Ai Editorial: Strengthening security for remoteness and WFH

11th April, 2020

Global health crisis and quarantine has impacted our lives in a striking manner.

A couple of aspects that need to be assessed from security and fraud prevention perspective following the change in our work routine owing to the COVID-19 pandemic:  

  • Professionally people have had to get accustomed to video conferencing, #WFH etc.
  • Spurt in online shoppers, more mobile app use, fluctuating cart values and velocity etc.

Working from home could increase #cybersecurity risks.

One area of concern has been #ZoomBombing. Zoom has been graceful enough to acknowledge that it did fell short when it came to privacy and security expectations. Users need to follow the guidelines and recommendations on securing Zoom. For instance, Zoom has introduced a new icon. It simplifies how hosts can quickly find and enable many of Zoom’s in-meeting security features. Additionally, the Zoom Meeting ID will no longer be displayed on the title toolbar.

In fact, the main lesson would be keep all software updated and focus on unusual passwords, use two-factor authentication everywhere etc.

 Another issue has been e-commerce fraud.

As highlighted by ACI Worldwide this week, merchants are starting to experience dramatic increases in COVID-19-related phishing activities, with stolen credentials released into the eCommerce payments chain, as well as increased friendly fraud activities. The company also shared that average fraudulent attempted purchase value increased by $36 in March, driven by electronic and retail goods; this corresponds to a fraudulent attempted transactional value increase by 13 percent.

Here are few areas to look at from security perspective:

  • Rely on an organization’s tech toolbox- official devices with firewall and antivirus protection, along with security features like VPN and two-factor authentication. Engage frequently with web and mobile site security management.
  • Rely on VPN for encrypting data
  • Coronavirus-themed emails seeking personal information are likely to be phishing scams. If an email includes spelling, punctuation and grammar errors, it’s likely a sign of a phishing email. Delete the email.

Useful links:

Do’s and don’ts of videoconferencing security

Tips for merchants to maintain security


Ritesh Gupta

Ai Correspondent

Ai Editorial: Travel tech specialists sharpen delivery to cope up with Covid19 crisis

8th April, 2020

 Airlines are struggling on several counts as they try to come to grips with the crisis. One indispensable need is to deal with every passenger’s request and travel technology specialists are helping them to cope up with the same in this shaky phase, writes Ai’s Ritesh Gupta


Travel technology specialists have had to accelerate the dispensing of their offerings/ services as the industry collectively attempts to minimize the impact of disruption as well as cancellation of flights owing to the Covid-19 pandemic.

The airlines have been looking at ways to soothe and pacify various concerns of travelers, be it for a healthy flying experience, their safety, loyalty accounts, cancellations/ change fee etc. over the past month and a half. Network and operations teams are still struggling to repatriate passengers, answer their queries etc.

During this global crisis, which changes day by day, it is imperative for airlines to stay in touch with passengers/ travelers in real-time.

Acknowledging the same, Travelport has worked on a guide for airlines with the objective of helping airlines to capitalize on the prowess of mobile as communication channel. At a time when there is hardly time for development or budget for investment, Travelport focused on how airlines can identify opportunities that would require little or no development. Instead they focus on owned media, free/low cost third-party tools, and functionality built into mobile operating systems.

For instance, referring to the functionality built into the iOS and Android operating systems, it mentioned the same offers travel brands a distinctive avenue to pass on information about COVID-19 to their travelers using Wallet passes. Once added, these passes can be updated in real-time with new information and pushed to the traveler's device instantly. Also, how the use of push notifications can help travelers and at the same time cut down the dependency on agents, call centers etc. by enabling a passenger to use a self-service option on their chosen device. Plus, how to make use of videos or in-app messages at this juncture.

Travelport also has worked on a airline policy tracker, offering an ongoing update of each new policy (related to cancellations, change fees and refunds). Plus, via an online link, the company is posting reports on global travel trends, with analysis of industry data etc.

