Security Experts:

Law Enforcement Cracks Down on Airline Fraud

Global law enforcement agencies have been sharing intelligence to crack down on airline ticket fraud, and appear to be taking action roughly every six months to make arrests. In June 2015, 130 individuals "found in possession of airline tickets bought using stolen credit card details" were detained. In November 2015, "133 individuals were detained under suspicion of fraud." Now Europol has announced that "140 people were detained, denied boarding and questioned by police."

There are different types of airline fraud, all usually involving stolen credit card details. In one example, stolen card details are used to purchase airline tickets online. These are canceled in order to obtain a flight credit and confirmation number.

The credits are then sold at a discounted price on Craigslist or Ebay, and the money transferred via something like Western Union into an untraceable account. The victim subsequently seeks to redeem the funds on presentation of the confirmation number - but is told the original purchase was via a stolen credit card.

The recent international actions, always involving Europol, Interpol and Ameripol seeks to detain actual users of fraudulent airline tickets. Cooperation between the international agencies, airport hubs and local police allows suspects to be detained prior to boarding the aircraft.

While the travel industry is grateful for the recovery of funds ("I cannot stress enough the importance of preventing and recovering fraud related losses for our members," said Aleks Popovich, SVP at IATA), it is more than just money to the law enforcement agencies. Rob Wainwright, director of Europol, linked the action to a wider action around the Euro 2016 soccer finals in France. "A festive event such as this also grabs the attention of cybercriminals who will be seeking opportunities to exploit it, targeting innocent consumers by stealing their credit card details and costing the airline industry significant amounts of money."

Interpol Secretary General Jürgen Stock raises the stakes even higher. "This type of fraud not only targets innocent consumers by stealing their payment card details, but also poses significant risks to global security by allowing criminals and terrorists to travel under the radar," he said. "Only through coordinated interventions such as the Airport Action Days can we track down the organized criminal networks behind this large-scale fraud and detaining the criminals involved before they have the chance to commit other crimes."

This might, however, be a little overstated. "For criminals and terrorists to use fraudulently-obtained tickets, they need to have other documentation too," explains ESET senior research fellow David Harley. "In fact, documents such as passports obtained via identity theft might be 'safer' for the criminal than tickets obtained fraudulently, since they may not be monitored as closely as credit card transactions. Where the fraud is detected fairly early on," he continued, "the ticket may assist in picking up criminals - as may have happened here. Where the criminal doesn't use the ticket himself but sells it on to another innocent victim, it's a safer fraud to execute, since the scammer is able to divert the payment via a service such as Western Union which allows untraceable accounts."

What we don't yet know is how many of the 140 detained passengers are victims of fraud and how many are perpetrators of fraud. Some may be 'innocent' purchasers of discounted fraudulent tickets; but others might be seeking to 'fly under the radar' for other reasons. With the ongoing soccer festival and France's recent history of terrorist attacks, it is little wonder that law enforcement agencies are monitoring airline fraud particularly closely at this time. But it will be interesting to see how many of those 140 detains turn into actual arrests.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.