How airlines can guard against account takeover and loyalty fraud

In a recent blog, Fernando Souza commented that effective fraud management can contribute to revenue capture for airlines. In this article, I'm going to discuss some of the airline-specific fraud trends we're seeing, along with some mitigation strategies to help prevent losses.

Fraud experienced by the airline industry takes many forms as fraudsters evolve their tools and techniques to reflect the world around them—from changes in consumer behaviors and payment preferences to events taking place on a regional or global scale.

Cybersource Risk Analyst who specialize in the airline and wider travel industry constantly monitor the market to identify emerging trends, including geographic nuances. Recently, for example, they've observed:

·???????? A reduction in fraud on cards issued in one Latin American country, and a spike in fraud on cards issued in another

·???????? An increase in gift card–related fraud, often involving fake travel agents reselling fraudulently purchased gift cards on social media to unsuspecting travelers

Another type of fraud that's always on our radar is account takeover, which can relate to:

·???????? Travelers' airline accounts, in which case their stored personal details and payment information can be at risk of theft or misuse

·???????? Loyalty accounts, which can result in travelers' loyalty points being stolen and fraudulently spent or resold

Both types of fraud can lead to financial and reputational losses for the airline, the loyalty program provider, or both.

Account takeover: key challenges

Dealing with fraudulent transactions made when accounts are compromised can be challenging because the data points tend to look correct during fraud screening—so the transactions often go through. Typically, it's only when the genuine traveler notices their payment card has been compromised or their loyalty account has been emptied that the fraud comes to light.

In many cases, travelers may be at least partly responsible when their accounts are taken over, without realizing it. Perhaps they inadvertently clicked on a link in a phishing email or text message. Maybe they reuse passwords across multiple accounts—enabling account credentials stolen in an unrelated attack to be used to access and plunder their airline or loyalty account. Ultimately, however, proving any responsibility a passenger may have in the takeover of their account will likely be difficult or impossible. Generally, the airline or loyalty program provider will be left to bear the resulting losses.

When it comes to loyalty accounts, fraudsters probably also benefit from the fact that many of us don't access them unless we want to redeem the points. That can mean lengthy gaps between genuine logins that give fraudsters plenty of time to act.

Protecting against account takeover

Account takeover and loyalty fraud can seem challenging to deal with, but there are ways to protect against them. One way is for airlines and loyalty program providers to educate travelers with regular communications about:

·???????? The risks of clicking on links in emails and text messages

·???????? The merits of creating a unique password for every account

·???????? The need to regularly check their accounts to help them notice any compromise sooner

But many fraudsters are smart, and some travelers will go on making mistakes and failing to spot increasingly sophisticated scams. To guard more effectively against account takeover and the losses that can ensue, airlines and loyalty program providers should consider rolling out a specialist solution like Cybersource Account Takeover Protection.

The Cybersource solution monitors high-risk behavior at account login (and other account events) to help block fraud at the account level and so prevent fraudulent transactions being initiated downstream.

Stopping transactions being made with stolen points

In the event a loyalty account is successfully taken over, the objective is to identify and stop transactions being attempted with the stolen points. Ideally, loyalty program providers and airlines will work together to capture as many data points as possible for analysis by the fraud management platform.

A platform like Cybersource Decision Manager combines AI and ML with your own custom rules to make best use of all the data points collected. You can, for example, build rules that flag transactions in scenarios that don't stack up. So, if someone tries to use points to book a hotel room 48 hours ahead, your fraud management platform could evaluate the feasibility of the individual getting from the booking location to the hotel within that window of time. If it looks unlikely, the platform can flag the transaction for review, or reject it altogether.

You're not flying solo

Protecting against account takeover and loyalty fraud and the associated revenue and reputational losses can be complex—but with the right solutions, strategy, and rules, you can reduce the risks.

Cybersource can support you with our Decision Manager and Account Takeover Protection solutions, coupled with the expertise our Risk Consultant who are ready to help you finetune your approach to these and other types of fraud.

To find out more, visit https://www.cybersource.com/en-us/contact-us/request-a-consultation.html?