Amadeus has shared that the team has been serving a huge flow of re-accommodation requests. It processed around 2.5 million re-accommodation transactions per day, up from a typical volume of just 150,000 per day, over the past few weeks. This essentially means revising prior fare rules and enabling travel agents or passengers to change tickets themselves in line with the airline’s new conditions, removing the need for manual airline involvement and lessening the call centre workload.

“Despite the uncertainty for the future, we are seeing re-accommodation trends go down again, as most passengers have been re-allocated, been given the option to cancel their flight or offered vouchers for future travel,” shared Julia Sattel, President, Airlines, Amadeus, via a blog post.

Amadeus is also contributing in following ways:

  • Facilitating constant contact for airlines with travelers and travel agencies, including chatbot-driven FAQs and communication channels.
  • Working on ad-hoc revenue management intelligence about cancelations and no-shows, automating the same so that carriers can access them, and sharing suggestions on how to best set-up a reporting system in crisis mode.
  • Evaluate search traffic, including which origin and destinations are being searched for through specific channels.
  • Comprehend probable demand fluctuations for a given city/ destination.

At a time when cash reserves are running down quickly and the entire industry is struggling,  travel technology specialists would indeed play a critical role in serving all the stakeholders in the best possible manner.     




Ai Editorial: Travel industry’s acts of kindness stand out during Coronavirus crisis

30th March, 2020

Be it for a hotel chain offering rooms to the homeless people in France or airlines asking staff with medical vocational training to consider helping doctors and other medics are things the entire travel industry can be proud of as the fight against the COVID19 goes on, writes Ai’s Ritesh Gupta


Helping the needy, taking care of the sufferer, offering support to the elderly …any act of kindness amidst all the gloom is what warms our heart to no end.

We all are witnessing, and some of us are even going through, extremely painful moments. And when one ends up being a savior for someone, it’s gladdening and emerges as one moment of happiness that we all can share.

The way the travel industry has contributed during the COVID19 pandemic exemplifies its character.

Airlines are carrying medical supplies globally via cargo flights and operating repatriation flights to get people home.

Ed Bastian, CEO at Delta Air Lines, has not only empathized as a corporate leader, but also a father and family member, as he dwelled on the significance of occasions like graduations and weddings and how his team is trying to make it easier to change or cancel flights with no fee via My Trips on

Delta is extending free flights to medical volunteers to certain U.S. regions impacted by the deadly coronavirus to support medical professionals on the front lines.

Acknowledging the role of air cargo in times of crisis, for instance, in delivering lifesaving medical supplies, many airlines including American Airlines, Lufthansa etc. are utilizing its currently grounded passenger aircraft to move cargo in and out of the country, too. These airlines are making every effort to ensure that the flow of cargo does not stop.

Service in medical facilities

The airline staff is also being counted to meet the shortage of medical personnel. Many airline staff are first aid trained or hold other clinical qualifications.

Lufthansa has shared that employees with medical vocational training can now volunteer for service in medical facilities.

In the U. K., the National Health Service (NHS) has enlisted easyJet and Virgin Atlantic to work alongside NHS clinicians at new Nightingale hospitals as part of the fight against coronavirus.

According to an official release:  The airlines are asking staff who have not been working since the COVID-19 pandemic grounded some planes to consider helping the thousands of doctors, nurses and other medics at the new hospitals being built across the country. easyJet has already written to all 9,000 of its UK based staff, which includes 4,000 cabin crew who are trained in CPR, while Virgin Atlantic will write to approximately 4,000 of their employees this week, prioritizing those with the required skills and training. New hospitals are being built in London, Birmingham and Manchester.

Hotel rooms for homeless people

Accor has acknowledged the fact there is a health crisis in France. Accordingly, the group has chosen to help the healthcare community and deprived people with accommodation solutions in the group’s hotels. Accor has set up a telephone helpdesk to respond quickly to needs and emergency situations. The group is offering a total capacity of 1,000 to 2,000 beds to accommodate homeless people throughout the country. The service is also open to all medical staff involved in the fight against COVID19. So when Sébastien Bazin, Chairman and CEO of Accor Group, says, “Welcoming, protecting and taking care of others is at the very heart of what we do”, he exemplifies how an organization can use its core resources and play its part in coming out of such a perilous situation.

