Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
The latest fraud & payments updates
In-depth guides to fraud, payments &
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
Ravelin 3DS & SDKs
Global Payment regulation map
In-depth guides to fraud, payments & security
Read more about our happy custmomers
Online Travel Agency fraud is soaring, with OTAs expected to lose close to $11 billion in fraud, according to Edgar, Dunn & Company.
Share this article:
An introduction to fraud in Online Travel Agencies and the measurements businesses should take to prevent fraud and protect customers - read more about this here.
OTA stands for Online Travel Agency. Examples of some well known OTAs are booking.com and TripAdvisor. These online agencies act as a travel marketplace platform that lets customers view and book deals, hotels, and travel arrangements.
Fraud in the travel industry is increasing quickly. So much so that a report conducted by Edgar, Dunn & Company anticipates that the total fraud losses to travel intermediaries will grow 19% to $25 billion by 2020.
The report states that "of this figure, OTAs are expected to lose $11 billion, a 24% increase over 2017, with $3.1 billion in direct losses and other $7.9 billion in indirect losses. This is a huge figure, especially in the travel industry where OTA’s margins are relatively slim, requiring many sales to cover the loss to fraud.”
The risk that OTAs face is that they essentially don’t know their customer. When a booking is created, customers can choose to purchase very expensive holidays with the only requirement being to create an account.
For OTAs to remain competitive in the market, they need to get as much traffic going through their platform as possible. To do this requires an easy to navigate website and minimal amount of friction that impacts the customer journey. The sign up process needs to be smooth and easy. This, however, means that the ability to put stop gaps against fraud on the customer is limited. It’s a fertile ground for fraud.
OTAs are at high risk of chargeback fraud both from individuals attempting to purchase experiences for their own use, and those attempting to resell the experiences to third parties. In short, OTAs are at risk from highly skilled and opportunistic fraud and need to vigorously defend against both.
A typical scenario is a user that has set up a fake website and effectively use stolen credit card details to steal holidays on-demand. Others harvest real details on fake sites to use the fresh details to defraud real OTAs. Other scenarios are simply fraudsters harvesting stolen details from the dark web and attempting to buy holidays.
Another type of fraud OTAs risk is the takeover of a customer’s account.. This is called Account TakeOver (ATO). Increasingly travel companies, like all e-commerce companies, are keen to have users store payment details against their accounts in order to make purchasing much more instant. The risk of this account being accessed by a bad actor is clear with significant financial and reputational damage.
The online travel industry have been innovators and investors in chargeback defense, anomaly detection and risk-scoring since its inception. The desirability of the goods and their resellability have meant that there has been significant payback for this investment.
How these mitigation processes are implemented varies widely. Many OTAs have built elaborate rulesets based on human insight, intuition and experience. These can work well but require support from a large manual review team, significant industry expertise and usually a window of time from purchase to the holiday/flight/experience being taken.
OTAs are looking to make more of the huge banks of data that they possess to provide more accurate results more quickly.
OTAs get a lot of data from their users. They get behavioural data, i.e. data on what the customer does on-site or in-app. They get identity information, i.e. who the user is (or pretends to be), the cards they have, email address, social networks etc. They get network information too, i.e. who the user is connected to via a device, an address, a location, or an email.
All of this data in combination provides all the raw material a machine learning based fraud prediction solution needs to provide accurate assessments of the riskiness of a transaction and stop it before it becomes a chargeback. The same data can also highlight anomalous behaviour and flag an account takeover risk.
A recent whitepaper by Juniper states that “vendors have responded to the increasing threat of online fraud by developing new fraud detection tools and advanced MFA (multi-factor authentication) techniques and using biometric technology for identity verification.”
An article in The Paypers shares a similar opinion. “The availability of available social media data, phishing and malware attacks has led to a dramatic increase in account fraud.
“Where fraudsters are able to capture complete details, the account is typically taken over; meanwhile, the availability of ‘fragments’ has opened the door to synthetic accounts created by a combination of those fragments.
“This has impacted the airline industry not only in terms of fraudulent tickets, but also in terms of loyalty programme misuse.”
Using a fraud detection platform can stop suspicious transactions from as early as the booking request stage, flag them, or even cancel them as appropriate. Our graph networks map your entire customer database highlighting and closing down bad accounts straight away. Algorithms can easily identify which transactions are legitimate and which are fraudulent. Having a secure digital infrastructure will not only protect customer profiles, but also protect your business from losing out to fraudsters.
When fighting fraud, every second counts. When you detect suspicious activity, you need to move quick to investigate it, and take action within seconds or minutes. You need a first-response team that is trained to handle the most difficult situations. And we do just that.
Learn more about online payment fraud here.
Alara Basul, Head Of Content
Blog / PSD2
How we’ve balanced fraud risk and friction: Deliveroo's journey with rule experimentation to reduce 3DS use by 40%...
Jack Dai, Data Scientist at Deliveroo
Blog / News
E-commerce CFOs need to understand the scale of the fraud risk that their businesses face. Our survey dives deep on where smart CFOs are directing investment to keep their companies secure...
Gerry Carr, CMO
Blog / Account Takeover
Two-factor authentication (2FA) is a widely used security measure designed to prevent account takeover (ATO). But there are very real gaps and limitations in its effectiveness that fraudsters can exploit...
Clayton Black, Product Manager
Subscribe to our newsletter to get the latest fraud & payments updates
sent direct to your inbox.