Fighting fraud in the airline industry – the how and the why

Fighting fraud in the airline industry – a sector with an estimated market size of $841.44 billion, according to Statista – is a top priority for organizations across the world.

With modern fraud detection technology, airlines now stand a fighting chance against their savvy opponents. But the best starting point is always awareness. Let's take a deep dive into how fraudsters target airlines.

The consequences of fraud in the airline industry

It may be consumers who are often the target of fraud awareness campaigns in relation to travel fraud, but airlines and other transport companies are equally at risk – and the stakes are much higher.

Indeed, the International Air Transport Association (IATA) has been sounding the alarm for airlines, noting that "Payment fraud loss of revenues may impact the operating margin of the airline significantly", while Ravelin's latest Global Fraud Trends 2024 report found that fraud increased for 75.7% of travel-sector merchants in the past year.

• Revenue and operational costs: For an industry that is squeezed on every side by increasing cost of raw materials, scarce talent, stringent government norms, and stiff competition from each other, the last thing airline companies want is a big dent in their balance sheet because of fraudulent transactions.

• Customer satisfaction: Airline transaction fraud is not just a problem for the companies affected; it has a ripple effect on people and organizations that are associated with these companies. Customers are affected as they lose time and money sorting out the effects of fraud. Not to mention the emotional trauma it causes them if they happen to be stranded at an airport unable to board a flight or make it to an important life occasion or meeting on the other end of their journey. Indeed, customer loyalty was named as the second most common consequence of fraud for companies, with 37.1% experiencing it, per Ravelin's latest fraud survey.
  
  
• Reputational damage: In the online age, making headlines for not protecting customers can have significant impact on the reputation of a company – and online reputation is of great strategic importance to companies in such a sector. A 2019 research paper notes that "the customer’s general attitudes towards an airline have a positive effect to their loyalty. In the air travel industry, companies make a lot of efforts to build powerful brand images aiming to increase passenger trust" and expands to attempt to quantify this.
  

• International crime: Importantly, airline fraud is a key concern for international security organizations like Interpol, Europol, and national security agencies of countries across the world. Unlike any other industry, the airline industry spans the entire world and connects countries like no other platform can. This being the case, fraudulent tickets obtained by criminals are used to commit serious crimes such as terrorism, human trafficking, and drug dealing.

Considering the high stakes, criminals use the most complex mechanisms to manipulate customers, airline company employees, third-party agents, and government officials.

What are the causes of airline fraud, abuse and security loopholes?

There are multiple loopholes that can result in airline fraud. Key factors include poor security, the democratization of fraud and crime, and lack of up-to-date, scalable fraud solutions.

Legacy and outdated solution stacks: For airlines, there are multiple, complex elements to managing risk and on some occasions, risk from online fraud and policy abuse takes the back seat. Due to the ever-accelerating nature of online crime, legacy fraud prevention that might have worked a few years ago might no longer be up to the challenge. Moreover, certain solutions scale better than others, and as the popularity of online booking increased, some systems were left behind. To mitigate against this, experts recommend investing in AI-native machine learning fraud solutions and ensure close collaboration with fraud prevention partners.

Poor security from supplier side: More widely speaking, airlines can unintentionally make themselves a target for hackers by using vulnerable PoS machines, outdated security for their IT systems, and weak monitoring of employees and vendors that interact with their booking platform.

Poor security from consumer side: Consumers are likely the easiest to fall prey to the scams of fraudsters. From email phishing scams to stolen credit cards and mobile devices, there are innumerable ways consumers can be duped into giving away private information to criminals, who then take advantage of it in numerous ways. Unfortunately, and unfairly, even when it's the consumer who is at fault for a breach or stolen account, they often place blame with the associated airline or travel company – and when they take this grievance to social media, the repercussions can be bad.

