Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

Fraudsters Suck $1.4 Billion from Airlines

According to recent survey findings coming from CyberSource, a Visa company, airlines lost an estimated $1.4 billion due to online payment fraud in 2010.

But with so many security checks that come along with air travel, how is this possible? A typical fraud scenario in the airline industry plays out like this:

According to recent survey findings coming from CyberSource, a Visa company, airlines lost an estimated $1.4 billion due to online payment fraud in 2010.

But with so many security checks that come along with air travel, how is this possible? A typical fraud scenario in the airline industry plays out like this:

1. A fraudster illegally obtains credit card data;

2. The fraudster obtains the name, address, and other appropriate information for a genuine customer interested in buying “discount” tickets;

3. The fraudster buys the ticket in the innocent person’s name, using the stolen credit card number;

4. The fraudster delivers ticket to the customer and receives payment in typically in cash

While airlines have made gains in their war against fraud recently, more work needs to be done. According to the survey, changes made by airlines in the last two years include higher use of fraud detection tools in automated screening (7.3 on average, compared to 5.8 in 2008), along with rejecting more bookings due to suspicion of payment fraud.

Advertisement. Scroll to continue reading.

“The good news is that in terms of fraud loss rates, 2010 results showed a 31 percent improvement over 2008. Clearly, airlines have not only recognized the challenge but have made timely adjustments to it,” Said Dr. Akif Khan, CyberSource’s Director, Products and Services.

Results from the survey showed that airlines with less than three years of online selling experience have higher fraud loss rates, manual review rates, and higher reject rates than more operators. For example, airlines with more than ten years of online selling experience manually review 15 percent of their bookings; those with fewer than three years review 53 percent.

Of the airlines surveyed, only three percent reported the use public record searches to validate bookings. But those that used the tool felt it was one of their most effective anti-fraud measures. (Public record searches are not universally available). Respondents listed device fingerprinting and third-party fraud scoring models as the top tools being considered for future use.

According to the International Air Transport Association, passenger revenue will increase by 7.3 percent in 2011, but nearly 90 percent of airlines surveyed say their manual review staff levels will remain the same, suggesting that automation will be needed in order to make up the difference.

Along with releasing the results of the survey, CyberSource announced updates to the fraud detection algorithms for its Decision Manager system, created specifically for the travel industry. CyberSource says its new travel algorithms take the unique purchasing patterns of the travel industry into account, where multiple bookings from frequent travelers or travel agencies are common. The results of these correlations can then be compared to business rules established by the airline to automatically accept, reject or review the booking. With the tool, valid bookings can be more accurately and automatically separated from fraudulent bookings, reducing manual review time and fraud loss for airlines and other travel companies.

The Airline Online Fraud Survey was commissioned by CyberSource Corporation in partnership with Airline Information. Data was compiled in an online survey delivered by an independent market research firm. The survey was conducted between November 17, 2010 and January 31, 2011 and yielded 142 qualified completed interviews. 72 percent of respondents indicated their airline had total revenues over $500 million.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...


Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...