Kevin Lee, Sift, on the latest trends in fighting loyalty fraud in travelling

Sift is a technology vendor for online travel agencies (OTA) that seek to fight fraud. Can you portray your typical customer?

Our typical customers are companies seeking an innovative technological approach to fighting fraud, while also placing equal importance on maintaining an excellent user experience. Customers who have something of the best results with us tend to operate with low-margin, high-volume, instant-delivery business models. They also often have lean fraud teams and rely heavily on automation.

What are these customers currently doing wrong in stopping fraud and what are the challenges they are facing?

In the online travel space, fraud teams must make accurate real-time decisions for high average order amounts, looking at users that are new to the system or don’t make bookings very frequently. This is very challenging, because you don’t have as much data on these travellers, and there is high financial risk involved in every decision.

Many fraud prevention vendors only look at transaction data, which results in lower accuracy. Behavioral data is extremely valuable for preventing fraud. Imagine this scenario: a legitimate travellers buys flights to Barcelona, spending time browsing for the best deal, choosing seats, checking out hotel packages, and sending the itinerary to family members. It takes a while. In contrast, a fraudster may complete the entire shopping process in two minutes and then log out. Legitimate users rarely bother to log out of websites. The timing and logging out are two signals that could point to fraud.

Other vendors also use rules that don’t scale, are static, and don’t adapt to changing fraud patterns. At Sift, our real-time machine learning based on an ensemble of models and 16,000+ signals is a real differentiator.

How do loyalty programs work in this industry and how do fraudsters exploit them?

Forget bitcoin – loyalty points are the original digital currency. Loyalty programs create financial liability for companies, since so many travelers accumulate large unused balances. These balances are attractive targets for fraudsters, since they’re easy to drain, and you don’t need to input payment info to redeem the points. Loyalty fraud is a growing crime, with 11% of card-not-present fraud attacks on loyalty and rewards points accounts in 2017 – up from 4% in 2016.

In a typical scheme, a fraudster will use stolen login credentials obtained from a data breach or hack to gain access to a traveler’s account. Then, they use the “transfer points” option to liquidate the balance. A fraudster may also use stolen credit card information to purchase multiple airline tickets, accumulating a huge amount of loyalty points and quickly redeeming them before the crime is discovered.

Unfortunately, most loyalty programs have minimal security in place to curtail this abusive activity in order to provide the most friction free customer experience as possible. In fact, many companies choose to whitelist these customers in order to circumvent any security checks, which is especially problematic.

How are companies in the travel industry currently fighting/preventing these problems? Does a solution for preventing loyalty and travel fraud truly exist?
Some solutions that travel companies use to prevent loyalty fraud include:

• setting limits and rules on how fast customers can earn points and spending requirements to accrue points

• establishing manual review teams to spot abusive behavior

• checking customer point transactions histories, looking for how long and at what pace a person accrued points, as well as how fast those points were spent

• introducing 3D Secure or other verification methods.

However, these solutions not only negatively impact the customer’s experience – customers don’t want to be made to spend a minimum in order to accrue points or have to remember a password to verify their identity – they also require more labor and cost on the merchant’s end. Sixty percent of online businesses are concerned about spending too much on manually reviewing orders .

A true solution to preventing fraud is multi-layered. It’s not just about eliminating fraud, but more about limiting exposure and enabling your top line to grow. At the foundation is the ability to ingest a high volume of data from all stages of the customer journey. Then, you need sophisticated technology like real-time machine learning to uncover patterns in the data, so you can both automate accurate decisions and empower your review team to take the right action on gray-area cases.

About Kevin Lee

Kevin Lee is driven by building high performing teams and systems to combat malicious behaviour. He has worked for the last 10+ years around developing strategies, tools and teams responsible for billions of users and dollars of revenue. Prior to Sift, Kevin worked as a manager at Facebook, Square and Google where he lead various risk, chargeback, spam and trust and safety organizations.

About Sift

Sift is the leader in Digital Trust & Safety, empowering companies of all sizes to unlock revenue without risk. Sift prevents fraud with industry-leading technology and expertise, an unrivalled global data network, and a commitment to building long-term partnerships with our customers. Twitter, Airbnb, Twilio, and other leading brands rely on Sift to stay competitive and secure.