First Published, 1st April 2016
Ai Editorial: Amtrak took a cautious, slow approach to 3D Secure deployment due to wide industry perception of negative customer impact. Ai’s Ritesh Gupta understands how the company eventually succeeded in its endeavour.
How can one astutely balance the benefits of 3D Secure and at the same curtail the risk of checkout abandonment?
In order to understand how Amtrak, the U. S-based passenger rail service provider with the reputation of carrying more than 30 million passengers for each of the past five years, has gone about embracing 3D Secure, we spoke to Amtrak’s Payment Security Manager, Rick Ziolkowski. He was joined by CardinalCommerce’s VP, Consumer Authentication, Michael Roche for a detailed insight into the journey and experience of handling 3D Secure.
Ai: Can you share the experience of deploying 3-D Secure? What did you discover, learn and how you ended up having a desired control over the situation?
Rick Ziolkowski: The one thing I learned to appreciate about 3D Secure is that it is unlike other payment fraud prevention solutions. Its code is embedded in the authorization message all the way through settlement. The process transits across multiple parties and servers. It’s imperative to have a vendor with deep experience in overseeing the development, troubleshooting and monitoring of the service and as an advocate between various third parties.
Michael Roche: The data elements retrieved from the authentication are sent across the networks to the Issuer. This allows Issuers to adjust their authorization risk settings and tie the authorization to the authentication. Issuers who have deployed a Risk Based Authentication (RIBA) system will challenge transactions that seem suspect. This allows them to flush out fraudsters and avoid false-positive declines. What this means is that before authorization they can identify risk. Based on the risk level they are then able to challenge the consumer with knowledge based questions or one-time pin numbers sent via SMS.
Fraud isn’t the biggest problem online. Just ask yourself, how many times has your card been stolen to make online purchases. Now, compare that to the times your card was declined incorrectly and maybe even locked while trying to buy online. The fraud problem is causing the false positive problem at astronomical levels. Merchants, Acquirers and Issuers decline far more good transactions than bad. The end to end interoperability of 3D Secure eliminates the speculation once associated with CNP commerce.
No industry is affected more by false-positives than the travel industry. High ticket items along with the high potential for fraud results in the highest false-positives averages online. Amtrak was able to lean on this new found component of the 3D Secure protocols to not only cut fraud but also increase sales. There’s a way to do this, but you need to have the right tools. You can't just go to market with a vanilla 3-D Secure MPI provider and expect it to work.
Ai: So can you talk about Amtrak’s approach?
Rick Ziolkowski: Amtrak took a cautious, slow approach to 3-D Secure deployment due to wide industry perception of negative customer impact. Unlike most fraud service solutions that focus on risk, we focused primarily on the customer impact as our deployment model.
We used the BIN behavior model from CardinalCommerce to identify those issuers who would never challenge (roughly 30% of volume). We expanded to risked based authentication issuers who rarely challenge (increasing to around 60%). The results were so compelling that we eventually phased in 100% processing after our first year.
Michael Roche: Amtrak was an early adopter of our Cardinal Consumer Authentication (CCA) Services+ system. With a phased approach we slowly introduced Cardinal Consumer Authentication (CCA) and the 3-D Secure protocols to their consumer base. Using advanced analytics we were able to hone in and the optional rule sets which would result in the best possible consumer experience, highest levels of liability shift, and the maximum net/net increase in sales. That increase in sales was a result of increased authorizations at the issuers and fewer declines within their internal risk systems.
We recently hit our goal of complete roll out.
Unfortunately even many of our travel clients are going at a much slower pace because of infrastructure problems within the legacy travel booking systems.
Rick Ziolkowski: The key to full 3D Secure optimization and effectiveness is to take advantage of the liability shift rule and to front load 3D Secure into your risk model.
Michael Roche: Correct. There are vanilla 3D Secure MPI providers out there, they promote a RIBA approach at the merchant. This means they advise their merchants only to send through high-risk traffic they flag to the 3D Secure networks. RIBA is a useful approach with issuers but an ineffective approach with merchants.
Our Cardinal Consumer Authentication (CCA) product runs on a Rules Based Authentication (Merchants) backbone where merchants only send us all their traffic to us before any fraud screening has been done. We then take each transaction and compare it to a predetermined rule set created by the merchant based on the issuer and what authentication approach being used.
There is still massive problem globally with many issuers who have not implemented the RIBA approach being pressured from the networks. Our solution eliminates these from the merchant domain. In essence, what many vanilla MPI providers are doing is only reducing the historical problems with the 3D Secure protocols to a smaller set of high-risk transactions. This is evident in their numbers as their travel merchants get less and less benefit and are sending fewer transactions to the networks.
Our merchants “front-end” load 3D Secure and use its result within their risk engines, to create superior risk assessment because we can ascertain the risk level from a RIBA issuer. This yields the highest amount of benefits minus the historical problems associated with cart abandonment that has plagued the protocols courtesy of less advanced issuers.
Ai: What would you like to highlight in terms of performance metrics with 3D Secure?
Rick Ziolkowski: Traditional fraud prevention solutions are evaluated on a balance between fraud reduction, at the cost of customer friction (also known as the insult rate). The fraud department was in a constant battle with the sales department over finding the right balance to the company’s risk tolerance. The more that the fraud solution expanded into overall sales volume, the more that valid customer insults would typically occur.