When Bastian says, “Our commitment to you remains…”, these are not only reassuring words for stakeholders but also makes one proud of being a part of this wonderful industry.

Stay safe, stay healthy! 

Ai Editorial: Scammers step up game with Coronavirus phishing emails

16th March, 2020

Ai Editorial: Cybercriminals are trying to capitalize on the outbreak of Coronavirus Disease 2019 (COVID-19) by sending a high volume of this disease-related phishing emails, writes Ai’s Ritesh Gupta


Are you about to open a Corona virus-related malicious file? Or have you already inadvertently opened one?

We all need to be aware of phishing emails that are being sent by scammers, fraudsters and hackers. These emails feature files in various formats that are being disguised as documents relating to the newly discovered Coronavirus. Fraudsters are counting on public fear as they design malicious email campaigns, hoping the same would lure users into clicking on a link or open an attachment. So avoid clicking on links in unsolicited emails.

Typically emails, featuring information about COVID-19, are being sent from seemingly legitimate organizations. For instance, a malicious email falsely claiming to be from the U.S. Centers for Disease Control and Prevention is in news. Such emails generally ask the user to open an attachment to see the latest statistics or are even offering online offers for vaccinations. Or scammers are coming up with recommendations or  medical advice to protect one against the coronavirus. If a user clicks on the attachment or embedded link, they end up downloading malicious software onto a device. The malicious software paves way for illegitimate access to, or damage, computers, and possibly lead to identity theft as well.

Cybercriminals have also targeted employees’ workplace email accounts. Plus, according to Norton, scammers have posted ads that claim to offer treatment or cures for the coronavirus. The ads often try to create a sense of urgency — for instance, “Buy now, limited supply.”

Verify before taking action   

We have to be suspicious of an email that creates a sense of urgency or an action on an immediate basis. Take your time, check who has sent the email – look at the email id, for instance. Do not open attachments without first making sure the request is authentic.

It is becoming increasingly difficult to identify malicious emails. Acknowledging the threat, The World Health Organization (WHO) has admitted that fraudsters are posing as representatives of the organization to steal money or sensitive information.  WHO has asserted that if one is being contacted by a person or organization that appears to be from WHO, then one must confirm their genuineness before responding. There are appeals for funding or donations that aren’t related to WHO.

WHO will:

  • never ask for your username or password to access safety information
  • never email attachments you didn’t ask for
  • never ask you to visit a link outside of 
  • never charge money to apply for a job, register for a conference, or reserve a hotel
  • never conduct lotteries or offer prizes, grants, certificates or funding through email.

How to prevent phishing  - a user would need to take extra steps, but these aren’t really tough things to do. They might take more time than usual to access information but then it is worth it if one can avoid being a victim to such phishing email scams:

  • Check senders’ details by verifying their email address (for instance, tally the official id of the organization and see if matches with the information in the email id)
  • Check the link before you click. Verify file extensions of downloaded files. Documents and video files don’t use the .EXE file format.
  • Be extra vigilant before sharing personal details (for instance, what’s the need to share username and password, why it is being asked for)
  • Do not click or act in a situation of urgency
  • Don’t be frightened (change credentials for a login in case you have participated/ given consent for something suspicious)
  • Ignore online offers for vaccinations

Ai Editorial: Dealing with fear associated with fraudulent transactions

11th March, 2020

Ai Editorial: There is much bigger loss in revenue when a merchant declines transactions without taking an initiative to dig deeper. One needs to learn how to manage risk and how the use of machine learning can contribute in the same, writes Ai’s Ritesh Gupta


The way travel merchants differentiate between a fraudulent and legitimate transaction is evolving, and one aspect that has stood out relates to managing the risk.

