Airlines' plan to show card fraudsters the exit takes off
A quite extraordinary revolution has been taking place in our skies in the last few years. And it's the good guys who are getting the upper hand, writes Ciaran Nagle. International crime has been growing rapidly over the last couple of decades, according to all the research.
And it's no surprise that one of the industries where crime has been accelerating the fastest is one which by its very nature involves much crossing of borders, air travel.
But air travel has attracted not just any old criminal. It's a very particular type of law-breaker that's decided to pick the pockets of this industry: the credit card fraudster. Credit card fraud is on the rise again after peaking in 2008. Security controls introduced at that time had a very positive effect. But fraudsters are again adapting their methods to the new online environment.
48% Increase in International Card Fraud
What's interesting now is the difference between national and international fraud growth. In Europe, total card fraud is netting criminal gangs €1.5Bn annually. And in the UK alone card fraud against merchants is up 4% to €130m since 2013, according to Financial Fraud Action which is the body co-ordinating the fight against fraud for the UK's financial services industry, Europe's largest. But card fraud from the UK against international merchants is up a massive 48% to €75m! If we take what's happening in the UK as an example of a general trend - and Europol believes it is a general trend - it clearly shows that criminals see huge opportunities outside of their own countries. Clearly, crooks are happy to travel, at least with their fingers.
It's easy to understand why fraudsters have been able to get away with their deceitful habit for so long. Police forces and criminal justice systems tend to be organised along national lines and are focused on domestic problems. International crime only gets attention when it involves terrorism or huge amounts of drugs or money.
So when you have crime that crosses national boundaries involving no violence and only a relatively small amount of money - the price of a plane ticket - it's seen as a thorny problem that's hardly worth solving. Until now.
Just look at the all-too-real complexity of a typical fraud case and you can see why it's such a headache for crime fighters.
Credit card data issued in Country A is stolen and used for a flight booking purchased in Country B for a passenger in Country C booking with an airline based in Country D for a flight with a partner airline in Country E ending in Country F. Add to this that the airline in Country D may use a bank based in Country G.
So where does the crime take place? In which country should the fraudster face charges? And how do you gather evidence from a cross-border crime trail that will be accepted by a national court?
The Beginning of the Fight Back
In the early years of card fraud, airlines looked upon fraud as a minor nuisance, a flea bite. It was easier to refund the occasional airline ticket to an innocent victim than to incur the costs of setting up a department to combat it.
But as instances of card fraud grew it could no longer be ignored. Airlines began to keep records of names and email addresses associated with bad bookings. Analysts were employed to monitor bookings and check a random sample against the bad bookings list.
Alternative payment methods are attractive, but don’t forget to assess key issues. There are specific challenges, be it for system integration or fraud management that airlines need to address as they go for alternative payment methods. Airline Information’s Ritesh Gupta assesses 5 key issues.
A seamless buying experience is one that offers a travel shopper convenience, ease of use, and security. And an integral part of such experience is the preferred mode of payment. Merchants are trying to simplify transactions, for example, eradicating the need for usernames and passwords each time one pays. The industry is moving toward single touch payment experience via apps. While a passenger may have plenty of choices today to complete a transaction, it also means that airlines can’t afford to slip of any new mode of payment.
For instance, consider the talk about Apple Pay transactions and a consumer wallet experience for native iOS apps. The buzz is unmistakable, and airlines need to swiftly assess how to remove the friction from the mobile buying experience. In fact, travel suppliers have to be prompt enough to inform consumers about any new payment, be it for value of electronic currency, bitcoin, or Apple Pay transactions.
During the 3rd edition of ATPS APAC 2014 conference, held recently in Singapore, it emerged that global e-transaction payment mix is evolving considerably in the airline sector. According to Linus Goh, business development director, Asia Pacific at WorldPay, spend on alternative payments and cards is expected to trade places by 2017. Alternative payment methods will account for 59% of all transactions by 2017!