That all changed in 2012 when the card brands provided full liability protection on fraud chargebacks for successful 3D Secure transactions. As a result, the fraud prevention rate became a known constant at 100%. This allowed us to focus solely on the customer friction area and control this tolerance level.
CardinalCommerce has developed a BIN behavior profile on how issuers react to 3D Secure transactions. They have developed several behavior ranges from “never challenge, no friction” to “new activation, high friction”. Amtrak deployed its 3D Secure service in a phased approach from lowest to highest customer friction.
A key tool to our success was the development of a fraud rule bypass when we received full 3DS authentication. Taking advantage of the full fraud liability protection, we simply ignored all legacy fraud rules. The result was a 99.85% acceptance rate, significantly better than the airline industry 96.3% acceptance rate.
And the fraud prevention results? We are now below one basis point of fraud to sales when using 3D Secure.
Michael Roche: Essentially Amtrak outsources their fraud screening to issuers and by doing so, they get full liability shift from fraud, higher authorizations levels with that issuer, and a superior data set that allows them to reduce their friction they expose to the consumer. All of this results in eliminating the massive false-positive problem. In the US especially there are several antiquated friction-inducing fraud tools like AVS and CVV2 checks. For certain traffic, merchants remove these checks and lean on issuers to screen the transactions. Amtrak did this, and their fraud rates didn't increase, they went down even further. Far below any other travel merchant globally.
Ai: How did Amtrak chose to deploy 3D Secure differently?
Rick Ziolkowski: Front loading 3D Secure into the risk model and creating a fraud rule bypass were the two critical elements of our success. Using the BIN behavior model also allowed us to carefully manage and evaluate the program’s deployment cycle. Additionally, we developed some customized Key Performance Indicators (KPI) reporting to provide more detail into both the chargeback and the customer impact areas.
Ai: So why many merchants are not seeing a certain level of success?
Rick Ziolkowski: Merchants need to recognize that 3D Secure is unlike any other fraud prevention tool in the merchant’s arsenal. They need to fully take advantage of the 100% fraud liability shift and front load it into their overall fraud risk modeling ecosystem. There is no need to apply any additional friction to a fully authenticated 3DS transaction. The benefits realized are a low cost, streamlined and low maintenance process for merchants. Legacy rules and their costs can be greatly reduced or eliminated, adding further value to 3D Secure. Challenge units, analysts and risk model areas can have staff migrate to other areas of fraud prevention.
Merchants also need to ensure that their KPI accurately reflects only 3D Secure service results. There is opportunity for KPI results to become cross pollinated with other fraud screening tools or rules, especially if the service is only being utilized based on risk rules. We take great care to ensure that all risk rules are evaluated independently via A/B testing and detailed reporting.
Ai: How can 3D Secure be applied only to high-risk transactions, based on data customized to the airline?
Rick Ziolkowski: The traditional fraud risk management model was to apply various fraud rules and solutions from the highest risk transactions down to a level of acceptable risk tolerance versus customer friction. These would generally be applied in a waterfall/cascading design from the most effective solutions downward. The assumption being that what might have been missed by the first pass would be detected in preceding ones. At some point, you reach a point of diminishing return in which the rule has less effective and more harmful to card acceptance. 3D secure turns that traditional concept on its head. Due to the 100% liability shift for merchants, there is no need to incorporate other fraud prevention tools or rules. Also, the expanded customer data provided to issuers during authentication makes many of these legacy tools redundant.
I want to emphasize that if a merchant is only applying 3D Secure to high risk transactions, or applying after other fraud screening tools, they will not see the full benefit of reducing customer impact. In turn, they will never achieve full optimization of 3D Secure because their legacy model will be holding it back from reducing customer friction.
Ai: It is said that 3D Secure is not a complete fraud management program. Your comments on this?
Rick Ziolkowski: Although an e-commerce merchant using a fully optimized 3D Secure will see industry leading results on both fraud reduction and card acceptance, there is still the need for robust monitoring, detection and prevention. Merchants should always look at fraud risk in a holistic, enterprise wide view. Criminals will always exploit the weakest link. Where 3D Secure protects transaction fraud and should be considered a cornerstone of any payment security program, a merchant still needs to focus on other aspects of revenue abuse such as refunds, loyalty rewards, coupons, gift certificates, etc.
Learn more about the latest developments in the arena of digital payments at the upcoming 10th Annual Airline & Travel Payments Summit, scheduled to place in Barcelona, Spain (26-27 April, 2016)
For more information, click here
First Published, 14th March 2016
Ai Editorial: When one-click mobile transaction fails to go through, it shows a brand in poor light as one is used to accomplishing tasks quite swiftly on such devices, writes Ai’s Ritesh Gupta
A task on a mobile device at times is all about “a tap or one-time touch”. This also includes completing a mobile transaction in a jiffy. If all works well, the chances are we would indulge more in mobile shopping, as nothing can take away the impulsiveness or convenience of buying products via a mobile phone.
But this always doesn’t work out the way we desire.
