Fraud in airline travel industry: current and emerging trends

Introduction

The airline industry has seen a tremendous impact in terms of attempted fraud as sales channels have moved online. Fraudsters have historically made airline ticket fraud a key target, owing to the high value of each transaction: typically, return, or multi-leg, fares are purchased by fraudsters who only complete a portion of the overall route. This means that defrauded airlines are not only deprived of ticket revenues, but also of value-added services on board the aircraft itself.

Despite ticket prices being perceived as high by the end-customer, in fact, the airline industry suffers from very low margins. Indeed, the variable costs associated with aviation fuel coupled with other factors has meant that addressing revenue lost as a result of fraud is all but mandatory for international carriers.

With strong protections now in place at the major airlines, fraudsters have shifted their focus to those they have an easier time booking with, and the least chance of being stopped at the gate and asked for an alternate form of payment before they board. As a result, mid-tier or regional airlines have now become the ‘carriers of choice’ for fraudsters.

Key trends

Account Takeover & Synthetic Account Fraud

A number of significant factors, including the migration to EMV card standards in major markets as well as the availability of available social media data, phishing and malware attacks has led to a dramatic increase in account fraud. Where fraudsters are able to capture complete details, the account is typically taken over; meanwhile, the availability of ‘fragments’ has opened the door to synthetic accounts created by a combination of those fragments. This has impacted the airline industry not only in terms of fraudulent tickets, but also in terms of loyalty programme misuse. The issue is exacerbated in some cases, where advanced malware allows a ‘sleeper attack’: here, the victim is allowed to log into his or her account as normal, thus bypassing any strong ‘gateway’ defences. The malware is then used to keep the session open, regardless of the victim’s activity, at which point fraudulent activity can commence. Airlines without solutions to continuously monitor the session for suspicious activity undoubtedly suffer.

Behavioural biometrics

Many existing FDP (fraud detection and prevention) solutions rely on rules-based systems in an attempt to root out fraudsters. While these are certainly effective at first, rules systems tend to be relatively static and are thus susceptible to gaming by fraudsters; rules are tested and then circumvented. Naturally, this results in a reaction by the service provider, who alters the ruleset. In turn, this results in a game of cat-and-mouse between fraudsters and service providers, effectively increasing the cost of combatting fraud.

Nevertheless, the rise of machine learning augmented FDP solutions has generated interest in the use of behavioural biometrics to identify fraudsters. Here, models are able to use behavioural inputs, such as mouse movement, touch screen behaviour and various other indicators to separate genuine user behaviour from fraudulent behaviour.

Augmenting defences through shared data

The emergence of 3DS 2.0 (3-D Secure 2.0) from 2019 will undoubtedly increase the scope for shared data as a means for reducing fraudulent activity. Although the current iteration of 3DS allows for a risk-based approach, in markets such as the US this is rarely implemented owing to inefficient use of data to develop risk models. As such, the only options are to implement a 100% challenge policy, which increases basket abandonments, or alternatively to eschew 3DS altogether, increasing fraud rates. 3DS 2.0 is focused on the adoption of a risk-based challenge strategy: issuers such as Visa and Mastercard will incorporate more cardholder data into the model, while other information, such as the device being used, time zone and so on, will help determine whether the buyer is genuine or not. Indeed, the ability for airlines to combine their own customer data (reputation, behavioural indicators and so on) with issuer data is a paradigm shift compared to how the standard was managed before. This should dramatically improve the service in terms of its risk-based approach.

Ultimately, improvements in automated fraud detection offered by standards such as 3DS 2.0 will mean that mid-tier and regional airline carriers will benefit tremendously. Presently, cost pressures have meant that FDP spend for these carriers is lower when compared to those whose revenues run over USD 1 billion. In turn, this has increased the number of costly manual reviews required, the number of rejected transactions, as well as the amount of fraud.

About Steffen Sorrell

Steffen Sorrel is a Principal Analyst with Juniper Research. His area of focus includes digital networks and enabling technologies, and is particularly interested in the Internet of Things, Contextual Awareness and Ambient Computing. He has previous experience as an in-house FMCG analyst, tasked with marrying large volumes of data across disparate systems and reporting trend analysis to the business.

About Juniper Research

Juniper Research is acknowledged as the leading analyst house in the digital commerce and fintech sector, delivering pioneering research into payments, banking and financial services for more than a decade.