Crime going digital and global: Airline fraudsters are among the most digitally savvy and ruthless of the lot. According to Skift, 5% of the web is made up of the dark web where illegal tickets, and airlines services are sold for cheap. Today, fraud is often a coordinated effort of multiple individuals and groups working across the globe – and they are sharing their techniques openly and learning from each other too. They are well connected, possess the latest in technology, and take all precaution against being caught. By contrast, consumers and airlines move really slow. Skift’s report says that in 99% of hospitality fraud cases, it took weeks for victims of data fraud to become aware of it.

Types of airline fraud – real-life examples

Fraud hits airlines from numerous sources, and at every point along the booking process and journey. Here are some of the most notorious instances of airline fraud that made headlines:.

Fraudulent tickets and fake payment details

In June 2016, international police organizations like Europol and Interpol with the help of government organizations and airline companies cracked down on 140 fraudsters in a two-day effort. Similarly, in October, there was another mass crackdown across airports globally which resulted in 193 suspects being detained for possessing fraudulent tickets.

In both cases, most suspects booked tickets using stolen or fake credit cards. This is the most common cause for airline fraud. The sheer number of violations shows how widespread airline fraud is, and that it is a global phenomenon.

Chargeback fraud

Just like any merchant who accepts card-not-present (CNP) payments, airlines are also susceptible to chargeback abuse. When a customer files a dispute with their card-issuing bank, misrepresenting the truth of how and why their card was used in order to pay with an airline. This can lead to chargeback woes for airlines, whose chargeback rate increases (thus resulting in higher transaction fees for any payment) while they often have to pay out of pocket for tickets and other services that have already delivered.

The chargeback and refund situation related to travel became a hot topic during the pandemic, with many consumers continuing to act on their new-found understanding of laws and regulations, as well as updated legislation, after it.

Stolen loyalty miles through account takeover

Not just credit cards, but loyalty miles too are targets for airline criminals. In the US alone, $48 billion in loyalty points are collected every year. What makes loyalty miles so attractive to criminals is that they lack the security and safety measures that payment cards have. All you need is access to the customer account and you can book tickets, accommodation, and host of other services without even going through a payment gateway.

Because of this, there is an entire black market for loyalty points that’s available in certain anonymous pockets of the web. Here, loyalty accounts worth thousands of dollars are sold for a fraction of the cost.

Employee account phishing

Not just customers... employees too are vulnerable to the scams of fraudsters, particularly email phishing scams. Phishing is when a criminal sends an email impersonating a reputed company and solicits confidential information like passwords and credit card details.

In one case of a social engineering attack on airline company employees, $2 million worth of flight tickets were stolen by a fraudster. He sent phishing emails that tricked airline employees into giving away their system login credentials. He particularly targeted employees who had access to the Global Distribution System (GDS) that was used to carry out airline operations, including the booking of tickets. He was eventually caught when trying to travel internationally.

Employee misuse

Airline companies ought to trust their employees but, as Virgin Australia reported, loopholes in the system can be exploited by those few who have bad intentions.

A call center employee booked flights worth $225,000 for her friends and family over a span of two-and-a-half years before the issue was noticed and she was arrested. What’s alarming is that this flaw in the system was not caught or noticed for an entire two-year period.

Fake travel agencies and malicious partners

In New Jersey, Delta Airlines stumbled upon a ticket cancellation fraud that was perpetrated by third-party travel companies. It involved four websites that charged customers cancellation fees under the pretext of Delta Airlines, and further fabricated stories to Delta about why the tickets were cancelled.

This is a type of supplier or partner fraud that travel companies are seeing more of. In fact, several airlines in recent years have had to spread awareness and education to remind travelers to be vigilant and not believe emails, phone calls or random websites that claim to be affiliated with the airline.

Airline account hacking

With all airlines operating their fleets using digital systems, there is an increasing threat of these systems being vulnerable to savvy hackers.

Thousands of American Airlines and United Airlines customer accounts were hacked, and dozens of tickets were booked using them. While the damage done can be relatively small, these acts tarnish the brand of an airline if it’s unable to secure its systems with advanced security measures.