I do end up abandoning a buy or an in-app purchase when it takes too much time (blame it on the home Internet Wi-Fi connection despite having a supposedly fair download speed plan) or there is a complex issue related to acceptance of my preferred payment option.
I have been availing Uber cab hailing service. I love the Uber interface, but struggled with a recent journey.
Till last year my credit card details were stored, but I deleted them once Uber started offering the cash option (in India). On another note, I also downloaded Paytm wallet app recently.
When I tried booking a cab via Uber last week, a message flashed, stating “balance not sufficient”. Post this I filled in my credit card details for a deposit of Rs. 1000/- or $15. I thought it would be a sort of a guarantee for my trip, in case I don’t pay cash. But even though I was instructed not to leave the app, I received a short message from my mobile operator about addition of Rs. 1000/- in my Paytm Wallet. As for the taxi that I was trying to book, I was stuck within the app environment of Uber, and eventually I decided not to book. It was quite disappointing as the fare was to last only for few minutes.
So why didn’t the payment go through? May be Paytm wallet was designated as the payment option – may be by default. But the point is the app should show me an option to pay via cash at the time of booking, as it is quite convenient. As for the amount, it started reflecting as the balance under Paytm Wallet section of Uber.
When a user is asked to share credit card details against the time limit of a certain fare or a deal/ package, one would expect the transaction to come through. Also if the card details are stored in a safe environment, still if one-click payment option doesn’t work out in the check-out phase, it again disappoints.
Non-UX related one-click payment issues
One-click payment isn’t only about streamlining the user experience (UX) or integration issues (say a travel ecommerce app with a mobile wallet).
Be it for the Asia Pacific region or Europe, there are significant regulatory, regional and technological hurdles to deal with.
If we talk of Europe, there are a set of rules and standards for the execution of Single Euro Payments Area (SEPA) or SEPA payment transactions that have to be followed by adhering payment service providers.
The realisation of SEPA called for a settlement on a general set of data to be exchanged in a common syntax.
As for merchants, there are several factors to be considered before they offer choice for paying to consumers. Optimizing reach and conversion, and at the same time costs of payments being kept low is of paramount importance. With the introduction of SEPA, it is being pointed out that caps on multilateral interchange fees will bring down fee for merchants.
Importantly, in order to facilitate cross-border sales and fuel the usage of one-click buy via mobile devices, specialists refer to interoperability. This would require a uniform e-identification system that can pave way for a relatively swifter exchange of information.
But the concept of cross-border remains a practical challenge, for instance in Asia.
Prasanna Veeraswamy, VP – Products at hotel booking mobile app HotelQuickly, referred to cross border payment instrument acceptance and payment while travelling as a major hurdle. Citing an example, he said, “It is so difficult to use a Singapore-based American Express card while you are travelling in Thailand, as a One Time Password (OTP) will be send to your home phone which you would not want to turn on while roaming internationally. A lot of times foreign payment instruments are not recognized locally too.”
New devices, new developments
Merchants can’t rest, and need to keep an eye on new devices.
It is clear that the evolving landscape has brought in new stakeholders into the payments ecosystem.
Veeraswamy referred to the following developments:
· Payment using wearable devices – There are new possibilities that are shaping up, for example, chips being used in conjunction with standard NFC modems in wearables. This protects users’ sensitive data and assists in secured contactless transactions. MasterCard is already working on plans to take payments to a gamut of fitness bands, smart watches and other wearable devices. Barclaycard has also unveiled several new wearable payment devices, with each device featuring contactless payment technology and to be powered by a secure digital wallet.
· Messaging based payments - LIINE, WeChat, Whatsapp and Snapchat.
· OTP or one-time password kind of security moving to messaging platforms rather than SMS.
· Cross platform wallets that will be a merger of Apple Pay and Android Pay - one wallet that works across all platforms.
As witnessed with existing payment options and devices, the readiness of devices to support one-click payments is going to hold the key. It all seems exciting, but one shouldn’t forget the significance of simplicity and security. Otherwise any promise looks like a fancy feature, and has an adverse impact on the brand.
The ideal one-click mobile payment solution should manage identification securely and instantly, support all cross-border payment methods preferred by consumers, and when a user is in the middle of a transaction there is a need to combat practical challenges to minimize the chances of abandonment.
Learn more about the latest developments in the arena of digital payments at the upcoming 10th Annual Airline & Travel Payments Summit, scheduled to place in Barcelona, Spain (26-27 April, 2016)
For more information, click here
Follow Ai on Twitter: @Ai_Connects_Us
Ai Editorial: A mobile wallet is capable of addressing challenges related to the cost of payment, merchant fraud liability and the speed of checkout. Ai’s Ritesh Gupta assesses how airlines can embrace such emerging option smoothly
First Published 8th February 2016
The task of dealing with emerging payment options can’t be ignored. For instance, Apple Pay’s issuer total is already beyond 825 or so. As concerns pertaining to whether transactions via this mode are sizable enough or not get reduced, the focus is on ascertaining how to make the most of mobile wallets’ simplicity/ user experience or role in the booking funnel.
Airlines have to work out a way to handle proprietary functions and features of each of emerging mobile wallets, and this is in addition to existing multiple payment methods as well as sales channels.
