A bounty of stolen payment credentials and complex processing makes online travel booking a crook's delight, but machine learning could be the tonic to combat a wave of fraud.
Online travel agencies are a favorite target for crooks, and attacks on those who book flights and hotels online have increased dramatically with so many stolen credentials available.
Plus, settling chargebacks for these travel agencies works in the fraudster's favor because it is a convoluted process that makes it difficult for agencies to keep track of bad transactions, adding to the futility of constant security breaches.
In becoming the e-commerce fraud prevention vendor for travel agent Priceline, New York-based
The technology company is armed with its own research, Forter's
"Despite this threat, many travel companies still haven't bolstered their defense mechanisms enough to effectively guard against e-commerce fraud, which is why fraudsters continue to target the industry," said Michael Reitblat, CEO and co-founder of Forter.
Fraudsters target digital travel goods like plane tickets and hotel reservations, mainly because no shipping address is required for those transactions.
"It enables them to fly under the radar without detection," Reitblat added. "Plus, both honest and bad actors regularly book travel at the last minute, which makes catching corrupt users difficult before the damage is done if the OTAs don't have the right preventive measures in place."
To solve that problem, Forter will provide Priceline with automated decisions about transactions in a matter of milliseconds.
It will be a change in defense that is long overdue because the mounting number of fake accounts and stolen payment credentials from other breaches become perfect tools in an e-commerce space that lacks proper security.
"In terms of fraud, we're still seeing a lot of stolen card usage as well as account takeovers in this space," said Julie Conroy, research director and fraud expert for Aite Group. "Loyalty point theft and abuse is another big issue, although that's one piece that is less of an issue for the OTAs than it is for the airlines themselves."
Chargebacks are an added challenge because the OTAs are the merchant of record for only a portion of the transactions that originate from their sites, such as hotel reservations and some airfares in Europe, Conroy noted. For U.S. airline reservations, the carrier is the merchant of record.
"The OTAs have the added challenge that chargebacks for plane ticket purchases are an absolute nightmare," Conroy said. "It's not at all surprising to me that the business case works for Priceline [to hire Forter] to pay to offload that mess entirely."
In that setup, if a chargeback comes through, it goes to the airline, not the OTA. But the airline then passes a debit memo to the OTA, requesting credit. There are no operating rules that govern the timeline for debit memos, meaning some OTAs can receive that memo as much as a year after the transaction date.
What makes it more unsettling is that so many U.S. consumers had personal information stolen in breaches last year, much of it occurring at high-profile travel or hospitality companies like
"Another popular type of attack used on travel companies is URL-Jacking, where fraudsters use URLs often linked to confirmation e-mails when travelers complete a booking, and they can extract or change personal information," Forter's Reitblat said.
Fraudsters also commonly set up fake online and mobile sites that look like legitimate travel agencies and will accept bookings from real customers and complete those elsewhere using stolen financial credentials, he added.
Forter deploys its growing database of 180 million U.S. shoppers and 2.1 billion recognized devices to monitor transactions. It represents a security foundation that some airlines e-commerce sites may not have.
"Ignoring how much money they're losing from inaccurate fraud prevention methods would significantly stunt online travel companies' growth," Reitblat said. "Merchants today are seeing an increase in new fraud and abuse methods, and are suffering from the high cost of credit card fraud and falsely declined orders, in excess of $200 billion."
