passenger always searches on his mobile, but books on his tablet then target them on that device with an abandoned basket email – if they always upgrade at check-in, then send them a mobile push notification as they walk in to the airport offering an upgrade – if they only ever hire a car in Barcelona when travelling with family then on arrival at BCN show an airport map guiding the passenger to Europa who are offering 25% off car seats for kids. “The age of sell, sell, sell is over, it’s about selling smarter using data from learned past behaviours and the passengers context while travelling to provide the most relevant and useful offerings at each touch point of the journey, asserts Morris.
The biggest trend in the industry right now is and should be ‘continuous engagement’, says Morris.
And it should be continuous engagement at all levels – at the customer service level for improved customer satisfaction and at the ancillary level by pushing personalized offerings to increase the overall ‘value’ of each passenger to the airline all while putting useful products in front of the passenger.
Mobile has taken the modern airline app beyond the simple ‘book flights’ and ‘check-in’ model of old. There is now the opportunity to engage with your passengers throughout the entire travel lifecycle. Not only till the point a journey is over, but also even as customers walk towards the exit door of the airport on their return home, engage with them again about that ‘next trip’, says Morris.
Airlines are responding to the latest developments.
Disruption in an industry can be a great thing provided you’re ready for it, says Morris. “I used to work in the music industry many years ago and when Apple marched into our party in 2001 with iTunes, we were two things, completely unready and 100% arrogant. Well, we all know what happened there.” He adds, “Travel has changed so little, whilst all other industries around us have moved forward but I feel we have learnt from the mistakes of industries like music and now the travel industry is ready for the change Apple is bringing.”
He says it is important to understand how many airlines already have Apple Watch apps ready for launch (eight major airlines Emirates, easyJet, Qantas, American Airlines etc) and at least 5 more are rumoured or just about to announce soon.
JetBlue became the first U.S. airline to accept Apple Pay in the sky. The airline has chosen to facilitate onboard transactions, letting passengers pay for à la carte food options, premium beverages, onboard amenities etc.
“How many airlines had Passbook on day one three years ago, just two! Lufthansa and United Airlines,” reminisces Morris.
Adapt or die has never been truer in this case.
Airlines' plan to show card fraudsters the exit takes off
A quite extraordinary revolution has been taking place in our skies in the last few years. And it's the good guys who are getting the upper hand, writes Ciaran Nagle. International crime has been growing rapidly over the last couple of decades, according to all the research.
And it's no surprise that one of the industries where crime has been accelerating the fastest is one which by its very nature involves much crossing of borders, air travel.
But air travel has attracted not just any old criminal. It's a very particular type of law-breaker that's decided to pick the pockets of this industry: the credit card fraudster. Credit card fraud is on the rise again after peaking in 2008. Security controls introduced at that time had a very positive effect. But fraudsters are again adapting their methods to the new online environment.
48% Increase in International Card Fraud
What's interesting now is the difference between national and international fraud growth. In Europe, total card fraud is netting criminal gangs €1.5Bn annually. And in the UK alone card fraud against merchants is up 4% to €130m since 2013, according to Financial Fraud Action which is the body co-ordinating the fight against fraud for the UK's financial services industry, Europe's largest. But card fraud from the UK against international merchants is up a massive 48% to €75m! If we take what's happening in the UK as an example of a general trend - and Europol believes it is a general trend - it clearly shows that criminals see huge opportunities outside of their own countries. Clearly, crooks are happy to travel, at least with their fingers.
It's easy to understand why fraudsters have been able to get away with their deceitful habit for so long. Police forces and criminal justice systems tend to be organised along national lines and are focused on domestic problems. International crime only gets attention when it involves terrorism or huge amounts of drugs or money.
So when you have crime that crosses national boundaries involving no violence and only a relatively small amount of money - the price of a plane ticket - it's seen as a thorny problem that's hardly worth solving. Until now.
Just look at the all-too-real complexity of a typical fraud case and you can see why it's such a headache for crime fighters.
Credit card data issued in Country A is stolen and used for a flight booking purchased in Country B for a passenger in Country C booking with an airline based in Country D for a flight with a partner airline in Country E ending in Country F. Add to this that the airline in Country D may use a bank based in Country G.
So where does the crime take place? In which country should the fraudster face charges? And how do you gather evidence from a cross-border crime trail that will be accepted by a national court?
The Beginning of the Fight Back
In the early years of card fraud, airlines looked upon fraud as a minor nuisance, a flea bite. It was easier to refund the occasional airline ticket to an innocent victim than to incur the costs of setting up a department to combat it.
But as instances of card fraud grew it could no longer be ignored. Airlines began to keep records of names and email addresses associated with bad bookings. Analysts were employed to monitor bookings and check a random sample against the bad bookings list.
Alternative payment methods are attractive, but don’t forget to assess key issues. There are specific challenges, be it for system integration or fraud management that airlines need to address as they go for alternative payment methods. Airline Information’s Ritesh Gupta assesses 5 key issues.
