***STOP PRESS*** ►Registration is now open here for the 2015 Mega Event & 10th FFP Loyatly Conference!
Although most European countries, Canada and a number of other markets have adopted mandatory Chip & PIN on physical card payments, removing signature as a form of authentication, there are many markets around the world that are yet to go through this transition - most notably the USA. But the pace of adoption of Chip & PIN is heating up, for example many markets in Asia will be going through this transition over the next few years, with the intentions of, and mandates from, the relevant Central Banks and/or international card Schemes already published.
Even though each market is different and has a distinctive history or legacy surrounding its card payment system, before embarking on the Chip & PIN transition it is worth reviewing what has occurred elsewhere and the learnings from countries that have already “been through the change”. In this regard, the Airline Information is pleased to be able to provide access to “PIN@POS: Australian Case Study” - please click here for a free download.
The payments consulting team of the RFi Group led the PIN@POS initiative on behalf of the Australian card industry, culminating in the removal of signature on 1 August 2014. They have written the Case Study based on their detailed knowledge of a two and a half year journey to PIN@POS, and it provides valuable information for those already on or about to start down the same road. Indeed, readers contemplating an industry-wide coordination of any sort may derive benefit from this case study. We hope that our readers can benefit from these learnings in their own implementation efforts.
Follow us on Twitter: @Ai_Connects_Us
***STOP PRESS*** ►Registration is now open here for the 2015 Mega Event & 10th FFP Loyatly Conference!
It’s scary! Yes, time to minimize credit card and personal data exposure. No travel company wants to be a victim of unauthorized cyber-attacks. But today security protocols are under pressure to deliver. Ritesh Gupta, Airline Information Correspondent assesses the situation
It’s blatantly obvious now. The threat of fraudsters deceitfully obtaining confidential information for card fraud is looming large over airlines, hotels and intermediaries. Travel brands are taking a beating. As much as travellers need to be aware of phishing and skimming, travel companies too now can’t ignore the possibility of a scam. Take the recent case of Mandarin Oriental Hotel Group. The chain’s credit card systems in several of its properties across the U. S. and Europe were accessed without authorization.
So what resulted in breach of such magnitude?
The incident apparently was a direct result of an unauthorized cyber-attack. The chain states that despite the group’s leading data security systems, “this malware was undetectable by all anti-viral systems”.
As per the initial update, the breach only impacted credit card data, but not pin numbers or the 3-4 digit security code required for manual authorization. Mandarin Oriental also clarified that no other personal guest data had been compromised.
The situation is serious, says Kristian Gjerding, CEO CellPoint Mobile, as it does have an impact on bottom line and brand equity (consumer trust), especially moving forward with some of the newer payment methods and the increased ownership of the full transaction flow by airlines. With an increase in mobile payments comes an inevitable increase in the potential for mobile payment fraud. These days, smartphones and tablets can be hacked just as easily as computers, adds Gjerding.
How to prevent such situation
It needs to be understood that as airlines and brands become more astute at detecting fraud, hackers will also become more sophisticated and organized, able to launch higher-level, intricate cybersecurity attacks. Hackers will always try to find ways in, but airlines have an opportunity to limit the scope of the impact by being just as clever and by instituting constantly evolving security measures from the moment of sign-up – the very barriers that keep hackers at bay.
So what needs to be done on an immediate basis?
Answering the same, Gjerding mentioned that several authentication measures can be taken by airlines to prevent many issues. However, attention to hacking needs to be a continuous process, especially with the increase in consumer smart devices and subsequent direct sales channels. “Airlines need to ensure that their security systems are flexible and scalable, to monitor and security activity around the volume of transactions and the various channels in which they take place,” said Gjerding.
Gjerding emphasised that converged payments can solve many of the complexities of cross-channel digital transactions by providing airlines the technology and architecture they need to make the process uncomplicated, secure at various stages of the process, flexible and holistically visible – not to mention seamless and easy for customers.