As a specialist, Denmark-based Vivek Bhatnagar, VP Presales and Solution Architecture, CellPoint Mobile points out that the primary challenge for airlines is to understand that there is no unified approach to improving or prioritizing the complex, costly and constantly changing payments ecosystem, and that challenge exists for any merchant or retailer. He says no single payments vendor can solve the complex jigsaw puzzle with a comprehensive solution.
Whenever a new payment method like Apple Pay, Android Pay or Samsung Pay launches an airline or a merchant needs to talk to their PSP or acquirer to support the same and the foresaid payment method may or may not be the immediate priority of the PSP or acquirer. However, if the airline has its own payment layer then it can connect to the PSP which supports the payment method or even connect to the acquirer that supports the payment method directly.
As a result, as Bhatnagar also asserts, it’s imperative for airlines to have a thin but feature-rich and agile payments layer within the enterprise that can talk to or integrate with best-in-class external solutions.
With that flexible framework in place, airlines can enable easy on-boarding, omni-channel payments, multiple PSP/acquirer connectivity, independently stored PSP payments, APM aggregation and improved acceptance rates.
“Each of this features give the airline the agility that is required to increase and protect revenue in the new digital age where the battle will be fought on speed and service. For example, markets like Singapore/ China where Android is the prevalent Mobile OS, having Android Pay and omni channel responsive UI experience will be the make or break decision with regards to the success of your mobile payment strategy,” says Bhatnagar.
Fragmentation in mobile payments
Apple Pay, Android Pay and other alternate mobile payment methods are expected to pose a major challenge to PayPal. Even though there have been discussions around how a new entrant can enter the transaction pie that features the merchant, issuer, acquirer and the card scheme, value is being created for the consumer.
Ultimately, the mobile payments ecosystem is going to be very fragmented, and this fragmentation is a reality that airlines must embrace and support in order to provide a wider range of solutions that customers will most easily adopt.
Bhatnagar says merchants need to take control of their payment ecosystem by owning their own payments layer that can deal with the fragmentation.
“Having a thin agile payments layer will give merchants the flexibility to tap into various sources using similar technologies like XML,” says Bhatnagar.
This provides merchants with an insulation layer from the complex dependencies of supporting different mobile operating systems and payment mechanisms from multiple external providers.
According to specialists, in practice, merchants with their own payments layer have a distinct advantage over those relying on external providers as they are able to rapidly adopt new mobile payment methods, and develop the perfect cocktail of payment methods and providers that matches the needs of their customers and the markets they operate in.
From customer experience perspective, omni-channel enablement is what can make or and break a sale. Airlines must provide seamless booking and payment experiences across all channels to match passengers’ behavior. For example, a traveller might search for a fare on a laptop at work, compare options on a smartphone on the way home, and purchase a ticket on a table at home that evening. Omni-channel enablement makes that three-stage process a smooth one.
eWallets were invariably part of retail giants, such as Alipay (Alibaba) and PayPal (eBay).
But now the space is evolving, with bank and network wallets emerging (Visa Checkout, MasterPass and ChasePay).
Bhatnagar acknowledges that VISA, MasterCard, Amex and Chase are all getting into the e-wallet space.
He says, “The idea is to offer ease of payment and bring about one-click payment readiness to the payment process. Businesses like VISA and MasterCard want merchants to continue to visibly use their brands in the new era of payments and are therefore aligning with e-wallets.”
Talking of Apple, Samsung and Google, these organizations are trying to step up customer ‘stickiness’ by integrating their technology into their consumers’ everyday lives. What should airlines take note of with reference to Apple Pay, Samsung Pay and Android Pay? And what should airlines avoid as far as these applications are concerned?
“Airlines are primarily merchants and they should ‘endeavor to embrace’ and adopt a nimble, agile but reliable payments platform that enables a suite of solutions,” recommended Bhatnagar.
The good news is most of the streamlining has been done by the providers themselves, an approach that eases issues with traditional payments. “In our experience, a stored payment solution, when implemented with mobile-based APMs such as Apple Pay and Android Pay, can bring in considerable incremental sales via the respective mobile apps,” shared Bhatnagar.
Follow Ai on Twitter: @Ai_Connects_Us
Payments in omni-channel environment – what to watch out for in 2016
Ai’s Ritesh Gupta takes a detailed look at 13 key issues and developments, including IT infrastructure, NDC, data strategy, fraud, security etc. that airlines need to keep a tab on.
Mobile wallets, wearables, QR codes, in-store, self-pay kiosk, PC, tablets, bitcoin…the list of existing and emerging touchpoints and encompassing technology that can facilitate a transaction continued to get prolonged in 2015.
On top of this, the possibility of identifying a passenger every time they get in touch with a brand is forcing airlines, OTAs and the travel sector on the whole to go for a flawless payments strategy.
And the story doesn’t end there.
Customer experience, backed by data and analytics, is just one aspect. So if the choice of payment just the way a traveller needs is one side, evaluating legitimacy and tackling fraud in real-time is the other side.
So in 2016, airlines would need to act swiftly to keep up with the pace of change in this arena. Here we explore top developments and issues that are important for offering a sublime experience and fraud management:
Changing payment landscape: In its recent report titled, Omni-Channel Banking The Digital Transformation Roadmap , Efma & Backbase referred to disruptive climate of banking.
