Fighting fraud in the airline industry

The International Air Transport Association (IATA) estimates that payment fraud costs the airlines industry about $858 million per year, of which $639 million is borne by airlines. For an industry that is squeezed on every side by increasing cost of raw materials, scarce talent, stringent government norms, and stiff competition from each other, the last thing airline companies want is a big dent in their balance sheet because of fraudulent transactions. Fighting fraud in the airline industry is a top priority for organisations across the world. With the availability of modern fraud detection technology, airlines now stand a fighting chance against their savvy opponents.

Airline transaction fraud is not just a problem for the companies affected, it has a ripple effect on people and organizations that are associated with these companies.

Customers are affected as they lose time and money sorting out the effects of fraud. Not to mention the emotional trauma it causes them if they happen to be stranded at an airport unable to board a flight or make it to an important life occasion or meeting on the other end of their journey.

Most importantly, airline fraud is a key concern for international security organizations like Interpol, and Europol, and national security agencies of countries across the world. Unlike any other industry, the airline industry spans the entire world, and connects countries like no other platform can. This being the case, fraudulent tickets obtained by criminals are used to commit the most serious crimes like terrorism, illegal immigration, human trafficking, and drug dealing.

Considering the high stakes, criminals use the most complex mechanisms to manipulate customers, airline company employees, third-party agents, and government officials. Let’s start by taking a look at the various methods of airline fraud that airlines have to deal with.

The various types of airline fraud

Fraud hits airlines from numerous sources, and at every point along the booking process, and flight journey. Below is a list of the most notorious instances of airline fraud that made headlines in the past year alone.

Fake payment details

In June 2016, international police organisations like Europol and Interpol with the help of government organisations, and airline companies cracked down on 140 fraudsters in a two-day effort. Similarly, in October, there was another mass crackdown across airports globally which resulted in 193 suspects being detained for possessing fraudulent tickets.

In both cases, most suspects booked tickets using stolen or fake credit cards. This is the most common cause for airline fraud. The sheer number of violations shows how widespread airline fraud is, and that it is a global phenomenon.

Stolen loyalty miles

Not just credit cards, but loyalty miles too are targets for airline criminals. In the U.S. alone, $48 billion in loyalty points are collected every year. What makes loyalty miles so attractive to criminals is that they lack the security and safety measures that money has. All you need is access to the customer account, and you can book tickets, accommodation, and host of other services without even going through a payment gateway.

Because of this, there is an entire black market for loyalty points that’s available in certain anonymous pockets of the web. Here, loyalty accounts worth thousands of dollars are sold for a fraction of the cost.

Employee account phishing

Not just customers, employees too are vulnerable to the scams of fraudsters, particularly email phishing scams. Phishing is when a criminal sends an email impersonating a reputed company, and solicits confidential information like passwords, and credit card details. In a recent Phishing attack on airline company employees, $2 million worth of flight tickets were stolen by a fraudster. He sent phishing emails that tricked airline employees’ into giving away their system login credentials. He particularly targeted employees who had access to the Global Distribution System (GDS) that was used to carry out airline operations, including the booking of tickets. He was eventually caught when trying to travel internationally.

Employee misuse

Airline companies trust their employees, but as Virgin Australia discovered, loopholes in the system can be exploited by employees. A call center employee booked flights worth $225,000 for her friends and family over a span of two-and-a-half years before the issue was noticed, and she was arrested. What’s alarming is that this flaw in the system was not caught or noticed for an entire two year period.

Travel agency companies

In New Jersey, Delta Airlines stumbled upon a ticket cancellation fraud that was perpetrated by third-party travel companies. It involved 4 websites that charged customers cancellation fees under the pretext of Delta Airlines, and further fabricated stories to Delta about why the tickets were cancelled.

Airline account hacking

With all airlines operating their fleets using digital systems, there is an increasing threat of these systems being vulnerable to savvy hackers. Thousands of American Airlines & United Airlines customer accounts were hacked, and dozens of tickets were booked using them. While the damage done here was small, these acts tarnish the brand of an airline if it’s unable to secure its systems with advanced security measures.

