Security Experts:

Fraudsters Suck $1.4 Billion from Airlines

According to recent survey findings coming from CyberSource, a Visa company, airlines lost an estimated $1.4 billion due to online payment fraud in 2010.

But with so many security checks that come along with air travel, how is this possible? A typical fraud scenario in the airline industry plays out like this:

1. A fraudster illegally obtains credit card data;

2. The fraudster obtains the name, address, and other appropriate information for a genuine customer interested in buying "discount" tickets;

3. The fraudster buys the ticket in the innocent person's name, using the stolen credit card number;

4. The fraudster delivers ticket to the customer and receives payment in typically in cash

While airlines have made gains in their war against fraud recently, more work needs to be done. According to the survey, changes made by airlines in the last two years include higher use of fraud detection tools in automated screening (7.3 on average, compared to 5.8 in 2008), along with rejecting more bookings due to suspicion of payment fraud.

"The good news is that in terms of fraud loss rates, 2010 results showed a 31 percent improvement over 2008. Clearly, airlines have not only recognized the challenge but have made timely adjustments to it," Said Dr. Akif Khan, CyberSource's Director, Products and Services.

Results from the survey showed that airlines with less than three years of online selling experience have higher fraud loss rates, manual review rates, and higher reject rates than more operators. For example, airlines with more than ten years of online selling experience manually review 15 percent of their bookings; those with fewer than three years review 53 percent.

Of the airlines surveyed, only three percent reported the use public record searches to validate bookings. But those that used the tool felt it was one of their most effective anti-fraud measures. (Public record searches are not universally available). Respondents listed device fingerprinting and third-party fraud scoring models as the top tools being considered for future use.

According to the International Air Transport Association, passenger revenue will increase by 7.3 percent in 2011, but nearly 90 percent of airlines surveyed say their manual review staff levels will remain the same, suggesting that automation will be needed in order to make up the difference.

Along with releasing the results of the survey, CyberSource announced updates to the fraud detection algorithms for its Decision Manager system, created specifically for the travel industry. CyberSource says its new travel algorithms take the unique purchasing patterns of the travel industry into account, where multiple bookings from frequent travelers or travel agencies are common. The results of these correlations can then be compared to business rules established by the airline to automatically accept, reject or review the booking. With the tool, valid bookings can be more accurately and automatically separated from fraudulent bookings, reducing manual review time and fraud loss for airlines and other travel companies.

The Airline Online Fraud Survey was commissioned by CyberSource Corporation in partnership with Airline Information. Data was compiled in an online survey delivered by an independent market research firm. The survey was conducted between November 17, 2010 and January 31, 2011 and yielded 142 qualified completed interviews. 72 percent of respondents indicated their airline had total revenues over $500 million.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.