A seamless buying experience is one that offers a travel shopper convenience, ease of use, and security. And an integral part of such experience is the preferred mode of payment. Merchants are trying to simplify transactions, for example, eradicating the need for usernames and passwords each time one pays. The industry is moving toward single touch payment experience via apps. While a passenger may have plenty of choices today to complete a transaction, it also means that airlines can’t afford to slip of any new mode of payment.
For instance, consider the talk about Apple Pay transactions and a consumer wallet experience for native iOS apps. The buzz is unmistakable, and airlines need to swiftly assess how to remove the friction from the mobile buying experience. In fact, travel suppliers have to be prompt enough to inform consumers about any new payment, be it for value of electronic currency, bitcoin, or Apple Pay transactions.
During the 3rd edition of ATPS APAC 2014 conference, held recently in Singapore, it emerged that global e-transaction payment mix is evolving considerably in the airline sector. According to Linus Goh, business development director, Asia Pacific at WorldPay, spend on alternative payments and cards is expected to trade places by 2017. Alternative payment methods will account for 59% of all transactions by 2017!
Here we explore 5 key issues pertaining to alternative payment methods:
One of the major impacts of smartphones in the payment arena is speed with which can pay. The promise of completing a transaction in less than a minute has been around for a while. This is exerting pressure on airlines, hotels and intermediaries as no one can afford to drop their conversion rates.
In case of HotelQuickly, a mobile specialist intermediary based in Hong Kong, the processing time for a payment came down from 7 seconds to 3 seconds when the company switched over to PayPal instead of another payment service provider. “The main reason (behind the switch) is that the previous merchant bank slowed down the process,” shared Mario Peng, co-founder and CFO, HotelQuickly.
From a company’s perspective that specialises in transactions via a mobile app, Peng mentioned that entities can face several mobile inbound payment challenges. These include: payment outside of app, network stability, and speed. The team not only looked at associated costs as it attempted to find a solution. It also considered several factors such as currencies, and faster processing. At the same time, HotelQuickly also sorted out several outbound payment complexities (pertaining to dealing with hotels), such as administrative costs, human errors and fraud. Peng referred to a chained payment solution: Immediate and automated payment to PayPal account of hotel, and no follow-up for failed card, wrong amount charged, double charging, or fraud.
Both OTAs and airlines have been news for accepting crypto-currency bitcoin. OTA CheapAir.com, which crossed the $1.5 million mark for sales of flights and hotels in bitcoin a couple of months ago, acknowledges that Bitcoin is in its nascent stages and it’s subject to all of the fluctuations in value. But it is a promising option, working in favour of consumers for several reasons.
CheapAir.com recently mentioned in one of its blog postings: “We think the online legacy payment systems are ridiculously unwieldy – customers must fill out long forms, sharing personal information like their address and credit card security codes just to make a simple purchase and all of this complexity does not eliminate fraud.”
As for a bitcoin transaction, this method is being considered to be hassle free. It also paves way for transparency by removing hidden fee, such as 3% cost to process credit card transactions.
As Waqas explains, for any airline, the transactions happen globally from various sources- own offices, agents, BSPs etc. “ Having different gateway channels and multiple integrations create problems in maintenance, duplication of efforts and complexities in tracking the transactions. (It is) preferred to have one gateway wherein all channels can be routed through. There will be a need to develop one integration,” he says.
The sector needs to look at how shift of fraud to mobile channel is shaping up. This is clear need for stronger inspection and tailored fraud rules. One needs to look at fraud implications due to issues pertaining to 3DS authentication. Also, fraud varies by channel web, mobile and phone. Organizations today have to plan for fraud data and act on all available data when implementing fraud rules.
If you are keen on learning and debating about the latest developments in the arena of travel payments and fraud, then join us at Airline Information’s 8th Global Airline & Travel Payments Summit - ATPS 2014 scheduled to take place in San Francisco (3-4 December, 2014).
Airline Information recently ran a webinar with Jumio: How Fraudsters Steal Identities: and how to stop them from booking on your site. Hosted by Jumio's Marketing Director, David Pope, with Airline Information's Michael Smith, this webinar explained the research that went into Jumio's Fraudsters' Playbook white paper. It covered:
The Wi-Fi crack: Savour the smell of freshly roasted coffee
The local government census: The fraudster always knocks twice
Social media techniques: My virtual friend, the real life fraudster
The loyalty discount offer: If it looks too good to be true...
The Fraud Forums: Pop to the market and use the retailers’ own data
With the airline & travel industry being one of the largest targets for fraudsters and because this webinar was so entertaining and informative, we wanted to make it available to those who missed it. You can watch the presentation and listen to the webinar below:
You can also access the Fraudsters Playbook white paper here: https://pages.jumio.com/webinar-Airline-Information-FP-Downloads.html