PoS devices

If complex IT systems can be hacked, simple PoS (Point of Sale) machines are no exception. According to the Verizon’s 2016 Data Breach Investigation, 74% of data breaches in hospitality are from POS intrusions. In fact, a security researcher has devised a $6 tool that can hack into PoS devices. With such low standards for security, it’s not surprise PoS is a major cause for airline fraud.

In-flight scams

It’s not just flight tickets, but even in-flight merchandise that gets stolen by fraudsters. In one in-flight credit card scam, a pair of fraudsters conned airlines out of expensive duty-free goods by using credits cards that had exceeded their limit. They would swipe the cards when the flight is in the air, and the transaction would go through successfully. Only on reaching the ground would the airline staff discover that the transaction failed.

Causes of security loopholes

As you can see from the examples above, there are multiple loopholes that can result in airline fraud. Here are the key factors:

Poor security from supplier side

Airlines unintentionally make themselves a target for hackers by using vulnerable PoS machines, outdated security for their IT systems, and weak monitoring of employees and vendors that interact with their booking platform.

Poor security from consumer side

Consumers are likely the easiest to fall prey to the scams of fraudsters. From email phishing scams, to stolen credit cards and mobile devices, there are innumerable ways consumers can be duped into giving away private information to hackers.

Crime going digital & global

Airline fraudsters are among the most digitally savvy and ruthless of the lot. According to Skift 5% of web is made up of the dark web where illegal tickets, and airlines services are sold for cheap. Today, fraud is often a coordinated effort of multiple individuals and groups working across the globe. They are well connected, possess the latest in technology, and take all precaution against being caught.

By contrast, consumers and airlines move really slow. Skift’s report says that in 99% of hospitality fraud cases, it took weeks for victims of data fraud to become aware of it.

Given this state of affairs, airlines need to do a lot more to stay ahead of hackers. But what can motivate airlines to take the required effort, that’s what we’ll look at next.

How to secure airline transactions

Two-factor authentication (2FA)

2FA is a way of allowing users to log into your systems in a more secure way. It works by using a traditional username and password as the first step, but going beyond this to ask users to go through a second step by entering a code sent via SMS, or piece of information like ‘the name of your childhood pet’ that only they would know. This is a bit of a hassle to end users, but is a small sacrifice to make for better security.

Integrate your booking platform

Whether ticket sales happen online, offline, or via agents, they should all be tracked and monitored centrally. This is critical to responding when you discover suspicious activity. Whether it’s blocking certain tickets, and whitelisting user accounts, you want to be able to respond in a matter of minutes at most. Real-time data processing is key to making this possible.

Enforce a series of checks and balances

For every transaction in your system, there should be a series of checks to ensure it is legitimate. These checks should be automated as much as possible because manual effort would slow down the process and add even more loopholes. These checks would flag suspicious behavior whether it comes from users, employees, or partners.

Have an incident management process

When fighting fraud every second counts, when you detect suspicious activity, you need to move quick to investigate it, and take action within seconds or minutes. You need a first-response team that is trained to handle the most difficult situations. You need to establish relationships with partner organizations, and government institutions around the world to act swiftly and crack down on crime at any point of your global airline business. To coordinate all these resources at your disposal you need an incident management process.

Use a fraud detection platform

Finally, and perhaps most importantly, you need a purpose-built fraud detection and prevention platform. By accessing information available across multiple systems, fraud detection software can stop suspicious transactions from as early as the booking request stage, and flag them or even cancel them as appropriate.

A fraud detection system uses big data and machine learning technology to assign fraud scores to users. Using algorithms, it can easily identify which transactions are legitimate and which are fraudulent. Armed with this intelligence, you can weed out fraud from your business effortlessly.

In conclusion, airline fraud has real consequences on everyone involved. The news is replete with incidents of fraud that hits airline companies from every direction - fraudsters, customers, employees, and third-party vendors. Airlines can educate customers about scams, and that will help to an extent, but to truly fight fraud, airlines need to secure the digital infrastructure that powers their business. This involves having a fraud prevention strategy, hiring the right talent, and equipping their teams with state-of-the-art fraud detection and prevention tools. Securing airline systems end-to-end is the only way to drastically cut down fraud in the airline industry.

To learn more about online payment fraud visit our insights page.