The report referred to what the likes of Apple (in possession of most consumer credit cards, growing iTunes ecosystem and Apple Pay), Google (Android Pay, sending money via Gmail) and PayPal (handling more international transfers than the top five banks put together) are up to.
There is a need to keep an eye on the functioning of banks, too. It is being highlighted that these organizations are currently in the experimentation or deployment phase of their omni-channel strategy.
Follow Ai on Twitter: @Ai_Connects_Us
Outsmarting a fraudster with machine learning
Machine learning automatically learns about new fraud patterns in real-time. Can it help in combating fraud? Ai’s Ritesh Gupta finds how it deals with fraudsters
Travel brands are keenly looking at fighting fraud, revenue leakage and also curtailing associated costs.
In the era of omni-channel commerce, where airlines and OTAs need to embrace various forms of payment methods, companies face fraud on multiple fronts: on top of credit card fraud, merchants must deal with fraudulent accounts, abuse of promotional codes, and spammy content on their websites, like fake reviews or phishing messages. So how to keep a tab on such bad online behavior?
As a specialist, Jason Tan, CEO, Sift Science says machine learning is supremely suited to catching all of this.
“Think about how much customer data travel companies have access to: email addresses, billing and shipping addresses, phone numbers, device fingerprints. You also have behavioral data: the actions a user takes on your site, like where they click and what selections they make,” says Tan, who presented during Ai’s The Airline & Travel Payments & Fraud Summit, held recently in Fort Worth, Texas.
Machine learning can quickly and efficiently digest information to identify patterns, so you can start to tell a story about who your users are and what their intent is. When patterns of real-time fraud are mapped against examples of past fraud, merchants can accurately predict when they’re seeing a good shopper or a malicious one – so they can block the fraudsters, or make it easier for good customers to buy.
For example, as Tan says, Amazon uses machine learning to identify its good users and offer them 1-click checkout – a completely frictionless experience.
Missing the bus
Tan categorically says if travel companies aren’t embracing machine learning for identifying the profile of fraudsters, then they're missing out on effective fraud prevention.
“Travel companies that resist implementing machine learning could instead be experiencing increased sales and better conversion rates by taking advantage of automation. You can use machine learning to create smart and dynamic checkout flows, where known good users can fly through purchasing, while additional friction points (in the form of cardholder verification) can be added for suspicious users,” he says.
Machine learning enables companies to automate aspects of fraud detection and make quicker decisions. Less time spent on manually reviewing orders means that companies reduce their overhead costs and can pass those savings along to their customers.
Consumers booking travel online expect their reservations to go through immediately. Travel companies don’t have the luxury of time; they need to automate parts of their fraud-detection process to stay competitive.
The team at Sift Science referred to several examples:
Dealing with a fraudster
The most effective machine learning applications can take in and return information instantaneously, says Tan.
He adds, “For example, say I’m a fraudster that uses an email address like email@example.com, and the business figures out that I’m bad because they get a chargeback. Through real-time offerings, jason123 is identified as a fraudster and the system immediately learns that people with 3 digits in their email address are more likely to be fraud. It doesn’t have to be jason123, it could be jason234, jason945, or fred579, but chances are good that those users are suspicious. So when I come back to that company’s site with firstname.lastname@example.org or another fake email address, I would immediately be flagged as “probably a fraudster”.”
Sift Science’s “secret sauce” is its network of customers that send terabytes of data to its servers.
“That means all of our customers can benefit from the same learnings – for example, if we detect a fraudster on one site, that user’s Sift Score (a measure of riskiness) will instantly update across the entire network, so other businesses can block him. This feature enables companies of all sizes and of all locations not only get an individually tailored fraud prevention system, but also stay ahead of new and changing fraud patterns as their customer base grows,” explained Tan.
The data that companies choose to share should be based on their unique businesses and needs. There will be some common fields like departure destination that whole industries share, but there may also be company-specific data.
Global players like Airbnb and HotelTonight are able to use any data points that they already collect in order to benefit from machine learning for fraud. Details like stay length, airplane seat selection, and travel route can offer insights on top of more obvious ones gained from personal traveler information. A flexible machine learning system can take any data you throw at it.
As for visualizing fraud connections, Tan says a bad user might be testing hundreds of credit card numbers or have thousands of fake accounts on your site. “Using the data pulled from every order or transaction sent to Sift Science, we map out the suspicious signals that any given user or order shares with others.”
These connections help to identify why a user might be fraudulent, as well as allow merchants to proactively block users linked to past bad behavior.
It is imperative for travel companies to ensure that attacks don’t affect credit card data as well as any other personal passenger data.
Unfortunately, it’s getting harder and harder for companies to “ensure” that data stays secure.
Data breaches will soon be the new normal, says Tan.
“Although machine learning can’t stop hackers (yet), it can help travel companies ensure that stolen data isn’t successfully used on their sites. Employing a machine learning solution can actively identify suspicious behavior, and prevent a chargeback for the merchant, and a painful fraudulent purchase for the victim,” said Tan, answering a vital question.