The basic concept behind converged payments is that all transactional activities—payments, redemptions, bookings, security step-checks, authentication, etc.—converge into a single, secure infrastructure where they are managed, processed and authorized.
Many steps can be taken to minimise risk of credit card and personal data exposure, such as compartmentalization and tokenization on the inside of the airline’s DMZ (Demilitarized zone. Network added between a private and a public network to provide additional layer of security), said Gjerding. He added, “With the increase in passenger self-service, however, airlines will have to expose access to services and data – a level of vulnerability through which hackers can gain access,”
With a converged payments architecture serving as an organizing funnel, information from varied and disparate sources is fed into a central operation, checked and verified, standardized and normalized, and then exposed to extra layers of security so that the resulting transactions—payments, ticket bookings, boarding passes, rewards redemptions, in-flight purchases, upgrades, baggage fees, refunds and the like—are processed within a common, robust environment.
Converged payments capabilities also provide a centralized view of a customer’s digital/ mobile transactions and activities: payments, loyalty, booking, fraud detection and more.
With silos eliminated and processes streamlined by the underlying infrastructure, payments are executed quickly and seamlessly for the customer and the airline, and protected from hackers and other online threats through real-time alerts and, when necessary, manual verification and processing.
The team at CellPoint Mobile considers “inside the DMZ” prevention to be an important addition to firewalls and external fraud measures. This is a system that monitors, acts and reports on suspicious activity from the inside and can include configurable fraud-alert rule sets, data- profiling modules, and other authentication measures.
With the eventual ability to mix-and-match cash, credit payments and rewards redemptions for financial transactions, airlines will need comprehensive solutions that can detect, prevent and mitigate all types of fraudulent activities that occur in the complicated payments ecosystem.
Follow us on Twitter: @Ai_Connects_Us
Airlines need an infrastructure that lets them manage complex payment ecosystems, passenger smart devices and other vendors, writes Ritesh Gupta, Airline Information Correspondent
Airlines today do acknowledge the significance of setting up a converged payment architecture, but at the same time they also intend to refrain from inviting any sort of complexity. More than incurring new expenditure, and handling complexity of system integration that needs to be taken care of with different gateways for different channels, airlines can’t afford to slip up on the customer experience issue.
Gearing up for change
Today an entity has to deal with numerous back-end systems supporting several channels, all of which have to interact seamlessly with multiple consumer devices, and transaction initiation points.
Kristian Gjerding, CEO of Cell Point Mobile, says the challenge for airlines is to extract themselves from the rapid changes and various ways that alternative payment methods (APM’s) are handled within the payments ecosystem. The entire system is rapidly expanding and becoming increasingly complex, and it needs to be put at arm’s length from the airline. “Therefore, the airline industry needs to gear its infrastructure to manage this rapid change and fragmentation, and not rely on any one provider and channel,” he says.
According to Gjerding, the airline needs a buffer in the form of an extraction layer between the external payment methods and consumer e-wallets such as Apple Pay, MasterPass and Google Wallet, and the digital transactions they support.
This extraction layer can orchestrate and integrate how these various payment methods and data sources become available within the airline’s own channels without compromising control, independence and cost of service.
The bottom line is that airlines need to own their own travel ecosystem, says Gjerding.
“They (airlines) pay a premium for every passenger they get, and once they have passengers in that universe, they should be relentless about ensuring that passengers remains, because that’s where loyalty, repeat business, ancillary revenue and all of the other revenue opportunities happen,” emphasizes Gjerding. Airlines need an infrastructure that lets them manage complex payments ecosystems, passenger smart devices and other vendors, and not be managed by them. “If they own and manage the travel universe - and thereby the user journey - then they can make the payment experience secondary to the overall experience with the airline, process payments more cost-effectively, negotiate better rates with payment providers and focus instead on making everything seamless for the passenger. But do to this, they need control of the payments universe,” states Gjerding.
