Fraud in Online Travel Agencies: What it is and how it affects businesses

An introduction to fraud in Online Travel Agencies and the measurements businesses should take to prevent fraud and protect customers - read more about this here.

What is an OTA?

OTA stands for Online Travel Agency. Examples of some well known OTAs are booking.com and TripAdvisor. These online agencies act as a travel marketplace platform that lets customers view and book deals, hotels, and travel arrangements.

How does fraud affect OTAs?

Fraud in the travel industry is increasing quickly. So much so that a report conducted by Edgar, Dunn & Company anticipates that the total fraud losses to travel intermediaries will grow 19% to $25 billion by 2020.

The report states that "of this figure, OTAs are expected to lose $11 billion, a 24% increase over 2017, with $3.1 billion in direct losses and other $7.9 billion in indirect losses. This is a huge figure, especially in the travel industry where OTA’s margins are relatively slim, requiring many sales to cover the loss to fraud.”

The risk that OTAs face is that they essentially don’t know their customer. When a booking is created, customers can choose to purchase very expensive holidays with the only requirement being to create an account.

For OTAs to remain competitive in the market, they need to get as much traffic going through their platform as possible. To do this requires an easy to navigate website and minimal amount of friction that impacts the customer journey. The sign up process needs to be smooth and easy. This, however, means that the ability to put stop gaps against fraud on the customer is limited. It’s a fertile ground for fraud.

What types of fraud do OTAs risk?

OTAs are at high risk of chargeback fraud both from individuals attempting to purchase experiences for their own use, and those attempting to resell the experiences to third parties. In short, OTAs are at risk from highly skilled and opportunistic fraud and need to vigorously defend against both.

A typical scenario is a user that has set up a fake website and effectively use stolen credit card details to steal holidays on-demand. Others harvest real details on fake sites to use the fresh details to defraud real OTAs. Other scenarios are simply fraudsters harvesting stolen details from the dark web and attempting to buy holidays.

Account Takeovers

Another type of fraud OTAs risk is the takeover of a customer’s account.. This is called Account TakeOver (ATO). Increasingly travel companies, like all e-commerce companies, are keen to have users store payment details against their accounts in order to make purchasing much more instant. The risk of this account being accessed by a bad actor is clear with significant financial and reputational damage.

Risk mitigation and fraud fighting in travel

The online travel industry have been innovators and investors in chargeback defense, anomaly detection and risk-scoring since its inception. The desirability of the goods and their resellability have meant that there has been significant payback for this investment.

How these mitigation processes are implemented varies widely. Many OTAs have built elaborate rulesets based on human insight, intuition and experience. These can work well but require support from a large manual review team, significant industry expertise and usually a window of time from purchase to the holiday/flight/experience being taken.

OTAs are looking to make more of the huge banks of data that they possess to provide more accurate results more quickly.

How can machine learning mitigate fraud for OTAs?

OTAs get a lot of data from their users. They get behavioural data, i.e. data on what the customer does on-site or in-app. They get identity information, i.e. who the user is (or pretends to be), the cards they have, email address, social networks etc. They get network information too, i.e. who the user is connected to via a device, an address, a location, or an email.

All of this data in combination provides all the raw material a machine learning based fraud prediction solution needs to provide accurate assessments of the riskiness of a transaction and stop it before it becomes a chargeback. The same data can also highlight anomalous behaviour and flag an account takeover risk.

Protecting your business and customers

A recent whitepaper by Juniper states that “vendors have responded to the increasing threat of online fraud by developing new fraud detection tools and advanced MFA (multi-factor authentication) techniques and using biometric technology for identity verification.”

An article in The Paypers shares a similar opinion. “The availability of available social media data, phishing and malware attacks has led to a dramatic increase in account fraud.

“Where fraudsters are able to capture complete details, the account is typically taken over; meanwhile, the availability of ‘fragments’ has opened the door to synthetic accounts created by a combination of those fragments.

“This has impacted the airline industry not only in terms of fraudulent tickets, but also in terms of loyalty programme misuse.”

How Ravelin can help

Using a fraud detection platform can stop suspicious transactions from as early as the booking request stage, flag them, or even cancel them as appropriate. Our graph networks map your entire customer database highlighting and closing down bad accounts straight away. Algorithms can easily identify which transactions are legitimate and which are fraudulent. Having a secure digital infrastructure will not only protect customer profiles, but also protect your business from losing out to fraudsters.

When fighting fraud, every second counts. When you detect suspicious activity, you need to move quick to investigate it, and take action within seconds or minutes. You need a first-response team that is trained to handle the most difficult situations. And we do just that.

Learn more about online payment fraud here.