Here we explore 5 key issues pertaining to alternative payment methods:
One of the major impacts of smartphones in the payment arena is speed with which can pay. The promise of completing a transaction in less than a minute has been around for a while. This is exerting pressure on airlines, hotels and intermediaries as no one can afford to drop their conversion rates.
In case of HotelQuickly, a mobile specialist intermediary based in Hong Kong, the processing time for a payment came down from 7 seconds to 3 seconds when the company switched over to PayPal instead of another payment service provider. “The main reason (behind the switch) is that the previous merchant bank slowed down the process,” shared Mario Peng, co-founder and CFO, HotelQuickly.
From a company’s perspective that specialises in transactions via a mobile app, Peng mentioned that entities can face several mobile inbound payment challenges. These include: payment outside of app, network stability, and speed. The team not only looked at associated costs as it attempted to find a solution. It also considered several factors such as currencies, and faster processing. At the same time, HotelQuickly also sorted out several outbound payment complexities (pertaining to dealing with hotels), such as administrative costs, human errors and fraud. Peng referred to a chained payment solution: Immediate and automated payment to PayPal account of hotel, and no follow-up for failed card, wrong amount charged, double charging, or fraud.
Both OTAs and airlines have been news for accepting crypto-currency bitcoin. OTA CheapAir.com, which crossed the $1.5 million mark for sales of flights and hotels in bitcoin a couple of months ago, acknowledges that Bitcoin is in its nascent stages and it’s subject to all of the fluctuations in value. But it is a promising option, working in favour of consumers for several reasons.
CheapAir.com recently mentioned in one of its blog postings: “We think the online legacy payment systems are ridiculously unwieldy – customers must fill out long forms, sharing personal information like their address and credit card security codes just to make a simple purchase and all of this complexity does not eliminate fraud.”
As for a bitcoin transaction, this method is being considered to be hassle free. It also paves way for transparency by removing hidden fee, such as 3% cost to process credit card transactions.
As Waqas explains, for any airline, the transactions happen globally from various sources- own offices, agents, BSPs etc. “ Having different gateway channels and multiple integrations create problems in maintenance, duplication of efforts and complexities in tracking the transactions. (It is) preferred to have one gateway wherein all channels can be routed through. There will be a need to develop one integration,” he says.
The sector needs to look at how shift of fraud to mobile channel is shaping up. This is clear need for stronger inspection and tailored fraud rules. One needs to look at fraud implications due to issues pertaining to 3DS authentication. Also, fraud varies by channel web, mobile and phone. Organizations today have to plan for fraud data and act on all available data when implementing fraud rules.
If you are keen on learning and debating about the latest developments in the arena of travel payments and fraud, then join us at Airline Information’s 8th Global Airline & Travel Payments Summit - ATPS 2014 scheduled to take place in San Francisco (3-4 December, 2014).
Airline Information recently ran a webinar with Jumio: How Fraudsters Steal Identities: and how to stop them from booking on your site. Hosted by Jumio's Marketing Director, David Pope, with Airline Information's Michael Smith, this webinar explained the research that went into Jumio's Fraudsters' Playbook white paper. It covered:
The Wi-Fi crack: Savour the smell of freshly roasted coffee
The local government census: The fraudster always knocks twice
Social media techniques: My virtual friend, the real life fraudster
The loyalty discount offer: If it looks too good to be true...
The Fraud Forums: Pop to the market and use the retailers’ own data
With the airline & travel industry being one of the largest targets for fraudsters and because this webinar was so entertaining and informative, we wanted to make it available to those who missed it. You can watch the presentation and listen to the webinar below:
You can also access the Fraudsters Playbook white paper here: https://pages.jumio.com/webinar-Airline-Information-FP-Downloads.html
Ai Editorial by Christopher Staab, Managing Partner Americas, Airline Information
3-D Secure, also known as Verified by Visa, MasterCard Secure Code, JCB J/Secure, and American Express SafeKey, is a fraud prevention initiative launched by card schemes. Its intention is to improve the security of Internet payments and provide a shift of liability in case of fraudulent transactions.