Airlines need to consider complexity of system integration and handle different gateways for different channels, multiple integrations required into a variety of business systems etc. Airlines need to take into consideration a couple of issues:
And as end-to-end digital commerce shopping becomes a reality, airlines need to not only orchestrate, translate and manage the complex external payments ecosystem but also manage all of the rest of the internal travel-related activities that occur – the issuing of boarding cards, ticketing, and ancillary revenue – anything that is going to be serviced through self-service channels as well as call centers.
Airlines need to relook at their digital commerce infrastructure today to streamline transactions in the multi-channel, multi-device shopping environment.
It’s critical that airlines create a uniform, omni-channel experience. The airline needs a smart infrastructure that can manage the transaction in a way that creates a predictable, recognizable user journey, no matter which channel the passenger chooses, says Gjerding. He adds, “Furthermore, the infrastructure needs to make it easy to continue a transaction if a passenger’s Internet connection dies or the phone line cuts out, without having to start over. The front-end environment also needs the capability to deploy new vendor functions and new payments features simultaneously across channels, maintaining competitiveness and increase passenger satisfaction.”
It’s all about cross-channel seamlessness and un-broken transactions, simplifying the pathway to purchase which is what the digital passenger expects and demands. Getting it right will increase revenues, margin and passenger loyalty.
Follow us on Twitter: @Ai_Connects_Us
The advent of e-commerce has significantly broken down trade frontiers making cross-border e-commerce, wherein consumers buy online from merchants located in other countries, easier than it has ever been. It is now possible for any business to rapidly expand internationally, and payments is a key driver of this opportunity. This editorial, provided to Airline Information by Adyen, will share some best practices and opportunites for cross-border payments for the airline & travel industry.
Best Practice 1: Implement relevant payment methods
The customer journey starts long before setting foot on a plane, and the first best practice is to ensure that the whole customer experience is optimized for local consumers and that each country-specific website enables local consumers to pay with the relevant local payment methods.
Two examples: in China, hundreds of millions of your potential customers prefer to pay with local payment methods such as Alipay or UnionPay. In the Netherlands, around 40% of travel transactions are completed with iDEAL. Without accepting local payments in these two markets, as well as many others, you may lose the opportunity to convert these shoppers into customers.
Best Practice 2: Maximize approval rates
Once the relevant local payment methods have been enabled and the appropriate customer experience has been set up, another best practice is to maximize approval rates in each country, especially for card transactions.
Based on Adyen's data, an analysis was conducted in order to quantify the potential uplift in card approval rates when merchants use a local merchant of record (i.e. a local legal entity) to process transactions for a few key markets.
The research showed that in countries such as Germany, Brazil and the US, a local merchant of record generated an uplift in card approval rates greater than 5%, which is a major impact.
Best Practice 3: Optimize fraud management
Most importantly, merchants need to ensure that their fraud strategy (fraud policy, fraud prevention tools and processes, and human resources involved in fraud analysis and manual reviews) evolves in line with their international expansion. The clear best practice here is to adjust fraud policies and tools to reflect the unique nature of each market, because fraud patterns vary by country.
These are just a few examples of best practices for cross border payments, and how you can benefit from a better understanding of international payment processing. To read all the findings from the Adyen and Edgar, Dunn & Company (EDC) white paper “Cross-Border Payments - Opportunities and Best Practices for Going Global” click here.
To find out more about payment innovation please join us and your fellow industry professionals at the Networking Evening in Amsterdam, hosted by Adyen, on the evening of Thursday 5th of February 2015. You can register for this event by clicking here.
Today’s technological advancements present a dilemma for airlines. Carriers need to ensure they are in control of the passenger experience, not leaving it free for others, writes Ritesh Gupta, Airline Information Correspondent
Using fingerprint as a passcode, accessing a boarding pass or completing a transaction via mobile - all of it while on the move fascinates me. Managing a particular service or an app via a smartphone is getting simpler day by day. Whatever the likes of Apple and Google do is hard to ignore. The advent of Apple Pay, wearables technology, or even the emergence of Samsung Pay does garner our attention. The buzz is unmistakable, and the curiosity factor does take over.
But, as a traveller, I wonder can I really have a seamless experience today?
