- Payment & Fraud Editorials

1^st July, 2019

E-commerce companies, including the ones from the travel sector, are gradually focusing on deploying a multi-disciplinary approach, combining different technologies (including both supervised and unsupervised machine learning) to combat fraud.

Unsupervised models don’t have clearly labelled data, while supervised models do.

As a specialist, Nethone asserts that machine learning today is letting companies deal with fraud. For instance, friendly fraud by helping discover which aspects of customers’ behaviour and transactions designate friendly fraud.

Overall, favourable results come from the ability to experiment with various machine learning-based methods, trying variations on them and testing them with a variety of data sets. It is fascinating to assess how machine learning automates the extraction of known and unknown patterns from data.

Supervised machine learning relies on historical data to predict and prevent further possibilities of fraud based on past fraud. The data set is labelled based on previous observations of fraud, and is described as either fraudulent or genuine. Unsupervised machine learning can be used to learn on the fly and identify fraudulent patterns even without having been trained with historical data, i.e. able to identify unknown fraud attacks. 

Rodrigo Camacho, Chief Commercial Officer, Nethone, referred to the role of unsupervised learning in managing friendly fraud and criminal fraud. “(One) looks at the entirety of the dataset (without a label). Then cluster transactions into different bubbles. These clusters are correlated with a type of fraud, for instance, friendly fraud or criminal fraud,” said Camacho. And from here on companies can work on strategies for e-commerce, work on association with key players such as acquirers and issuers etc. for mitigating the risk.

Specialists recommend that merchants should rely on both supervised and unsupervised machine learning to comprehend both the historical patterns of use, as well as identify anomalies. 

By Ritesh Gupta

Check upcoming Ai Conferences dates

Follow Ai on Twitter: @Ai_Connects_Us

Your credit card or loyalty account was compromised, Facebook might be the reason, says newly formed Loyalty Fraud Prevention Association.

Compromised credit card accounts, and now more than ever compromised loyalty program accounts, are an ever-growing problem for consumers. Fraudsters hack, breach or otherwise steal accounts and then often sell them online. This may be done in plain site via Facebook. The Loyalty Fraud Prevention Association (LFPA) calls on Facebook to police this issue to protect consumers. This problem, among others related to loyalty fraud, will be discussed at the LFPA Conference in Atlanta on May 24^th and 25^th.

Peter Maeder, Secretary of the Loyalty Fraud Prevention Association says: 

“Any quick search for pages in Facebook for stolen credit cards will yield many pages and users selling stolen account data. These fraudsters are now finding loyalty program accounts to be an easier target. Our members, which include some of the largest travel companies in the world, have reported this issue to Facebook, but have had little or no success removing the pages.” 

The result is that loyalty programs and their members are becoming the victims of fraud costing tens of millions of Dollars annually. To address the growing phenomenon, the Loyalty Fraud Prevention Association (LFPA) will be gathering executives from loyalty programs from throughout North America and the world in Atlanta on May 24^th and 25^th of May, 2017. In addition to acting as an industry to stop Facebook and other Social Media sites from spurring fraud, issues to be discussed in this conference will include: Employee-driven loyalty frauds; Bot attacks on loyalty programs; Stopping fraud on the Dark Web; and the latest IT-solutions that combat loyalty fraud.

More information about the conference can be found at www.LoyaltyFraudAssociation.org

About the Loyalty Fraud Prevention Association (LFPA)
The Loyalty Fraud Prevention Association was founded in 2016. Its mission is to support the loyalty industry in its fight to reduce and eliminate fraud. Members consist of airlines, hotels, IT providers, financial services companies and others who operate loyalty programs from around the world.

For more information, visit www.LoyaltyFraudAssociation.org or find us on Linkedin.

First Published on 16^th October, 2018

Ai Editorial: There are key pointers – denial rates, false positives and fraudulent transactions – that underline the performance of any machine learning technique in fraud prevention. As for what is the utility of scores, they are not important; results matter, writes Ai’s Ritesh Gupta  

It is intriguing to understand how machine learning works – working on data, variables etc., and how is precise model worked out and refined to control fraud, be it for related to a payment, data breach or account takeover.

The machine learning system starts with a basic model which is trained and improved with datasets over time. It is important to pre-process the data. To improve the efficiency and accuracy of the system, the data can be pre-processed with data slicing and augmentation and be cleaned sufficiently before it is used to train the model.

Making it work to control fraud

In the case of a fraud solution, the system will be given training sets consisting of a given set of known fraudulent transactions and known non-fraudulent transactions, so that the system will learn to differentiate and filter away fraudulent transactions, says Justin Lie, CashShield’s CEO. 

Considering that various industries have differing levels of risk and exposure to fraud, the data collected from different industries may be customized. For instance, some data sets that may be collected from an airline merchant (and no other industry) would include: flight boarding times, whether the customer chooses to add a meal, whether the customer has an existing loyalty membership or whether seat preferences have been added.

A few algorithms modelled from the training sets will be put to the test with real life data, and thereafter, the algorithm with the least error will be chosen as the best algorithm. The amount of data and how relevant the data was used in deriving the algorithm will affect its accuracy. Over time, the algorithm must be constantly trained with data, especially with new data so that the margin of error can be minimized and inaccurately classified transactions (fraudulent as non-fraudulent and non-fraudulent as fraudulent) will be corrected.

Significance of “score” associated with machine learning 

There are key pointers – denial rates, false positives and fraudulent transactions – that underline the performance of any machine learning technique. As for what is the utility of scores, Lie says scores are not important; results matter.

“Most merchants would aim to increase their transactions and reduce their fraud, and the performance of any machine learning technique should be evaluated based on whether this goal can be achieved. Nevertheless, it is important to note that each merchant would have differing goals with respect to fraud; for some, raising acceptance rates and growing aggressively is most important, while for some others, minimizing fraud rates down to zero is the most important KPI,” says Lie.  

“With minimal risk, it is likely that overly strict filters are put in place and many genuine users have been blocked at the expense of lowering fraud rates. Therefore, the performance of the fraud solution would depend on the goals of the merchant. For example, taking in more risk may increase fraud rates slightly, but also lower false positives and rejection rates.”

Commenting on the significance of scores in terms of performance in controlling fraud and letting legitimate transactions go through, Lie said most fraud solutions on the market would be able to automate a good bulk of the transactions based on the score; extremely low scores will be rejected automatically and extremely good scores will be accepted. However, for the borderline transactions, a team of manual reviewers is required to make sense of the score. Generally, some guidelines will be given to the manual review team to look for further clues based on the data collected, and some working experience will be used, but most of the time the manual review team is relying on their gut feeling, which is affected by a risk-averse outlook to reject potentially genuine transactions to prevent fraud rather than to risk having passed a fraudulent transactions.

Therefore, fraud scores can only help a merchant this much, but ultimately, the fraud score is not the be all and end all in identifying fraud.

Human intelligence counts

Machine learning models would only still provide merchants with only a fraud score; to make sense of the score, fraud solutions or merchants would still need to rely on humans to make a decision.

“The problem here, is that humans are often risk-averse and would reject borderline risky transactions for fear that it could be fraudulent, and end up blocking more genuine customers than expected,” said Lie.

As such, a multi-disciplinary approach combining machine learning and other techniques is important to improve the efficiency and quality of the fraud detection process.

Follow Ai on Twitter: @Ai_Connects_Us

 

First Published on 2^nd March, 2019

Ai Editorial: The final stretch of the PSD2 timeline is few months away. Various stakeholders in the payment ecosystem have to advance their respective payments security systems so that they meet the regulatory technical standards’ requirement, writes Ai’s Ritesh Gupta.

The payment ecosystem continues to evolve, and one of the driving factors behind the same are the regulatory moves focused on streamlining digital payments.

A development that is being closely followed is the PSD2 in Europe. This payment services directive is being associated with a major change in payments and data protection. The PSD2 legislation came into effect last year, with full operational compliance to technical standards required by August this year.

It is a vital step in the direction of complete Open Banking. This legislation has paved way for new payment options for shoppers. It extends the digital single market for payments going in and out of the European Economic Area (EEA).

The PSD2 requires banks to expose payments data and to provide the ability to transact (known as “read” and “write” privileges) to 3rd parties. The PSD2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment service providers, including newly regulated payment service providers. Payment service providers will be obliged to apply so-called strong customer authentication (SCA) when a payer initiates an electronic payment transaction. According to the European Commission, “exemptions include low value payments at the point of sale (to facilitate the use of mobile and contactless payments) and also for remote (online) transactions”. The use of SCA is to become mandatory 18 months after the entry into force of the RTS or regulatory technical standards, which also caters for the security of payments that are carried out in batches.

SCA is focused on ensuring attempted fraud goes down and merchants and issuers in the EEA are validating the consumer for all electronic payments.

Important facets of PSD2 are:

• Stepping up the rights of the consumer and more confidence as they shop online. According to the European Commission, customers will have to give their consent to the access, use and processing of their data. 3rd parties providing payments-related services or TPPs will not be able to access any other data from the payment account beyond those explicitly authorised by the customer. Other areas - better management of complaints, implications on surcharging and currency conversion.
• Improved security through the SCA criteria.
• 3rd party access to account details.

One of the major implications of this directive is that it will cut down on transaction costs. As Anthony Hynes, CEO and MD of eNett International, also pointed out in a company’s blog post, the introduction of this directive means companies have had to “absorb the additional cost from transactions or redirect the cost back to the consumer”. Also, from the travel industry’s perspective, Hynes mentioned that apprehensions were raised considering the fact that players were relying on surcharges, “particularly travel agents with big-ticket items and already slender margins”. As for the bearing on the transactions by travel shoppers, Hynes recommends that travel intermediaries must adhere to two-factor authentication (2FA), and at the same time make it a frictionless experience to encourage repeat purchases from shoppers.

Transition

The industry is currently preparing for the same. Various stakeholders in the payment chain have to advance their respective payments security systems so that they meet the RTS requirements. Talking of open banking, as defined by the RTS, there is a need to facilitate a sandbox setting by 14^th March to onboard 3^rd parties where testing can be done without exposing any sensitive information.

Other areas include customer experience (CX) and fraud management. Worldpay’s VP Global Retail, Maria Prados, recently underlined that the main consequence for retailers would be around the regulatory changes to reduce fraud that will have a direct impact to the CX. Where SCA is required, biometrics is expected to play a big role, considering availability of features such as fingerprint sensors, voice or facial recognition on smartphones. It is important for merchants to embrace a system that makes sure SCA is exempted in low-risk scenarios. Merchants have already starting working on systems that rely on machine learning for astute decision-making. Rather than using a blanket rule that forces every user to login with 2FA, real-time surveillance can be used to assess logins in the background, and only logins with borderline risks expected to go through 2FA. This would greatly improve the user experience on the whole, while ensuring that security for accounts is not taken for granted.

The directive mandates changes in how fraud review must be done on intra-EU transactions, pointed out Riskified. A majority of transactions will be reviewed by SCA. This is likely to be 3D Secure 2.0. One of the strengths of EMV 3DS is sharing refined data about the shopper and the transaction so the issuer can validate transactions without affecting the consumer’s checkout experience. At the same time, it is being recommended that merchants should still develop their own fraud tools that are able to tap on their own sources of data for greater efficiency and more accurate detection of fraud.

Payment specialists also need to assess scenarios where exemption to SCA is permitted.

CardinalCommerce explains that the SCA requirement “is for transactions between cardholders whose payment cards have been issued in the EEA and merchants located in the EEA. To clarify, if a cardholder with a card issued in the U.S. buys from a merchant located in the EEA, SCA is not required (though an authentication solution is recommended). Conversely, if a cardholder’s payment card has been issued in the EEA and they make a purchase from a U.S. merchant, SCA is not required. These transactions are labeled “one-leg-out” and are out of scope for PSD2-SCA.” Another important aspect – the European Banking Authority “recommends exemptions for payment service providers (PSPs) that adopt risk-based requirements in lieu of strong customer authentication, which ensures the safety of the payment service user’s funds and personal data”.

Hear from senior executives about PSD2 at the upcoming ATPS (21st Century Customer Experience for Payments & Fraud - Airline & Travel Payments Summit) to be held in London (Brighton), UK  (7-9 May, 2019).

For more information, click here

Follow Ai on Twitter: @Ai_Connects_Us

8^th April, 2020

 Airlines are struggling on several counts as they try to come to grips with the crisis. One indispensable need is to deal with every passenger’s request and travel technology specialists are helping them to cope up with the same in this shaky phase, writes Ai’s Ritesh Gupta

Travel technology specialists have had to accelerate the dispensing of their offerings/ services as the industry collectively attempts to minimize the impact of disruption as well as cancellation of flights owing to the Covid-19 pandemic.

The airlines have been looking at ways to soothe and pacify various concerns of travelers, be it for a healthy flying experience, their safety, loyalty accounts, cancellations/ change fee etc. over the past month and a half. Network and operations teams are still struggling to repatriate passengers, answer their queries etc.

During this global crisis, which changes day by day, it is imperative for airlines to stay in touch with passengers/ travelers in real-time.

Acknowledging the same, Travelport has worked on a guide for airlines with the objective of helping airlines to capitalize on the prowess of mobile as communication channel. At a time when there is hardly time for development or budget for investment, Travelport focused on how airlines can identify opportunities that would require little or no development. Instead they focus on owned media, free/low cost third-party tools, and functionality built into mobile operating systems.

For instance, referring to the functionality built into the iOS and Android operating systems, it mentioned the same offers travel brands a distinctive avenue to pass on information about COVID-19 to their travelers using Wallet passes. Once added, these passes can be updated in real-time with new information and pushed to the traveler's device instantly. Also, how the use of push notifications can help travelers and at the same time cut down the dependency on agents, call centers etc. by enabling a passenger to use a self-service option on their chosen device. Plus, how to make use of videos or in-app messages at this juncture.

Travelport also has worked on a airline policy tracker, offering an ongoing update of each new policy (related to cancellations, change fees and refunds). Plus, via an online link, the company is posting reports on global travel trends, with analysis of industry data etc.

Amadeus has shared that the team has been serving a huge flow of re-accommodation requests. It processed around 2.5 million re-accommodation transactions per day, up from a typical volume of just 150,000 per day, over the past few weeks. This essentially means revising prior fare rules and enabling travel agents or passengers to change tickets themselves in line with the airline’s new conditions, removing the need for manual airline involvement and lessening the call centre workload.

“Despite the uncertainty for the future, we are seeing re-accommodation trends go down again, as most passengers have been re-allocated, been given the option to cancel their flight or offered vouchers for future travel,” shared Julia Sattel, President, Airlines, Amadeus, via a blog post.

Amadeus is also contributing in following ways:

• Facilitating constant contact for airlines with travelers and travel agencies, including chatbot-driven FAQs and communication channels.

• Working on ad-hoc revenue management intelligence about cancelations and no-shows, automating the same so that carriers can access them, and sharing suggestions on how to best set-up a reporting system in crisis mode.

• Evaluate search traffic, including which origin and destinations are being searched for through specific channels.

• Comprehend probable demand fluctuations for a given city/ destination.

At a time when cash reserves are running down quickly and the entire industry is struggling,  travel technology specialists would indeed play a critical role in serving all the stakeholders in the best possible manner.     

First Published on 10^th August, 2017

Ai Editorial: Cyber-attacks resulting from hacking of public Wi-Fi connections aren’t new. But travel e-commerce companies need to be sharper than ever, writes Ai’s Ritesh Gupta

Connecting to a free Wi-Fi is one move that majority of us can’t do without. As much as the urge to stay connected is understandable, this can also play havoc with our sensitive data. Hackers can steal our credit card numbers, login credentials pertaining to a loyalty program or any account etc. So as much as travel e-commerce companies try to combat every possible loophole that puts traveller’s key details at risk, this threat continues to trouble all the stakeholders.  

The significance of safeguarding a Wi-Fi network was highlighted recently by the WannaCry ransomware cyberattack.

In this context, airlines and other travel companies need to be more vigilant than ever. For instance, an unsafe Wi-Fi connection used by the airline staff can pave way for illegal access to internal networks for cyber criminals. Also, companies can’t ignore the threat of drive-by ransomware downloads and phishing attacks. It also needs to be understood that just because a connection requires a password to log in, it doesn’t mean a user’s online activities are encrypted.

Attacks on public Wi-Fi

There are basically two kinds of public Wi-Fi networks: secured and unsecured, for the latter users can be connected without any type of security feature like a password or login.

In May this year, Norton by Symantec surveyed over 15000 mobile device users who had connected to Wi-Fi. The findings were as follows:

·          60 percent feel their personal information is safe when using public Wi-Fi, yet 53 percent can’t tell the difference between a secure or unsecure public W-Fi network.

·          75 percent of consumers don’t use a Virtual Private Network (VPN) to secure their Wi-Fi connections, even though it’s one of the best ways to protect your information.

·          87 percent of consumers have potentially put their information at risk while using public Wi-Fi

Organizations need to be ready to combat “Man-in-the-middle” vicious strikes. These are carried by cybercriminals or hackers using a rogue hotspot.  

For such malicious move, a fraudster or a hacker works out access to an unsecured, or weak secured Wi-Fi router. Such connections are usually found in public areas with free Wi-Fi hotspots. Once the weak link – say poor configuration or weak password - has been cracked, the hacker then deploys their kit in between the users’ computer and the websites the user visits. Cyber criminals are also finding methods to infuse malware into computers, which then settle into the browser and the user isn’t aware of the same. Post this the data being exchanged between the casualty and specific targeted website is recorded and coded into the malware.  Yes, many companies use secure websites —HTTPS or Hypertext Transfer Protocol Secure —to provide online security. But once an affected user gets connected, HTTPS encryption on web pages can be evaded in some cases, and the website could be displayed in plain text HTTP including all input form text boxes for passwords, credit cards, etc.

Offering a secure Wi-Fi

In case an airline or hotel is offering a public Wi-Fi connectivity then some of the points to consider are:

·          How to keep Wi-Fi networks safe and control the content that can be accessed? It is must to look into areas related to Wi-Fi content filtering and security.

·          How to be in control of Wi-Fi content in multiple locations?

·          What are the potential risks that are associated with unsecured Wi-Fi hotspots?

·          How can the liability be minimized via cyber insurance?

·          Should free Wi-Fi systems be hosted on a stand-alone network? One that is not connected to systems that maintain sensitive data.

·          Are guests/ passengers going to be protected from malware and ransomware infections? There needs to be a provision to counter phishing websites.

Travel e-commerce companies have been relying on Internet Protocol (IP) intelligence to cut down on fraud. Such information is about the location of the user/ device initiating the contact and the reputation/ risk score of the IP address. This includes details related to suspicious Internet locations such as public Wi-Fi hotspots.

Creating awareness among travellers

Airlines need to ensure their loyalty program members’ respective accounts are safe from hackers especially when they are on public Wi-Fi.

As highlighted by Points, a loyalty e-commerce and technology specialist, travellers need to add a mobile hotspot to mobile data plan. This way they can set up a private Internet connection on the go. In order to encrypt any data users send or receive over a public Wi-Fi network, they can use a Virtual Private Network (VPN) from a trusted vendor. VPNs provide a “secure tunnel” that encrypts data being sent and received between your device and the Internet. Use them for your privacy.

Other recommendations include:

·          Try verifying the authenticity of the Wi-Fi network before using it. Never connect to a network identified as computer-to-computer. And if you are using, then don’t access sensitive personal data or important accounts on unsecured public networks. Even secured networks can be risky.

·          Users need to protect their passwords. Whether banking or email passwords, those are very valuable to cyber criminals. Don’t update your passwords on a public Wi-Fi.

·          Ensure your device is not set up to automatically connect to an unknown Wi-Fi network. If yes, this means users can seamlessly connect from one hotspot to the next. Switch them off when in unfamiliar locations. Keep a vigil on your Bluetooth connectivity, too.

·          Refrain from doing transactions over an unsecured Wi-Fi network. Also, turn off file sharing while using Wi-Fi.

·          Only browse websites that start with HTTPS and avoid websites that start with HTTP while on public Wi-Fi.

·          Install a reliable security solution.

For latest on CNP- and loyalty fraud, attend Ai’s 6th Airline & Travel Payments Summit Asia-Pacific, to be held in Bali (29 – 31 August). For more, click here

Follow Ai on Twitter: @Ai_Connects_Us

First Published on 4th September, 2017

Engaging people from China on Tencent’s WeChat or Alibaba demands an unwavering effort in order to make the most of these unique ecosystems. Foreign travel brands need to be proactive, rather than being reactive, since consumers in China purse “hot” trends and the likes of Tencent, Baidu and Alibaba are quite progressive in terms of introducing new initiatives or features.

“Alibaba and Tencent are almost coming across as “two different types of Internets”. (The challenge) is that these ecosystems don’t talk to each other,” says Matthew Brennan, co-founder, China Channel. So what this means for e-commerce players or the advertisers is that they are sort of locked in a data ecosystem, which is not transferable. So this becomes a case of a “walled garden” – you can’t get data out of an ecosystem.

There is no dearth of peculiar developments in case of WeChat, for instance, a fashion blogger selling 100 limited edition MINI Coopers, worth $42000 on WeChat in 5 minutes or the release of new style QR codes for Mini Programs. Even as questions are being raised how the usage of the WeChat app can be scaled up from the current level of 963 million users (at the end of Q2), there is no denying that WeChat remains a popular destination for shoppers in China.

WeChat Key Opinion Leaders or KOLs, WeChat search, Mini Programs, WeChat Pay, Official Accounts…if you are well-versed with Tencent’s WeChat, then you would definitely know these are some of the features of how a brand can get associated with this ecosystem.

“WeChat is neither just social media, nor just WhatsApp nor just payments either. Rather think of it as an operating system, akin to Android or iOS,” says Brennan. 

By Ritesh Gupta

Follow Ai on Twitter: @Ai_Connects_Us

16^th March, 2020

Ai Editorial: Cybercriminals are trying to capitalize on the outbreak of Coronavirus Disease 2019 (COVID-19) by sending a high volume of this disease-related phishing emails, writes Ai’s Ritesh Gupta

Are you about to open a Corona virus-related malicious file? Or have you already inadvertently opened one?

We all need to be aware of phishing emails that are being sent by scammers, fraudsters and hackers. These emails feature files in various formats that are being disguised as documents relating to the newly discovered Coronavirus. Fraudsters are counting on public fear as they design malicious email campaigns, hoping the same would lure users into clicking on a link or open an attachment. So avoid clicking on links in unsolicited emails.

Typically emails, featuring information about COVID-19, are being sent from seemingly legitimate organizations. For instance, a malicious email falsely claiming to be from the U.S. Centers for Disease Control and Prevention is in news. Such emails generally ask the user to open an attachment to see the latest statistics or are even offering online offers for vaccinations. Or scammers are coming up with recommendations or  medical advice to protect one against the coronavirus. If a user clicks on the attachment or embedded link, they end up downloading malicious software onto a device. The malicious software paves way for illegitimate access to, or damage, computers, and possibly lead to identity theft as well.

Cybercriminals have also targeted employees’ workplace email accounts. Plus, according to Norton, scammers have posted ads that claim to offer treatment or cures for the coronavirus. The ads often try to create a sense of urgency — for instance, “Buy now, limited supply.”

Verify before taking action   

We have to be suspicious of an email that creates a sense of urgency or an action on an immediate basis. Take your time, check who has sent the email – look at the email id, for instance. Do not open attachments without first making sure the request is authentic.

It is becoming increasingly difficult to identify malicious emails. Acknowledging the threat, The World Health Organization (WHO) has admitted that fraudsters are posing as representatives of the organization to steal money or sensitive information.  WHO has asserted that if one is being contacted by a person or organization that appears to be from WHO, then one must confirm their genuineness before responding. There are appeals for funding or donations that aren’t related to WHO.

WHO will:

• never ask for your username or password to access safety information
• never email attachments you didn’t ask for
• never ask you to visit a link outside of www.who.int 
• never charge money to apply for a job, register for a conference, or reserve a hotel
• never conduct lotteries or offer prizes, grants, certificates or funding through email.

How to prevent phishing  - a user would need to take extra steps, but these aren’t really tough things to do. They might take more time than usual to access information but then it is worth it if one can avoid being a victim to such phishing email scams:

• Check senders’ details by verifying their email address (for instance, tally the official id of the organization and see if matches with the information in the email id)
• Check the link before you click. Verify file extensions of downloaded files. Documents and video files don’t use the .EXE file format.
• Be extra vigilant before sharing personal details (for instance, what’s the need to share username and password, why it is being asked for)
• Do not click or act in a situation of urgency
• Don’t be frightened (change credentials for a login in case you have participated/ given consent for something suspicious)
• Ignore online offers for vaccinations

First Published on 6^th June, 2017

Ai Editorial: Completing a transaction via wearable devices or relying on biometric authentication for shopping is exciting. But airlines need to dig deeper to assess potential issues, writes Ai’s Ritesh Gupta

New technology, emerging ways to transact, biometric data for authentication…all of this is exciting indeed.

Say you are the airport, your wearable device guides you to your gate, a transaction can be done via an app or a platform featuring chatbots, in a way you are about to embrace 100% self-service passenger journey. This simplifies travel, a traveller is in more control than ever.

But it isn’t a straightforward process for airlines, as new technology or even payment methods need to be incorporated into their existing infrastructure.

Here is what airlines need to consider to avoid potential issues related to poor customer experience and chargebacks:

One mistake and a chargeback is a possibility: The adoption of wearable devices or the use of biometric technology like fingerprint scanning and facial recognition can’t be ignored. Speed and convenience are definitely major plus points. These develpoments have already showed signs of becoming a norm. Companies like Mastercard are counting on biometrics like fingerprints or facial recognition to verify a cardholder’s identity, simplifying online shopping. The digital check identifies users using unique individual characteristics, like fingerprint or face. Of course, when there is no need to remember a password, the chances of a conversion go up as there is speeding up of the digital checkout experience. According to Juniper Research, the number of OEM-Pay contactless users, including Apple Pay, Samsung Pay, and Android Pay, will exceed 100 million for the first time during the first six months of this year, before crossing 150 million by the end of 2017.

So keeping pace with such developments is a must for any travel e-commerce brand. But it shouldn’t be forgotten that the chargeback process is old-fashioned. It is vital to assess how to keep pace with disruption in payments. If there is claim for a chargeback and airlines attempt to dispute the same, then what will issuers accept as convincing proof needs to be ascertained.

According to Monica Eaton-Cardone, co-founder and COO of Chargebacks911, and the CIO of its parent company, Global Risk Technologies, referring to wearable payments, networks will not have considered the different types of data that will be associated with these technologies and, therefore, will not recognize valuable information as valid forms of evidence.

In a way, card network regulations are stuck in the past, and haven’t made any significant progress.

“It will be years until the data associated with these wearable devices will be recognized by the card networks, leaving merchants liable for billions in losses from undisputable, illegitimate chargebacks,” Monica mentioned. Even in case of biometrics, she underlines that it can be identified that a cardholder “almost definitely authorized a transaction, but if the card network won’t accept biometric data as proof, that information is of no use. She points out that biometric approval is part of a coherent antifraud plan, not a answer on its own.

Even Visa last year acknowledged that one of the challenges for biometrics is scenarios in which it is the only form of authentication.

“Biometrics could result in a false positive or false negative because, unlike a PIN which is entered either correctly or incorrectly, biometrics are not a binary measurement but are based on the probability of a match. Biometrics work best when linked to other factors, such as the device, geolocation technologies or with an additional authentication method,” stated Visa.

Monica is certain that in the absence of a flexible infrastructure that can facilitate options such as wearable payments, the problem of chargebacks will only swell.

Also, payments via chatbots (say on Facebook Messenger) can be integrated in a simple way. Brands need to make the most of such interactions, considering the popularity of messaging apps.

But the team at Chargebacks911 also cautions against poor execution of chatbots, in case they aren’t proficiently managed then there can be user frustration and more chargebacks.

Being aware of new avenues for fraud: A major hurdle with emerging technologies lies in evaluating how they will be implemented and what the response will be.

Visa does recommend that new forms of authentication must reach a balance between speed and security.

Specialists recommend that making judicial use of “friction” during the booking flow or checkout isn’t a bad option.

So friction can result in careful consideration of the booking process. In case a shopper doesn’t take that fraction of second to be in control of the situation, it can result in a buy they weren’t completely sure of or they may even complete a transaction without thinking through it properly.  

Do remember that unauthorized transactions by family members are one of the primary causes of chargebacks.

As for being realistic with 3DS 2.0, Chargebacks911cautions that this new development is an effective tool for targeting criminal fraud, but it has little impact on friendly fraud, which is ultimately responsible for most chargebacks.

Being prepared

Airlines, as merchants, can't do away with the need to go for multiple layers of technology such as tokenization, biometrics etc. to protect each and every transaction.

Yes, as much as digital payments strategy is going to revolve around choice, there is also a need to ensure the same meets not only a shopper’s preferences, but also ends up meeting issuer and merchant’s needs, too.

Discuss and learn about emerging developments at the upcoming 6th Airline & Travel Payments Summit Asia-Pacific, to be held in Bali this year (29 – 31 August, 2017).

Follow Ai on Twitter: @Ai_Connects_Us

12^th August, 2019

Ai Editorial: In an era where anything around personal information handling practices is being given a priority, the future plans for Libra are being probed, writes Ai’s Ritesh Gupta

It was in the second quarter of this year when Mark Zuckerberg reportedly mentioned: transferring money online needs to be as simple as sending photos.

Ever since the related news i. e. the launch of Libra has emerged, it has created uproar for sure.

Politicians, regulators, data privacy specialists…the list is a long one, but they all have shared concerns or asked for a deeper probe into the plans behind Libra. For the record, Libra isn’t Facebook's cryptocurrency. It is an initiative of The Libra Association. It is an independent, not-for-profit membership organization, headquartered in Geneva, Switzerland.

For its part, Facebook, a founding member of the Libra Association, also announced the creation of its subsidiary, Calibra, which would participate in the Libra Blockchain.

The association has underlined that its goal is to pave way for a “simple global currency and financial infrastructure that empowers billions of people”.

Libra is made up of three parts that will work together to create a more inclusive financial system:

• It is built on a secure, scalable, and reliable blockchain;
• It is backed by a reserve of assets designed to give it intrinsic value;
• It is governed by the independent Libra Association tasked with evolving the ecosystem.

Room for a new, secure and trusted framework

Highlighting the issues faced by consumers, Libra Association says people with less money pay more for financial services. Hard-earned income is eroded by fees, from remittances and wire costs to overdraft and ATM charges, it adds. The association states that blockchains and cryptocurrencies “have a number of unique properties that can potentially address some of the problems of accessibility and trustworthiness. These include distributed governance, which ensures that no single entity controls the network; open access, which allows anybody with an Internet connection to participate; and security through cryptography, which protects the integrity of funds".

Acknowledging that the current blockchain systems have yet to reach mainstream adoption, it explains that mass-market usage of existing blockchains and cryptocurrencies has been hindered by their volatility and lack of scalability, which have, so far, made them poor stores of value and mediums of exchange. “Some projects have also aimed to disrupt the existing system and bypass regulation as opposed to innovating on compliance and regulatory fronts to improve the effectiveness of anti-money laundering. We believe that collaborating and innovating with the financial sector, including regulators and experts across a variety of industries, is the only way to ensure that a sustainable, secure and trusted framework underpins this new system. And this approach can deliver a giant leap forward toward a lower-cost, more accessible, more connected global financial system,” it adds.

Facebook is just one partner in this global payments system.

Some of the members that are behind the initial stages include: Mastercard, PayPal, Stripe, Visa, Booking Holdings, eBay, Facebook/ Calibra, Vodafone Group, Anchorage, Bison Trails, Coinbase etc. In addition to these, there are firms (venture capital firms, and non-profit and multilateral organizations, and academic institutions).

Concerns

Media reports and news clips featuring established media organizations have indicated that the going hasn’t been easy for Libra over the past two months. Questions that have emerged are:

• What is Libra? Is it a bitcoin? Questions around its management and stability have been raised.  
• Is it a threat to national economies?
• How the personal information of network users is going to be secured?
• Where data is shared amongst Libra Network members?
• How privacy by design principles in the development of the Libra infrastructure is going to be worked out?

Some of the issues were jointly raised by the representatives of the global community of data protection and privacy enforcement authorities, collectively responsible for promoting the privacy of earlier this month. The list included Information Commissioner United Kingdom, Commissioner of the Federal Trade Commission USA, Privacy Commissioner Canada among the others.

A report by bbc.com has indicated that Facebook “would need to apply for a licence in any country where it wants to offer Libra as a payment tool”. It would be on the company to ensure that there is a provision to “stop money laundering, and the financing of terrorism…”

Hear from senior executives about the blockchain technology at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).