One of the best things about using machine learning is that it automatically learns about new fraud patterns in real time so you don’t have to keep close tabs on new tactics. Travel brands rely heavily on online transactions, so there is also a need to watch out for new travellers from new locales. Travel brands need to be mindful that new geographies come with different types of fraudsters and fraud patterns. A pattern may be normal in one region but fraudulent in another, said Tan. Of course, you can’t just block every new traveler; that would be a quick way to lose legitimate business. But leveraging big data to weed out the bad users wielding stolen credit card numbers is key.
NDC is fine, but are airlines ready to offer a better payment experience?
Ai Editorial: One transaction for a trip, but having separate payment record of each trip element involving a different supplier isn’t an ideal story. Are airlines ready to handle this, especially in the context of traditional card payments, in the NDC era? Ritesh Gupta finds out
The objective of being in control of what a carrier intends to sell sounds like a pragmatic idea. As data-driven personalisation becomes the norm, every airline understandably would like to offer its differentiated, unique product and at the same time something that matches the intent of the traveller, too. Also, airlines have been considering the possibility of making personalised offers to agencies without them being prepared by an intermediary by following the NDC standard.
Payments landscape – dealing with inevitable complexity
There are several dimensions that need to be considered as airlines move toward selling products in a different way. One of the most complicated aspects that need to be addressed is the authorization and settlement of a transaction. Considering the complex payments landscape, it isn’t going to be a straightforward process to optimize the payment experience.
It’s true that the scenario where a traveller shops trip essentials (such as airline seat, car rental, insurance etc.) on one site and pays multiple merchants in a single checkout session isn’t new.
There are certain aspects of travel that are being streamlined. As it recently emerged, IATA’s One Order industry-led initiative is “intended to modernize the multiple and rigid booking, ticketing, delivery and accounting methods with a single, flexible order management process”. According to the association, accounting “will be based upon workflow of a single order, bringing the industry closer to standard retail accounting principles”.
As for the passenger, the plan is to simplify the experience as travelers will no longer need to juggle between different reference numbers and documents. All they will need is their order reference number to be easily recognized and served by all.
This ideal cart checkout scenario will create complexity for an airline which must now accept the liability associated with the delivery of the various services being bought. Travellers will appreciate the single cart experience but they will also expect the airline, as the merchant of record for the sale, to service their complaints when a service is not delivered as expected. This is where there is room for improvement, says Global Collect's Laurie Gablehouse, a travel payments specialist.
Payment experience – far from being optimized
Let’s imagine a situation. Say you have shopped for US$1500 for your next trip. You have paid $1000 for your air ticket and $500 for your hotel stay. You completed shopping on an airline website at one go. As it turns out, the details of these two components would need to be tracked separately, with separate bills at your disposal.
It’s just the way the world of merchants, acquirers, issuing banks and card schemes work.
A lot happens when our card details are used for a transaction. Several stakeholders come into play as our transaction is converted into an invoice. As it stands, without these stakeholders, a transaction can’t be done. So imagine a scenario where each travel supplier has its own acquirer, and how the world of authorization and billing eventually shapes up today!
“Yes, the liability for the order is why the payment process works in this way.” says Gablehouse, referring to the current scenario.
Considering that there are two parts to a transaction – authorization, and clearing and settlement, where can the situation be improved?
Gablehouse states that it isn’t a technology issue; it’s just the functioning of this sector that is hard to fiddle with. A bank expects the merchant who accepts the payment to be the responsible party for the collection of the funds. If the consumer decides to reverse the payment AFTER the services have been delivered then the merchant is left with the loss. If this was not a service the airline was responsible for delivering, then there must a legal means of recourse to be reimbursed by the third party provider.
Authorization commences when travellers presents their respective cards to the merchant for shopping. In a matter of few seconds, checks pertaining to fraud and credit line are supposedly done, and a decision is taken. Post this there is a contractual obligation pertaining to payment and a product/ service being bought. So where can changes takes place in order to sort the issue of a traveller receiving one payment detail?
Interchange is the clearing and settlement mechanism that transfers data between the card processor and the issuing bank. There is an opportunity for card schemes to help the industry, improving the situation at the back-end, says Gablehouse. The back-end requirements are where this single order ides is quite fragmented, she says.
Here the situation is expected to be better in case of alternative form of payments such as digital wallets.
The idea of having one generic merchant id
The scenario can evolve by working with card schemes and identifying means for the airline or merchant if they could authorize $1500 as a total and not as $1000and $500. They are being billed separately as we don’t have the standards to allow for the single authorization for two different merchants. In order to settle $1500 settle at one go, authorization needs to be a single, bundled amount, says Gablehouse.
Hypothetically, Gablehouse says a single generic merchant id could be used to obtain the authorization for the entire sale. This is not something that the card schemes and banks should consider as a means to facilitate the process. This would also require changes to the settlement to ensure that the individual merchant ids could be used for settlement. In the ideal scenario, there should be multiple acquirers which eventually see the settlement file containing all components of shopping when a card scheme processes the billing. This would in turn simplify our payment experience if we were to book more than an air ticket with multiples services from an airline.
Ai Editorial: Airlines need to refine their fraud management tactics as well as work closely with travel agencies to reduce chargeback levels. Ai’s Ritesh Gupta learns how
Managing credit card fraud is an ongoing process for airlines, and keeping a tab on fraudulent transactions coming in via travel agencies remains a critical issue.
In fact, airlines list fraud-related issues associated with third party channels as a major challenge till date.
As airlines put smarter tools in place to detect fraud, fraudsters also get smarter; they move from one channel to another until they find the “unprotected front”.
“We already see airlines who can deny a transaction in their call centers if it comes from a customer who has already been rejected on their website,” says Celia Pereiro, Head of Travel Payments at Amadeus. “Airlines should extend this multi-channel approach to an omni-channel one, which includes a single repository for all travel data regardless of the channel.”
And negligence or being ignorant wouldn’t help at all.
“If airlines consider that, in view of IATA Resolution 890, payment fraud committed via a travel agent is not airlines’ concern (those airlines) may be missing the full impact of fraud,” says Pereiro.
She says regardless of who is liable for the cost of the chargeback, airlines, as the merchant of record, are still liable for processing, investigating and resolving the chargeback; moreover, the airline will never recover the bank fees incurred when they processed the payment in the first place.
For its part, Amadeus has developed a solution that will allow airlines to implement a fraud detection mechanism before authorization and ticketing issuance, saving both manual intervention and costs.
Points to consider
For bookings that require a further review, airlines can make a decision based on information and either accept or deny that booking. “If an airline decides to deny the booking and the ticket has already been issued, then we’re able to automatically void the ticket, therefore maximising effectiveness and reducing the manual workload,” says Pereiro.
The prevalent situation
Nowadays the earliest airlines can detect fraud is usually after the ticket has been issued, says Pereiro. Today, airlines can have internal processes in place or rely on a third party to screen all bookings coming via the travel agency channel. All this, though, ends up being costly as it involves heavy manual intervention and clearing up to be done when a payment is detected as fraudulent. This is however the best case scenario, says Pereiro.
Most commonly, fraud is detected at settlement time by the airline’s bank, which is then reported to the airline as a chargeback. Then the costs add on, making the ticket cost only one component of the total cost of a fraudulent sale.
The worst case scenario is when airlines take a binary approach to fraud controls; for example blocking transactions from entire countries or regions– rejecting valid transactions as a result. Assuming that the false positive rate is 5%, then even small airlines could be missing out on hundreds of thousands of dollars’ worth of revenue. To be able to realise these savings airlines should consider smarter anti-fraud solutions which uses the traveller data at their disposal to check for indicators that a transaction is fraudulent or not. For example, historical data which shows that a traveller has a history of making similar trips – even on different airlines – would add significantly to the accuracy of fraud checks.
So what happens when an alert surfaces that stops a ticket from being issued when payment is detected as fraudulent?
Pereiro explains: when a transaction is sent to be checked by a fraud management provider, the resulting cases can be one of the following:
Fraud management needs to be business rules-driven, meaning that the responses provided will be determined by the score each transaction obtains based on the criteria selected. “In addition, we can help airlines to define their fraud strategy and set the balance between accepting and denying transactions,” shared Pereiro.
With the Amadeus product, in the case of a positive result the ticket is issued; in the case of maybe the ticket is put on hold and the PNR is placed in a queue for manual review, where a negative response triggers stopping the booking before the authorization process and there is no option to issue the ticket; and in the negative case the booking is automatically cancelled.
Follow Ai on Twitter: @Ai_Connects_Us and Checkout our events at: www.AiConnects.us
Ai Editorial from Jiri Marek, former Executive Sales & Marketing Director, LOT Polish Airlines
BITCOIN – Beyond Imagination - a Terrifying Currency?
This is my own definition of this growing phenomena of new age, describing feelings, principles, fears and opinions coming to the mind of people whenever they hear word BITCOIN It came to me through my experience of introduction BITCOIN as payment method into Aviation. How BITCOIN and AVIATION can get along with each other?
“Opposites attract” is the fundamental principle of nature, and more philosophically we can look to the east to Yin and Yang or to the west to light and dark side of “The Force”. Also in aviation we have contradictions.
On one hand airlines are highly regulated with very limited spot for frivolity, but on the other hand one of the core engines running aviation development since decades was look for the future and the out-of-box solutions. It seems that the opposites attract… but in this case not quite.
The same airlines, that do not want to loosen up on safety and security principles, are facing the new and liberated world of the internet. These two pieces are in fact very hard to match. When I shared for the first time this new idea of adopting BITCOIN as payment method within airline, it creates a feeling inside the organization like bringing “chaos” into “order”. In fact it was more of a fear. BITCOIN is somehow still perceived as the currency of the anonymous rebels, synonymous of the unregulated and wild deep internet world.
Since airlines are extensively regulated mainly on safety and security issues, and they are using state of the art technology for flying, they became on the other hand kind of fossils in the merchandising and distribution of their content and product towards end consumer. In a result this is what we have: airlines would like to gain global reach and constantly complaining about regulators and authorities that they are bringing constrains and limit them to became truly global and on the other hand we have global borderless payment solution ready to use without any regulatory body or government behind it and no ownership, but somehow still steered clear of. Now is the time to look for the future.
