Fraud in online travel: What it is and how it affects businesses

Here's our introduction to fraud in Online Travel and the measures businesses should take to prevent fraud and protect customers.

What is an OTA?

OTA stands for Online Travel Agency. Examples of some well known OTAs are booking.com and TripAdvisor. These online agencies act as a travel marketplace platform that lets customers view and book deals, hotels, and travel arrangements.

There are different business models for online travel companies out there – and this is further justification of Ravelin's approach that each company's fraud is unique, and calls for a customized fraud solution.

How does fraud affect online travel companies?

Fraud in the online travel industry has increased rapidly over the past decade. Today, the average loss to fraud in the travel sector for enterprises is estimated at a whopping $11 per the latest Ravelin fraud and payments survey 2025.

And, interestingly, the worst consequences of fraud for travel merchants are low customer satisfaction, compliance costs, and company data theft – even more so than revenue loss.

The risk that OTAs face is that they often don’t know their customer. When a booking is created, customers can choose to purchase very expensive vacations with the only requirement being to create an account.

For travel merchants to remain competitive in the online market, they need to get as much traffic going through their platform as possible. To do this requires an easy to navigate website and minimal amount of friction that impacts the customer journey. The signup process needs to be smooth and easy. This, however, means that the ability to put stop gaps against fraud on the customer is limited. It’s a fertile ground for fraud.

What types of fraud do travel merchants risk?

Times have changed. From a fraudscape that was mainly focused on mitigating against payment fraud, travel companies today have to plan for various types of schemes and attack vectors. This includes payment fraud,

Payment fraud (CNP fraud)

OTAs are at high risk of payment fraud, including fraudulent chargebacks, both from individuals attempting to purchase experiences for their own use, and those attempting to resell the experiences to third parties. There is risk both from highly skilled and from opportunistic, consumer fraud. And you need to vigorously defend against both.

When a fraudster uses a stolen card to pay for something on your website, the transaction is likely to be disputed by the legitimate cardholder. However – annoyingly – cardholders may also file fraudulent chargeback claims with their bank, in which they misrepresent facts to get their money back. When these disputes lead to chargebacks, merchants end up losing more than twice the cost of that service or product. Even when they don't, merchants have to spend time disputing the claim.

Account Takeovers (ATO)

Another type of fraud OTAs risk is the takeover of a customer’s account – account takeover (ATO).

Increasingly, travel companies, like all ecommerce companies, are keen to have users store payment details against their accounts in order to make purchasing much more instant. The risk of this account being accessed by a bad actor is clear with significant financial and reputational damage.

More and more consumers now store their card credentials and PII within their travel company accounts – including passports and other identification documents – so the stakes for travel companies are higher than ever.

Policy abuse of T&Cs – including promo abuse and refund abuse

In the above-mentioned survey, we found that 29% of online travel companies rank promo abuse among the two most expensive types of fraud for them. Competition in the sector is intense, and promotions are often used to attract new users and retain existing ones. Any marketing push can invite fraud – as it attracts attention from fraud rings.

Moreover, policy abuse can also include refund abuse. This happens when a traveler requests a refund for services that they claim were not up to par or not as described. The better refund abuse solutions on the market will focus on a customer's entire history and give you a clearer understanding of their intentions.

Supplier fraud

For those OTAs that operate like marketplaces – intermediaries offering convenient platforms that aggregate accommodation, travel and entertainment options for travelers – there is a high risk of supplier or partner fraud.

A typical scenario involves criminals that have set up a fake website and effectively provides fake services to steal payouts on-demand. A supplier/marketplace fraud solution will help provide insights into the level of trust a supplier deserves, while consortium data and link analysis will discover those criminals who set up fraud rings of travel operators.

Risk mitigation and fraud fighting in travel

The online travel industry have been innovators and investors in chargeback defense, anomaly detection and risk-scoring since its inception. The desirability of the goods and their resellability have meant that there has been significant payback for this investment.

How these mitigation processes are implemented varies widely. Many OTAs have built elaborate rulesets based on human insight, intuition and experience. These can work well but require support from a large manual review team, significant industry expertise and usually a window of time from purchase to the package/flight/experience being taken.

OTAs are looking to make more of the huge banks of data that they possess to provide more accurate results more quickly.

How can machine learning mitigate fraud for OTAs?

Travel agencies get a lot of data from their users.

• They get behavioral data, i.e. data on what the customer does on-site or in-app.
• They get identity information, i.e. who the user is (or pretends to be), the cards they have, email address, social networks etc.
• They get network information too, i.e. who the user is connected to via a device, an address, a location, or an email.

Enter artificial intelligence for fraud prevention. All of this data and more in combination provides all the raw material a machine learning (ML) based fraud prediction solution needs to provide accurate assessments of the riskiness of a transaction and stop it before it becomes a chargeback. The same data can also highlight anomalous behavior, flag an account takeover risk, warn against potential promo abuse, and more.

Protecting your business and customers

An AI-native, data-focused fraud detection platform can stop suspicious transactions from as early as the booking request stage, flag them, or even cancel them as appropriate.

Ravelin's Connect graph network link analysis maps your entire customer database, flagging and closing down bad accounts straight away. Algorithms can easily identify which transactions are legitimate and which are fraudulent. Having a secure digital infrastructure will not only protect customer profiles, but also protect your business from losing out to fraudsters.

When fighting fraud, every second counts. When you detect suspicious activity, you need to move quick to investigate it, and take action within seconds or minutes. You need a first-response team that is trained to handle the most difficult situations. And we do just that.