Tnooz: Travel advisory update – the latest fraud techniques


The fall season ushers in a time of year filled with new beginnings, holidays and tradition. But it is also a time when fraudsters look to make their move.

NB This is a viewpoint by Don Bush, vice president of marketing at Kount.

So much of the season’s activities are based around travel – from college students returning to school for the new semester to lavish wedding ceremonies, even sports fans following their favorite college and professional teams as football season kicks off and baseball season comes to a close.

But as the busy fall months lead up to an even busier holiday season, travel sites and bookers must take the necessary steps to safeguard against the fraudsters.

Opportunistic attackers often capitalize on these busy periods of increased activity, hoping overloaded businesses and preoccupied consumers will let their guard down. And fraudsters are getting savvier, preying on travel sites with new threats while businesses are still trying to catch up on what they failed to pick up last year.

Here are some new types of fraud we have seen over the past year or so and some advice on how to mitigate the dangers:

-Synthetic IDs:

Synthetic IDs are fraudulent identities developed by criminals who take legitimate pieces of personal information from various individuals and combine them into a new, hybrid identity that only exists in the virtual world.

Fraudsters then use this info to open new, fraudulent bank or credit card accounts, which they then use for booking travel.

In order to combat this, businesses need to make sure their fraud prevention system is monitoring all aspects of an order – names, addresses, email addresses, and credit card information should all match up across the board.

If the same address or credit card numbers are being used across multiple accounts or names, that’s a huge red flag.

-Loyalty fraud

Criminals aren’t just after credit card numbers and personal information – anything of monetary value is fair game, including your customers’ loyalty accounts.

Loyalty fraud tends to work along the same lines as card-not-present (CNP) fraud, with account information accessed through a mixture of phishing scams, identity theft and hacking weak and vulnerable passwords. Once control of an account is taken, fraudsters can hijack your loyal customers’ points, emptying their accounts through any of company’s options for redemption.

Remind your customers that their loyalty accounts should be treated like cash or credit card information and monitored often.

Travel companies must also keep as close an eye on loyalty point transactions as they do traditional transactions, because both have the same signs of fraud including: different addresses, different internet service provider (ISP) addresses, different spending patterns and testing on small items before going for the ‘big ticket’ items.

-Social media banking

Social media banking is a trend where consumers fall victim to brand hijacking, or instances where hackers can blatantly copy and misuse company logos and website content.

Fraudsters impersonate a business’ online presence and deceive unsuspecting visitors into believing they are visiting the real organization’s website, then getting them to divulge personal information, typically through a guise of confirming their account information.

Especially as they’re searching for the best bargains, travelers can also inadvertently find themselves clicking on and sharing personal information with fraudulent sites disguised as an agent.

Make sure to inform your customers that your organization will never send requests for their login or personal information via email or social media, and that they should flag any instances of this immediately.

-Friendly fraud

Friendly fraud occurs when legitimate customers take advantage of your business. This can take many guises: the claim that they didn’t authorize a charge to your site when they actually did, or account or credential sharing, where they let their friends or family access your services without paying for an account of their own.

In addition to keeping a close eye on repeat offenses and customers’ transactional histories, it’s important to clearly outline your business’ terms and conditions when it comes to dealing with this type of fraud.

-To do list

The most essential step you can take to protect your business is to acknowledge any vulnerabilities you have (whether that be chargebacks, friendly fraud, or a blanketed approach to declining transactions) and work with experts to make sure you have a comprehensive system in place that monitors and prevents fraud, without reducing legitimate transactions.

NB1 This is a viewpoint by Don Bush, vice president of marketing at Kount.