Rather than avoiding risk altogether, the approach is to pave way for more revenue based on a bigger risk appetite. A key learning: there is much bigger loss in revenue when a merchant simply declines transactions, rather than risking clearing a fraudulent one and learning from what all is being done. The time has come when the focus must be on managing false positives better.

Monica Eaton-Cardone, COO of Chargebacks911, asserts that the fear of fraud is a huge issue, and for merchants, it comes with a burden of  $118 billion every year.

“ That’s roughly 20% of total US e-commerce spending in 2019. But here’s the real shock: while $118 billion is an almost unbelievable figure, reports show merchants spend 10 times that much trying to prevent chargeback fraud,” Monica, wrote in a blog post recently.

Doing away with “rules”

Staying away from risk at any cost is reflected in rule-based fraud prevention systems. For instance, rules based on geo-location that could oppose all transactions from one area/ market. Traditional fraud prevention methodology impacted sales in an adverse manner. Fraud prevention specialists chose to avoid taking the risk of accepting a borderline transaction (which could be genuine), resulting in much greater false positives. At the same time, rules deployed (location based, amount based, time based, etc) limit genuine users from making transactions. But today merchants are finding ways to overlook rules when positive behaviour is identified.  

On the basis of calculated risks, the system passes the optimized number of transactions while ensuring that chargeback rates are still under control. As a result, borderline genuine transactions can be passed and unnecessary rules and bans are lifted, improving sales greatly. So merchants are drifting away from hard rules and relying on behavioural analysis – evaluating a combination of variables and patterns – a judicious way to obstruct fraudsters/ hackers and yet cut down on false positives at the same time. A more methodical tactic is to craft a risk engine. It blends rules and policies that are optimized through the use of machine learning. Along with this, other methods such as data signals for transactions, real-time behavioral analytics and device fingerprinting, too, are coming into play.

Working out a multi-disciplinary line of attack against fraudsters, featuring technologies - both supervised and unsupervised machine learning -  would better prepare merchants for fraud management. Unsupervised machine learning is useful to learn on the fly and spot deceptive patterns even without having been trained with past data, i.e. able to unearth anonymous fraud attacks. Thereafter, predictive analytics may still be used to run the probabilities of fraud, giving a risk score.

Machine learning systems are lending a new dimension to fraud prevention, one that over the years has largely revolved around the use of rule-based systems. This way the industry is gearing up to reduce reliance on hard rules and to filter out fraud while passing more genuine users. However, machine learning systems only provide probability scores - or fraud scores - and would still require a team of manual reviewers to make sense of the score and thereafter a decision to pass or reject a transaction.

Dynamic friction

Also, it is important to understand that merchants are battling with various types of fraud, and putting the best foot forward is about monitoring and evaluating each for risk. Clearly, the industry is counting on  behavioral and situational attributes to apply right friction to the right person at the right time. As Sift points out, it is vital to overlook legacy fraud-fighting solutions. All of this means a merchant is only applying friction in a blanket, indiscriminate way to all users, shoppers and fraudsters alike. With dynamic friction, risk level is assessed in real-time so that merchants can offer safe, convenient, and customized user journeys that only become more accurate and appropriate over time. In case a risk touches a given threshold, extra verification comes it play. If the interactions come across as reliable, that extra authentication is eradicated, providing the shopper a more rationalized experience.

Monica highlighted a couple of aspects related to dynamic friction:

1.       A dynamic friction system works out verification for an individual user and it learns as it goes. By assessing data on an ongoing basis, including the analysis of previous interactions, a blanket approach is avoided and such drilling eventually paves way for friction in only certain cases.

2.       A merchant’s best customers are subjected to the least amount of friction necessary for secure validation. Legitimate customers proceed with minimal friction.

(Read: How to leverage dynamic friction to only target dodgy shoppers?)

Dynamic friction cuts down the risk of alienating good users and causing false positives. The user journey needs to be evaluated holistically, from end to end; as a user moves through each stage of the journey, each interaction is evaluated for risk. The best part about dynamic friction: make it extremely tough for fraudsters to succeed, and at the same time not hampering the experience of genuine shoppers and them being unaware of the fraud detection mechanisms being used.