PoS devices

If complex IT systems can be hacked, simple PoS (Point of Sale) machines are no exception. According to Verizon’s 2016 Data Breach Investigation, 74% of data breaches in hospitality are from POS intrusions. In fact, a security researcher has devised a $6 tool that can hack into PoS devices. With low standards for security, it’s not surprise PoS is a major cause for airline fraud.

In-flight scams

It’s not just flight tickets; even in-flight merchandise that gets stolen by fraudsters. In one in-flight credit card scam, a pair of fraudsters conned airlines out of expensive duty-free goods by using credits cards that had exceeded their limit.

They would swipe the cards when the flight is in the air, and the transaction would go through successfully. Only on reaching the ground would the airline staff discover that the transaction failed.

How to protect airlines from online fraud

Protecting an airline from online fraud, policy abuse and account takeovers requires a forward-thinking, proactive strategy that combines strong authentication, several checkpoints, and the ability to keep up to speed with the fraud landscape. More specifically:

1. Deploy multi-factor authentication (MFA)

MFA and 2FA is a way of allowing users to log into your systems in a more secure way. It works by using a traditional username and password as the first step, but then going beyond this to ask users to go through a second (or third) step by entering a code sent via SMS or email, or piece of information that only they would know.

This can be a bit of a hassle to end users, but is a small sacrifice to make for better security. Another increasingly used type of MFA is 3D Secure, which has the added benefit of helping companies of all types stay in card schemes' good books.

2. Use a fraud detection platform

All airlines need a tech-forward, scalable fraud detection and prevention solution. By accessing information available across multiple systems, fraud detection software can stop suspicious transactions and other user actions from as early as the booking request stage, and flag them or even cancel them as appropriate.

AI-native fraud detection systems use big data and machine learning technology to assign fraud scores to users. Using algorithms, they can easily identify which transactions are legitimate and which are fraudulent. Armed with this intelligence, you can weed out fraud from your business effortlessly.

Moreover, modern fraud detection goes beyond looking at payments fraud, also helping you block account takeover attacks, coordinated fraud networks, policy abuse, refund abuse and even supplier/partner fraud.

3. Integrate your booking platform

Whether ticket sales happen online, offline or via agents, they should all be tracked and monitored centrally. This is critical to responding when you discover suspicious activity. Whether it’s blocking certain tickets or whitelisting user accounts, you want to be able to respond in a matter of minutes at most – but also respond in a way that helps prevent further instances of the issue.

Real-time data processing is key to making this possible, and it is a massive boost to payment security.

4. Enforce a series of checks and balances

For every transaction in your system, there should be a series of checks to ensure it is legitimate.

These checks should be automated as much as possible because manual effort would slow down the process and add even more loopholes. These checks would flag suspicious behavior whether it comes from users, employees, or partners, at various checkpoints – such as log-in, payment or account registration.

5. Have an incident management process

When fighting fraud, every second counts. Once you detect suspicious activity, you need to move quick to investigate it and take action within seconds or minutes. You need a first-response team that is trained to handle the most difficult situations. You need to establish relationships with partner organizations and government institutions around the world to act swiftly and crack down on crime at any point of your global airline business.

Importantly, you will want to learn from any security incidents, ensuring vulnerabilities are covered and your operations protected in the future. To coordinate all these resources at your disposal, you need an incident management process.

How to stop airline fraud

In conclusion, airline fraud has real consequences on everyone involved. The news is replete with incidents of fraud that hits airline companies from every direction – fraudsters, customers, employees, and third-party vendors.

Airlines can educate customers about scams – and that will help to an extent – but to truly fight fraud, airlines need to secure the digital infrastructure that powers their business. This involves having a fraud prevention strategy, hiring the right talent, and equipping their teams with state-of-the-art fraud detection and prevention tools. Securing airline systems end-to-end is the only way to drastically cut down fraud in the airline industry.

To learn more about securing your airline from fraudsters and bad actors, book a call with one of our team of experts today.