In the airline industry, 3-D Secure is causing a classic struggle between airline Finance Departments and Sales & Marketing Departments. Finance tends to like 3-D Secure due the liability shift and the lower merchant service charges (MSC), whereas Sales & Marketing tend to dislike 3-D Secure, as it is seen to have a negative impact on online conversion rates, decreasing sales.
However, most Airlines already know that not all transactions have the same risk. For example, most top tier elite frequent flyer members booking the same route can, generally, be relied upon to be genuine.
Research by the PSP Adyen also showed that 3-D Secure in the USA will lead to a decrease in conversion of 45%, whereas mandating 3-D Secure in India actually increases conversion by 30%. More markets are shown in the graph below:
Adyen has therefore developed Dynamic 3-D Secure to apply 3-D Secure (or not apply it) based on the characteristics of each payment transaction! To find out more about Dynamic 3-D Secure, as well as other fraud prevention measures, we invite you to join the Airline & Travel Payments Summits.
Ai Editorial from Chris Staab, Managing Partner, Airline Information
According to a 2010 article in the New York Times, hotels account for nearly one third of the world's cases of credit card fraud! And by most accounts, the situation has not improved in the last few years. How long before credit card acquirers, the credit card networks, government regulatory agencies and hotel customers demand change from the hotel industry on how it handles credit card data?
The root of the problem appears to be the hotel franchise model, leading to a lack of credit card security and poor procedures. Maintaining brand-wide credit card security standards when there are thousands of franchises, many of whom have properties in multiple brands, has proved an impossible task to date. How often have you seen hotel front desks making physical copies of your credit card at check-in, as well as asking for a copy of your ID or passport? This information can then easily fall into wrong hands and is hardly PCI compliant. Combine this with low pay leading to the temptation for hotel staff to steal card and personal data and it's a card security nightmare! A particular target is the cards of American customers who don't have chip-and-pin (EMV), making them easily cloned for card present fraud. Corporate wide, hotel chains have also had a history of poor data security, having faced several well-publicized data breaches of card information.
I am a perfect example of this problem. In the last 5 years, I have been the victim of credit card fraud on half a dozen occasions- all stemming from the use of my card at hotels. Now when I travel to many countries, I use my card only at the hotel front desk, where it is required. Two years ago in Chile, I only used my card at check-in to a 5-Star major international hotel brand property and my card was compromised. The previous year, I fell victim to the well-publicized Wyndham hack and my card was used to purchase $10,000 in furniture in China. Unfortunately, I also had organized several events in Wyndham properties (including the Airline & Travel Payments & Fraud Summit!) around the time of this breach of security and many of our customers were also affected.
So, returning to my original question, for how long can hotels contribute more to global credit card fraud versus any other industry?
The issue may be resolved as hotels themselves are also increasingly becoming victims of fraud, which will hopefully result in better procedures. Hotels face friendly fraud in the form of charge-backs at very high rates, while online the problem is increasing quickly, as hotels are offering more and more prepaid rates via their own websites. This has made them increasingly the victims of the use of stolen credit cards.
Hotels as both victims and contributors to fraud will be discussed at our upcoming ATPS & Fraud Events. You can find out more about all of these events at www.AirlineInformation.org/events. And, think twice the next hotel you check into a hotel about the security of your credit card details!
In preparing for the Airline and Travel Payment Summit in Toronto on the 12/13th of October 2011, one of the themes that keeps emerging is payment surcharging. In the UK, where I am based, this practice very advanced, but it's also one which the regulators are also looking at closely.
Although Ryanair is registered in Ireland, it does a lot of business in the UK and it's at the forefront of surcharging here. However, they are not alone. You might be surprised to learn that Lufthansa and American Airlines are also surcharging on their own UK websites for credit card payments.
Here is a chart of airlines charging credit card surcharges in the UK market: