Ai Editorial: Behavioral biometrics, detecting a bot…fraud prevention isn’t same anymore

First Published on 17th January, 2017

Ai Editorial: Travel companies aren’t new to tracking suspicious online behavior, but time has come to refine the ploy to make it more sophisticated as well as category-specific, writes Ai’s Ritesh Gupta  


Certain level of sophistication, irrespective of the fact that whether the fraud prevention method is being used for the retail sector or an airline, is definitely needed. So, for instance, machine learning is able to detect certain patterns that can be termed fraudulent. There could be a couple of red flags in one session, say password change and change of shipping address, that can differentiate authentic shopping flow from an illegitimate one.  The tracking of one’s navigational footprint can give ample indication whether a fraudulent transaction could happen.

Specialists point out that fraudsters need to be “out-smarted”, as tools and technology need to spot something that fraudsters wouldn’t think about!

Here are few areas that airlines can focus on to improve further, by acting on moves/ patterns that can be spotted on their digital assets. These initiatives not only combat fraud independently but also combine to make the whole effort even more fruitful: 

·          Do act on data that useful: Existing fraud solutions are designed to cater to mass markets where most airlines will only need to collect data based on a template that analyses very limited fields. This is not only insufficient, but also limits a merchant’s ability to create an optimal data strategy and reporting for their performance/ ROI. Unfortunately, not much useful data is returned to the merchant by default.

As each airline’s ecommerce website is unique, the data strategy deployed must be different and customised.

It is important to work with airlines and help them utilise all the data that is available on their website. Some custom data fields that may be collected include: flight details, loyalty miles claims (to detect abnormalities), or even a small, seemingly insignificant data field of whether the newsletter subscription box was checked or not.

·          Tracking behavior for authentication:  Behavioral analysis is one area that is becoming increasingly sophisticated. Swipes, taps, cursor movements etc. are being analyzed for navigation flow, time spent etc. to understand the behavior. Specialists are tracking mouse movements and clicks in context and meaning while becoming increasingly more accurate over time. User data is important to understand the user behaviour, for instance the words per minute (WPM) typed, how the cursor moves around the website, existing patterns of the card user, rather than simply focusing on the card blacklist or whitelist.

Visa, in one of its recent blog posts, emphasised that organizations today require a holistic approach—“one that begins by reducing the threat of fraud when the customer first establishes an account and continues all the way through the moment an online transaction is approved”. The company adds that a multi-layered fraud management approach is must. The goal of airlines should be – monitor each visitor, creating a unique device profile that accrues the device’s history over the Internet. This device information is associated with behavioral pattern exhibited by users. Further this is analyzed and compiled over a period of time, and then the real-time rule-based decision-making based on transactional data, in conjunction with device and behavioral data, for acceptance or rejection of a transaction.

It is also being suggested that behavioral biometrics, which spots patterns in human activities, needs to be looked upon for continuous authentication, and looked beyond the two-factor authentication (2FA) method. 2FA is a ploy used to make it tough for hackers to gain access to a user’s devices/ online accounts. So by just having a password one cannot clear the authentication check. Plan is to protect data from hackers who have stolen a password database or used phishing campaigns to gain users’ passwords. Speech pattern, ID card etc. is the second layer here. But it is being recommended that organizations now need to go for stringent processes that persistently evaluate and check the authenticity of users that are intricate to reproduce. The industry is making progress to precisely validate user identities via their inherent and subtle interactions online – behavior that cannot be imitated by a 3rd party.

So with more and more data analysed, it is harder for hackers to hide their tracks fully to pass off as genuine. By identifying user behaviour (between a genuine customer and a fraudster), fraud rates and chargeback rates will fall when fraudsters are effectively blocked by the fraud system.

·          Protecting customers: As we highlighted in an article last week, every piece of customer data and information is under scrutiny. One can put a price tag on stolen account info – Uber, Facebook etc. and air miles. Yahoo, LinkedIn etc. have struggled of late in this arena. When the user account on one airline’s system is breached, hackers will use the exact credentials to take over the same user’s account on the other airlines’ systems as users seldom differentiate their login credentials. Travel e-commerce players should also move fast to be ahead of the curve and protect themselves against account takeovers. Here also there is a need to identify anomalies in real-time, and specialists are assessing behavioral data points to determine if it is the genuine account holder or an imposter.

Hackers/ fraudsters require automation, and rely on botnets to input user credentials. So how to detect a bot? Here Captcha, putting a limit on the volume of traffic that can visit a site during a given timeframe, fingerprinting etc. can help.

The variety and rising speed of fraud phenomena is forcing airlines to move swiftly. Be it for data or new technology, it time’s to look beyond the so-called mass-market or traditional solutions. 


Are you bold enough to survive in the brave new world?  Assess your preparedness at 11th Airline & Travel Payments Summit (ATPS).

Date: 03 May 2017 - 05 May 2017   

Location: Berlin, Germany 

For information, click here


Follow Ai on Twitter: @Ai_Connects_Us