Holiday fraud: why you can’t take a day off from fraud prevention

If you’re running or plan to run a travel tech startup, discover what you should pay special attention to in order not to fall victim to holiday fraud.

Hubert Rachwalski

Chief Executive Officer

18 June 2018


6 min read

The global Travel Tech market is predicted to reach the value of 12 billion dollars by 2019, growing by 14% per annum. Impressive? The estimations only account for the largest IT solutions providers. Considering how successful platforms like Airbnb, Expedia and TripAdvisor have become, it seems evident that the numbers will be much higher in reality. Holiday fraud is not exclusive to any season, which is why fraud prevention is a full-time commitment!

Holiday fraud is an all year round problem

No wonder more and more companies, including startups, are tempted to treat themselves to a piece of that delicious and lucrative cake. The rapid development of the Travel Tech industry has its effects both on a global, and a local scale. Polish online travel service eSky, boldly operating across the globe, makes a great example of the phenomenon! As regards its reflection in a more compact dimension, traditional travel agencies are increasingly going online and mobile as well, in an endeavour to keep up with the industry.

Despite the wide variety of Travel Tech companies, fraud - a modern affliction we’ve already presented in one of our infographics - affects them all in equal measure. The gravity of the problem is indeed worrisome. More importantly, the complexity of fraud across travel agencies, booking platforms or flight comparison websites is also different from, say, its shape and volume as compared to virtual bookstores or mobile games. To get a full picture of it, it will be necessary to take a close look at it separately and start from the very nature of the industry. If you’re running or planning to run a Travel Tech startup, I’d like to invite you to discover what you should pay special attention to in order not to fall victim to fraudsters.

A quick trip through travel payments

The travel industry has three distinguishing features when it comes to payments.

  1. The unit value of a single transaction amounts to several hundred dollars.
  2. The customers vary enormously in terms of nationality and often carry out transactions outside of their countries of residence or even departure points of their respective journeys.
  3. Time is prioritised much more than in the case of any other services or products online All of the above-mentioned factors directly determine the challenges that Travel Tech professionals inevitably encounter. Let’s take a look at the characteristics individually.

High prices = high risk

Travel Tech professionals mostly deal with large-value transactions. From a fraudster’s standpoint, one transaction translates into remarkable profits and so it’s worth maximizing efforts invested in every single scam. Basically, it pays off to collect detailed information about the cardholder whose details are to be used for fraudulent purposes and adapt one’s virtual image well in advance so as not to raise suspicion.

Large-value transactions call for enhanced security. For example, the validity of a transaction can be verified with a phone call in which the cardholder is asked to confirm if they’ve just booked plane tickets or a trip. The relevant telephone numbers should be submitted by the customer upon the commencement of/subscribing to the service. The fraudster can, therefore, submit their telephone number beforehand (the method commonly referred to as “money mule”) and impersonate the legitimate user if called. Such a pre-calculated move obviously involves much effort and commensurate financial resources. If you’re selling a trip worth several hundred dollars, you should be able to hire an employee who’s in charge of contacting suspicious travellers. Well, this does not really sound like a great obstacle. You will begin to notice the problem once you realise you need to hire several employees dedicated only to reviewing suspicious transactions. In other words, reviewing transactions with phone calls is a good idea, but not necessarily the remedy for fraud. It’s merely an additional layer of security.

It is of utmost importance to employ anti-fraud solutions that take a wider range of data into consideration while verifying the customer’s intentions. And not just any data. The information collected should be too difficult or expensive to forge for fraudsters – certainly worth more than their prospective gains. Multidimensional user profiling will be the best choice here. It consists in analysing thousands of data points pertaining to an individual user and their interaction with the website. For starters, such rich data will facilitate selecting transactions for manual review, which helps substantially optimize the operating costs. Furthermore, it makes it possible to inspect all transactions thoroughly and spot even the most sophisticated fraudsters before their criminal intentions begin to materialize.

Global complexity

Working with or within the travel industry means constantly having to handle requests of customers coming from all around the world, using various cards and having diversified habits and preferences as to how they shop online. For instance, in Latin America, it is commonplace to pay for anything in instalments - even for inexpensive products or services.

Carrying out one transaction with several cards wouldn’t raise an eyebrow either. With such plentiful region-specific nuances, transactions done by travellers often exhibit sets of features that could easily be taken for fraud designates. Just imagine a situation in which the card was issued in the UK, the computer’s physically based in Poland, and the browser’s default language is set to Spanish, but the billing address indicates the Netherlands. Unlikely enough? Most fraud detection tools would flag such a transaction as unequivocally suspicious and block it. In reality, however, the traveller might be a Briton who owns a business based in the Netherlands, is trying to learn Spanish after hours and happen to be in Kraków, sightseeing. An online travel agency should, therefore, employ a system capable of conducting analysis so profound as to let that British entrepreneur carry out their transaction uninterrupted.

Both risk managers and rule-based fraud detection systems will not do their job effectively if the transactions come from all the corners of the world possible. Risk experts tend to specialise in selected regions. It is not really doable to be an expert in all markets of the world, isn’t it? Their knowledge and experience are converted into rules aimed at fraud detection. Nonetheless, a rule that’s 100% true for Poland may result in declining hundreds of perfectly legitimate transactions from some other country. Conclusion? Well, the human cognitive filter or abilities, whatever you call it, are limited. Given the complexity of the world of payments and its fragmentation, it is far more effective to have the data analysed by a machine rather than to put an employee in charge of the mission. Supplied with extensive data, a machine is capable of detecting fraudsters with accuracy not encountered before. Even if the situation is as twisted as the one with the British business person. The team, in turn, can concentrate on the configuration of the system and learning about different markets instead of running ineffective and time-consuming analyses.

Time is precious. The situation is precarious.

As I have mentioned, for travellers, time is often the top priority. A traveller who’s purchasing a plane ticket to some European city in a rush because they need to be on time at a business meeting, or a tourist who’s missed a train and desperately needs to book a hotel room nearby – they both expect their payments to be processed instantly, in real-time. Once the complexity of the payments scene enters the equation, it’s easy to fall into a cycle of incessant phone calls as each transaction will seem suspicious. It’s ok to put security first, but customers, if not offered the service immediately, will turn away from your business and that’s exactly why fraud prevention measures should not slow down your sales processes.

Artificial Intelligence can easily solve this sort of dilemma. Machine Learning models are able to assess the risk that a given transaction involves in less than a second. This, in turn, will let you cater for your customer’s needs without compromising the user experience and reduce the number of review phone calls to the minimum. As a result, you do not discourage your customers from using your services by calling them time and again to verify if they have bad intentions or not.

We’re entering the holiday season. I strongly advise you to revisit this article in the autumn, while summarising your results for summer. I hope they will be satisfactory! Please, do remember though they could have been better still!

If you wish to have an advanced fraud prevention solution, let Nethone solve holiday fraud (indeed, all fraud, any time of the year) in your business. Schedule a call with us to talk over the details.

Ready to detect fraud just like Azul?

Ready to detect fraud just like Azul?

Start measuring fraud attacks today and find out if there are bots attacking your site. Arrange a call to discuss a tailored solution or explore our platform for free.

Book a call