I have no doubts, that the magnets will attract this time as well and it will happen sooner or later as The Mother nature always find a way through, constant search for balance, leading to evolution. Would you like to wait for this “evolution” or take rather first mover advantage and be part of “revolution”?
Ai Editorial: Bitcoin, Alipay, convenience store transactions etc. exemplify the diversity in payment methods. And such options call for management of atypical issues, too, says Ai’s Ritesh Gupta
Any sort of improvisation in a payment strategy requires introspection on several counts, be it for evaluating payment complexity, impact on the user experience, ensuring security for that particular sales channel or ability to monitor the fraud chargeback activity.
And today change is inevitable considering the increasing popularity of specific payment options in different markets. Airlines have to adjust as for many it’s a cross-border business.
There are certain market nuances such as prevalence of local domestic payment methods that can drive payment strategy – for example, convenience store payment in some Asian countries. Also, unlike credit card, each of the payment options in Asia has its uniqueness, e.g. transaction limit, availability of refund, chargeback rights etc. It requires airlines to design and implement necessary payment interfaces and processing flows.
Overall, airlines need to look at peculiar issues as they embrace new form of payments. Here we assess a couple of aspects:
An airline might be running operations smoothly in several markets, but a similar move may result in additional expenditure in a new one.
For instance, in case of China, it’s imperative for travel brands to offer options like Alipay and or let Chinese consumer pay via WeChat.
As per the feedback from specialists pertaining to Alipay, operating in China requires a separate integration cycle and payment acceptance service level than would typically be needed for other regions and markets. “PSPs like Stripe and Braintree provide for a more seamless integration on the backend, however because of regulations in China and Alipay’s market size, it is easier for brands with interests in China to work directly with the payment platform,” shared a source. Importantly in order to integrate a PSP like Alipay, a company based in the U. S. may need dedicate resources and staff for processing and acceptance for the Chinese renminbi.
“While enabling Alipay payments is critical to gain visibility and drive transactions in China, for smaller hotel chains, airlines or OTAs this additional resourcing is a large undertaking that can put a strain on cash flow and carry higher requirements for security against chargebacks. Additionally as Alipay remits payments through SWIFT, OTAs and travel brands will have to plan around payout timetables - which vary from country to country- and the applicable fees,” shared a source. “Another thing travel brands should consider the user experience, as travellers are completing their travel booking or reservations. Several PSPs oftentimes redirect users away from the branded site or app to complete their transactions an experience that travel brands cannot control or manage, which can lead to confusion, or worse, booking abandonment.”
For airlines, the fact that the process can involve their legacy infrastructure, it only adds up to the work that’s needed to be done.
“One of the key issues faced by airlines is heavy reliance on legacy infrastructure that prohibits them from adapting to the fast changing world of payments. If this is not addressed in a timely manner, airlines can risk becoming uncompetitive and non-relevant,” says Shreyansh Durgesh, Director of Sales and Business Development, Asia Pacific, Bitnet Technologies.
Delving deeper, Durgesh says, “Sometimes it is seen that airlines are unable to or take too long to launch new payment capabilities due to their backend system being too complex to work with new technologies. Lot of airlines have built their functionalities and respective business processes on top on a legacy mainframe application.”
“Most of the time these legacy infrastructure and their limitations determine how payment related processes or functionalities can be changed,” he says. For example, an airline’s DCS (departure control system) may follow certain rules to flag a risky booking based on fraud detection systems for further checks during check-in. But if the fraud detection and legacy platform are not compatible, it can lead to sub-optimal usage of such fraud detections services.
In addition to coping up with the challenge of system integration (each payment method works differently which means that each implementation can be costly and lengthy), another hurdle that comes with the new methods of payment is fraud as fraudsters always evolve to find ways of exploiting weak spots in payment processes and systems. So fraud management should be on top of the agenda for any airline integrating new payment methods.
There is also need to clarify certain points, too. For instance, bitcoin is like digital cash. So is there any way to recover or whom to approach when bitcoin is stolen?
Here it needs to be understood that bitcoin wallet private keys are the only proof of ownership of bitcoins. Once these keys are stolen it is impossible to reclaim ownership of bitcoin, says Durgesh.
“Bitcoin is decentralised protocol and not regulated, hence there is no central authority to turn to in case you lose your bitcoins. There have been number of bitcoin related compromises in past but they are not due to weakness in bitcoin protocol itself and rather due to because of weakness of security system employed or negligence of bitcoin service providers,” he says.
So it is important for consumers to carefully select their bitcoin service provider who has appropriate security system and policies to safeguard consumers’ bitcoins. There are specialists who keep bitcoin stored in secured, geographically separated cold storage as well as insure users against any losses, says Durgesh. Also, as the bitcoin ecosystem continues to grow we will see a lot more innovation in provision of wallet security services.
As the payment ecosystem continues to evolve, airlines need to be nimble. Be it for gearing for EMV liability shift in the U. S. or capitalizing on the popularity of an offering like Alipay in China, there would be changes for merchants. It is of paramount importance to be aware of requisite resources and the level of expenditure required to set up a new method of payment. Plus issues associated with integration with legacy systems, back-end operational systems etc. as well as fraud management, too, need to be scrutinized.
Follow Ai on Twitter: @Ai_Connects_Us and Checkout our events at: www.AiConnects.us