So let’s say I access my flight itinerary via Gmail on the day of the travel, and Google smartly sends me a restaurant voucher when I am at the airport. But if I choose to pay via Apple Pay, would it be possible? Or do I end up paying via Google Wallet only in the future?
The mobile payment landscape is changing with many legacy players like PayPal and Stripe coming up against the newer challengers like Google Wallet and Apple Pay and whilst this is great for the movement it’s going to be a confusing time for the consumer as all these systems and payment methods start to cross over each other, it’s going to be especially confusing for iOS users as Google Wallet exists on Android and Apple devices, says Glenville Morris, Head of Consulting at Mobile Travel Technologies (MTT).
Specifically referring to the scenario mentioned, Morris says it depends if the voucher covered the whole amount due, if not you could part pay with Google Wallet and then change your payment method to Apple Pay but moments like this will happen going forward so processes will need to put in place.
Google and Apple
Such issues are going to crop up. The talk of being in control by knowing the passenger better, letting them complete their task with whatever option they use is going to be the key. And coming to grips with what Apple and Google are up to is must.
“Google and also Apple have without doubt brought enhancements to the travel experience. In particular Google Now has had a big impact - out of the 23 possible Google Now cards – 9 are directly related to the travel sphere,” says Morris. However, it presents a dilemma for airlines and they need to ensure they are in control of the passenger experience and not leaving it free for Google to handhold their passengers through their travel preparation and when they are actually travelling, says Morris.
He says airlines instead can work closely with Google to improve how they service passengers on their day of travel as well as before and after by using the data and the app functionality Google provides such as indoor mapping in airports and Google Wallet to enable app payments, rather than letting them step in and take control of the end-to-end passenger experience. Morris says for airlines to properly own and influence the passenger experience, having their own apps and cleverly managing all of the iOS and Android technology as it evolves is key.
“Mobile payments will really help to further the adoption and growth of mobile bookings for airlines so the introduction of Google Wallet and Apple Pay is a good development for airlines. In addition to growing mobile bookings, it will also open up new opportunities to drive ancillary sales via mobile,” adds Morris.
Making every touchpoint count
Airlines need to ensure various touchpoints of a traveller’s journey do not result in a disjointed experience. The biggest opportunity for airlines now is to shape and enhance a passenger’s journey at each one of those steps.
Personalization, context and immediacy are all key to making each individual’s journey what it should be – individual to their needs. And as Morris says, mobile is a key driver to enable all three – the personalised experience, the real-time nature to address immediate needs and the contextual awareness of the stage of the individual’s journey.
He further explains: If your passenger always searches on his mobile, but books on his tablet then target them on that device with an abandoned basket email – if they always upgrade at check-in, then send them a mobile push notification as they walk in to the airport offering an upgrade – if they only ever hire a car in Barcelona when travelling with family then on arrival at BCN show an airport map guiding the passenger to Europa who are offering 25% off car seats for kids. “The age of sell, sell, sell is over, it’s about selling smarter using data from learned past behaviours and the passengers context while travelling to provide the most relevant and useful offerings at each touch point of the journey, asserts Morris.
The biggest trend in the industry right now is and should be ‘continuous engagement’, says Morris.
And it should be continuous engagement at all levels – at the customer service level for improved customer satisfaction and at the ancillary level by pushing personalized offerings to increase the overall ‘value’ of each passenger to the airline all while putting useful products in front of the passenger.
Mobile has taken the modern airline app beyond the simple ‘book flights’ and ‘check-in’ model of old. There is now the opportunity to engage with your passengers throughout the entire travel lifecycle. Not only till the point a journey is over, but also even as customers walk towards the exit door of the airport on their return home, engage with them again about that ‘next trip’, says Morris.
Airlines are responding to the latest developments.
Disruption in an industry can be a great thing provided you’re ready for it, says Morris. “I used to work in the music industry many years ago and when Apple marched into our party in 2001 with iTunes, we were two things, completely unready and 100% arrogant. Well, we all know what happened there.” He adds, “Travel has changed so little, whilst all other industries around us have moved forward but I feel we have learnt from the mistakes of industries like music and now the travel industry is ready for the change Apple is bringing.”
He says it is important to understand how many airlines already have Apple Watch apps ready for launch (eight major airlines Emirates, easyJet, Qantas, American Airlines etc) and at least 5 more are rumoured or just about to announce soon.
JetBlue became the first U.S. airline to accept Apple Pay in the sky. The airline has chosen to facilitate onboard transactions, letting passengers pay for à la carte food options, premium beverages, onboard amenities etc.
“How many airlines had Passbook on day one three years ago, just two! Lufthansa and United Airlines,” reminisces Morris.
Adapt or die has never been truer in this case.
Airlines' plan to show card fraudsters the exit takes off
A quite extraordinary revolution has been taking place in our skies in the last few years. And it's the good guys who are getting the upper hand, writes Ciaran Nagle. International crime has been growing rapidly over the last couple of decades, according to all the research.
And it's no surprise that one of the industries where crime has been accelerating the fastest is one which by its very nature involves much crossing of borders, air travel.
But air travel has attracted not just any old criminal. It's a very particular type of law-breaker that's decided to pick the pockets of this industry: the credit card fraudster. Credit card fraud is on the rise again after peaking in 2008. Security controls introduced at that time had a very positive effect. But fraudsters are again adapting their methods to the new online environment.
48% Increase in International Card Fraud
What's interesting now is the difference between national and international fraud growth. In Europe, total card fraud is netting criminal gangs €1.5Bn annually. And in the UK alone card fraud against merchants is up 4% to €130m since 2013, according to Financial Fraud Action which is the body co-ordinating the fight against fraud for the UK's financial services industry, Europe's largest. But card fraud from the UK against international merchants is up a massive 48% to €75m! If we take what's happening in the UK as an example of a general trend - and Europol believes it is a general trend - it clearly shows that criminals see huge opportunities outside of their own countries. Clearly, crooks are happy to travel, at least with their fingers.
It's easy to understand why fraudsters have been able to get away with their deceitful habit for so long. Police forces and criminal justice systems tend to be organised along national lines and are focused on domestic problems. International crime only gets attention when it involves terrorism or huge amounts of drugs or money.
So when you have crime that crosses national boundaries involving no violence and only a relatively small amount of money - the price of a plane ticket - it's seen as a thorny problem that's hardly worth solving. Until now.
Just look at the all-too-real complexity of a typical fraud case and you can see why it's such a headache for crime fighters.
Credit card data issued in Country A is stolen and used for a flight booking purchased in Country B for a passenger in Country C booking with an airline based in Country D for a flight with a partner airline in Country E ending in Country F. Add to this that the airline in Country D may use a bank based in Country G.
So where does the crime take place? In which country should the fraudster face charges? And how do you gather evidence from a cross-border crime trail that will be accepted by a national court?
The Beginning of the Fight Back
In the early years of card fraud, airlines looked upon fraud as a minor nuisance, a flea bite. It was easier to refund the occasional airline ticket to an innocent victim than to incur the costs of setting up a department to combat it.
But as instances of card fraud grew it could no longer be ignored. Airlines began to keep records of names and email addresses associated with bad bookings. Analysts were employed to monitor bookings and check a random sample against the bad bookings list.
Alternative payment methods are attractive, but don’t forget to assess key issues. There are specific challenges, be it for system integration or fraud management that airlines need to address as they go for alternative payment methods. Airline Information’s Ritesh Gupta assesses 5 key issues.
A seamless buying experience is one that offers a travel shopper convenience, ease of use, and security. And an integral part of such experience is the preferred mode of payment. Merchants are trying to simplify transactions, for example, eradicating the need for usernames and passwords each time one pays. The industry is moving toward single touch payment experience via apps. While a passenger may have plenty of choices today to complete a transaction, it also means that airlines can’t afford to slip of any new mode of payment.
For instance, consider the talk about Apple Pay transactions and a consumer wallet experience for native iOS apps. The buzz is unmistakable, and airlines need to swiftly assess how to remove the friction from the mobile buying experience. In fact, travel suppliers have to be prompt enough to inform consumers about any new payment, be it for value of electronic currency, bitcoin, or Apple Pay transactions.
During the 3rd edition of ATPS APAC 2014 conference, held recently in Singapore, it emerged that global e-transaction payment mix is evolving considerably in the airline sector. According to Linus Goh, business development director, Asia Pacific at WorldPay, spend on alternative payments and cards is expected to trade places by 2017. Alternative payment methods will account for 59% of all transactions by 2017!
Here we explore 5 key issues pertaining to alternative payment methods:
One of the major impacts of smartphones in the payment arena is speed with which can pay. The promise of completing a transaction in less than a minute has been around for a while. This is exerting pressure on airlines, hotels and intermediaries as no one can afford to drop their conversion rates.
In case of HotelQuickly, a mobile specialist intermediary based in Hong Kong, the processing time for a payment came down from 7 seconds to 3 seconds when the company switched over to PayPal instead of another payment service provider. “The main reason (behind the switch) is that the previous merchant bank slowed down the process,” shared Mario Peng, co-founder and CFO, HotelQuickly.
From a company’s perspective that specialises in transactions via a mobile app, Peng mentioned that entities can face several mobile inbound payment challenges. These include: payment outside of app, network stability, and speed. The team not only looked at associated costs as it attempted to find a solution. It also considered several factors such as currencies, and faster processing. At the same time, HotelQuickly also sorted out several outbound payment complexities (pertaining to dealing with hotels), such as administrative costs, human errors and fraud. Peng referred to a chained payment solution: Immediate and automated payment to PayPal account of hotel, and no follow-up for failed card, wrong amount charged, double charging, or fraud.
Both OTAs and airlines have been news for accepting crypto-currency bitcoin. OTA CheapAir.com, which crossed the $1.5 million mark for sales of flights and hotels in bitcoin a couple of months ago, acknowledges that Bitcoin is in its nascent stages and it’s subject to all of the fluctuations in value. But it is a promising option, working in favour of consumers for several reasons.
CheapAir.com recently mentioned in one of its blog postings: “We think the online legacy payment systems are ridiculously unwieldy – customers must fill out long forms, sharing personal information like their address and credit card security codes just to make a simple purchase and all of this complexity does not eliminate fraud.”
As for a bitcoin transaction, this method is being considered to be hassle free. It also paves way for transparency by removing hidden fee, such as 3% cost to process credit card transactions.
As Waqas explains, for any airline, the transactions happen globally from various sources- own offices, agents, BSPs etc. “ Having different gateway channels and multiple integrations create problems in maintenance, duplication of efforts and complexities in tracking the transactions. (It is) preferred to have one gateway wherein all channels can be routed through. There will be a need to develop one integration,” he says.
The sector needs to look at how shift of fraud to mobile channel is shaping up. This is clear need for stronger inspection and tailored fraud rules. One needs to look at fraud implications due to issues pertaining to 3DS authentication. Also, fraud varies by channel web, mobile and phone. Organizations today have to plan for fraud data and act on all available data when implementing fraud rules.
If you are keen on learning and debating about the latest developments in the arena of travel payments and fraud, then join us at Airline Information’s 8th Global Airline & Travel Payments Summit - ATPS 2014 scheduled to take place in San Francisco (3-4 December, 2014).
Airline Information recently ran a webinar with Jumio: How Fraudsters Steal Identities: and how to stop them from booking on your site. Hosted by Jumio's Marketing Director, David Pope, with Airline Information's Michael Smith, this webinar explained the research that went into Jumio's Fraudsters' Playbook white paper. It covered:
The Wi-Fi crack: Savour the smell of freshly roasted coffee
The local government census: The fraudster always knocks twice
Social media techniques: My virtual friend, the real life fraudster
The loyalty discount offer: If it looks too good to be true...
The Fraud Forums: Pop to the market and use the retailers’ own data
With the airline & travel industry being one of the largest targets for fraudsters and because this webinar was so entertaining and informative, we wanted to make it available to those who missed it. You can watch the presentation and listen to the webinar below:
You can also access the Fraudsters Playbook white paper here: https://pages.jumio.com/webinar-Airline-Information-FP-Downloads.html
Ai Editorial by Christopher Staab, Managing Partner Americas, Airline Information
3-D Secure, also known as Verified by Visa, MasterCard Secure Code, JCB J/Secure, and American Express SafeKey, is a fraud prevention initiative launched by card schemes. Its intention is to improve the security of Internet payments and provide a shift of liability in case of fraudulent transactions.
In the airline industry, 3-D Secure is causing a classic struggle between airline Finance Departments and Sales & Marketing Departments. Finance tends to like 3-D Secure due the liability shift and the lower merchant service charges (MSC), whereas Sales & Marketing tend to dislike 3-D Secure, as it is seen to have a negative impact on online conversion rates, decreasing sales.
However, most Airlines already know that not all transactions have the same risk. For example, most top tier elite frequent flyer members booking the same route can, generally, be relied upon to be genuine.
Research by the PSP Adyen also showed that 3-D Secure in the USA will lead to a decrease in conversion of 45%, whereas mandating 3-D Secure in India actually increases conversion by 30%. More markets are shown in the graph below:
Adyen has therefore developed Dynamic 3-D Secure to apply 3-D Secure (or not apply it) based on the characteristics of each payment transaction! To find out more about Dynamic 3-D Secure, as well as other fraud prevention measures, we invite you to join the Airline & Travel Payments Summits.
Ai Editorial from Chris Staab, Managing Partner, Airline Information
According to a 2010 article in the New York Times, hotels account for nearly one third of the world's cases of credit card fraud! And by most accounts, the situation has not improved in the last few years. How long before credit card acquirers, the credit card networks, government regulatory agencies and hotel customers demand change from the hotel industry on how it handles credit card data?
The root of the problem appears to be the hotel franchise model, leading to a lack of credit card security and poor procedures. Maintaining brand-wide credit card security standards when there are thousands of franchises, many of whom have properties in multiple brands, has proved an impossible task to date. How often have you seen hotel front desks making physical copies of your credit card at check-in, as well as asking for a copy of your ID or passport? This information can then easily fall into wrong hands and is hardly PCI compliant. Combine this with low pay leading to the temptation for hotel staff to steal card and personal data and it's a card security nightmare! A particular target is the cards of American customers who don't have chip-and-pin (EMV), making them easily cloned for card present fraud. Corporate wide, hotel chains have also had a history of poor data security, having faced several well-publicized data breaches of card information.
I am a perfect example of this problem. In the last 5 years, I have been the victim of credit card fraud on half a dozen occasions- all stemming from the use of my card at hotels. Now when I travel to many countries, I use my card only at the hotel front desk, where it is required. Two years ago in Chile, I only used my card at check-in to a 5-Star major international hotel brand property and my card was compromised. The previous year, I fell victim to the well-publicized Wyndham hack and my card was used to purchase $10,000 in furniture in China. Unfortunately, I also had organized several events in Wyndham properties (including the Airline & Travel Payments & Fraud Summit!) around the time of this breach of security and many of our customers were also affected.
So, returning to my original question, for how long can hotels contribute more to global credit card fraud versus any other industry?
The issue may be resolved as hotels themselves are also increasingly becoming victims of fraud, which will hopefully result in better procedures. Hotels face friendly fraud in the form of charge-backs at very high rates, while online the problem is increasing quickly, as hotels are offering more and more prepaid rates via their own websites. This has made them increasingly the victims of the use of stolen credit cards.
Hotels as both victims and contributors to fraud will be discussed at our upcoming ATPS & Fraud Events. You can find out more about all of these events at www.AirlineInformation.org/events. And, think twice the next hotel you check into a hotel about the security of your credit card details!