Travel and tourism now accounts for a staggering 10.2 percent of global
GDP . And, where there is money, criminals will follow. Add to that the specific nature of travel transactions – high value one-off payments, rapid consumption and the sheer number of suppliers across the globe – and the travel sector is a huge target for
Our new research, Fraud in Travel Payments, revealed that the three most common types of fraud in the travel industry are stolen payment details, cyber breaches of online booking platforms and stolen security credentials. These attacks are costing travel
intermediaries a whopping $21 billion each year. And that figure is predicted to increase 20% by 2020, exceeding $25 billion.
However, there are some straightforward ways to decrease the risk of fraud, and to aid recovery if you do fall victim. Here’s seven pieces of best practice advice for travel intermediaries to take control:
Create customer registrations
This is a simple way to track fraud without a large initial outlay. A customer registration process that includes contact details, nationality, date of birth, payment details and other information will allow you to develop positive lists and negative lists
for monitoring and filtering of transactions. Such lists can also form the foundation for fraud control tools and processes and enable collaboration with other organisations.
Encourage employee education and collaboration
Educate employees so they can recognise the warning signs and avoid falling prey to attacks, especially when it comes to more integrated social engineering attacks. These can include phishing attacks, such as bogus emails that look like they are from trusted
sources or legitimate external providers. As well as being all knowing, a company needs to be all seeing. Collaboration across company departments, as well as external collaboration with trade associations or other legitimate players in the value chain, can
create system-wide reduction in fraud risk by having more visibility across different networks.
Apply internal controls
No single employee should have complete control over transactions. Instead, a ‘maker’ should enter the transaction, followed by a ‘checker’ who verifies the data and authorises the transaction. This type of regulation supports red flagging of transactions
without fear of retribution and reprimand from an immediate supervisor.
Use payment methods that offer protection and recovery mechanisms
Virtual cards generally allow controls to be set that significantly decrease the risk of fraud, and they also include mechanisms for recovering from fraud. However, not all virtual cards are the same. eNett Virtual Account Numbers (VANs) allow users to define
booking and payment parameters, minimising the risk of fraud when paying travel suppliers. eNett VANs also offer sophisticated chargeback capabilities, meaning funds may be recovered should fraud occur.
Know your supplier
Travel intermediaries face a balancing act between offering a wide range of travel services and the need for due diligence in relation to travel suppliers. It’s important to consider a level of background checking to satisfy yourself that a travel supplier
legally exists and is who they say. Even a trusted relationship requires due care and attention as rogue employees may enter organisations at any time or fraudsters may infiltrate payment-related systems and platforms.
Include payments in cyber security scope
Investment in good cyber security practices is a given, but intermediaries must make sure to include payment platforms and methods in their scope. This should typically cover requirements for password complexity and change frequency, tracking of login patterns
for unusual activity (e.g. locations or IP addresses), use of multi-factor authentication, and account lockouts after failed attempts or account inactivity.
Establish rules and practices
Limiting the number of declined transactions allowed per payment card, establishing a minimum timeframe from time of booking to use of travel service, identification of higher risk third party purchases and manual reviews of higher risk bookings can all
lower fraud rates. Listings from travel suppliers and subsequent payments to them may also be subjected to additional scrutiny if established rules indicate reason for suspicion.
As we enter a future of more online users and fewer face to face bookings, the problem of fraud in the travel industry will continue to grow. By following these steps your travel business will be as robust as it can against sophisticated and persistent cybercriminals.