Ai’s 2020 conference dates:

Ai Editorial: Law enforcement agencies eye fraudsters and e-commerce fraud

26th February, 2020

Ai Editorial: Law enforcement agencies are looking at several areas – private and public sector partnership, capitalizing on data and high-tech crimes to curb fraudulent transactions, writes Ai’s Ritesh Gupta


The role of law enforcement agencies in combating a variety of cyberattacks is being tracked closely. Be it for private security and fraud prevention specialists or state-run agencies, no one organization is enough to deal with instances of cross-border cyber-attacks. But the role of law enforcement agencies in countering payment-related fraud and other ecommerce fraudulent can’t be undermined.

For instance, only a couple of months ago, Europol announced that its multidisciplinary initiative to derail illegal online transactions featuring flight tickets with compromised credit card data resulted in arrest of around 80 persons. These were suspected of traveling with airline tickets bought using stolen, compromised credit cards etc. Importantly, as also stated by Europol, some of the individuals were associated with unlawful immigration. For instance, some of the detained travelers had forged documents or IDs. At the time of this announcement, Europol also indicated that the airline industry’s losses hovered around $ 1 billion on annual, as a result of the fraudulent online purchases of flight tickets. Such illegitimate transactions are on top of the agenda of fraudsters/ online criminals and are often associated with more serious criminal activities including irregular immigration, trafficking in human beings, drug smuggling and terrorism.

Internet-enabled crimes and scams show no signs of letting up, according to data released by the FBI’s Internet Crime Complaint Center (IC3) in its 2019 Internet Crime Report. IC3 received 467,361 complaints in 2019—an average of nearly 1,300 every day—and recorded more than $3.5 billion in losses to individual and business victims.

Concerted effort

  • Collaborative route:  Travel merchants, including airlines, need to take a collaborative route to combat fraudulent activities.

“I believe in collaboration (for fighting fraud) at every level,” Jan-Jaap Kramer, Founder and CEO of FraudGuard told Ai during an edition of ATPS, held in the U. K. last year. He mentioned that fraud prevention as a discipline has come a long way, considering that a fraud analyst used to be isolated from other departments within an airline. And now various sectors have realized the significance of jointly fighting fraud since one fraudster can have access to a customer’s credentials. And these can be used across a variety of retail sites or in other ways to commit a fraudulent activity. “So it is imperative for merchants to cooperate and fight in unison,” Kramer had said.

Europol’s operations have been featuring participation of airlines. Other stakeholders that work with the law enforcement agency feature executives from online travel agencies, payment card companies, the International Air Transport Association (IATA), Perseuss etc. This is in addition to law enforcement, and judiciary and border agencies. They work in unison with Europol’s experts to spot dubious transactions and confirm the same with law enforcement officers deployed in the airports. 

  • Counting on data: Law enforcement agencies are trying to ensure that their initiatives don’t compromise individual privacy for the sake of public security. They are looking at implementing privacy by design. The plan should be – to be in complete line with one’s fundamental rights. In addition to this, the focus is also on promotion of de-bureaucratised and efficient processes.
  • Keeping pace with cybercrime: Law enforcement agencies acknowledge that cybercrime is more confrontational than ever. Considering the use of botnets, setting up back doors on compromised devices, social engineering etc., there is a need to keep pace with such attacks.
  • Preparing for the dark web: Europol, in its Internet Organised Crime Threat Assessment 2019, asserted that more synchronized investigation and hindrance-related initiatives for the dark web are needed. This would send a strong signal from law enforcement entities. Plus, even better real-time assessment is required to respond to the activities on the dark web.  The capability “will enable the identification, categorization and analysis through advanced techniques including machine learning and artificial intelligence.”

It was also mentioned that an EU-wide framework is “required to enable judicial authorities to take the first steps to attribute a case to a country where no initial link is apparent due to anonymity issues, thereby preventing any country from assuming jurisdiction initiating an investigation”.


Keen on exploring fraud prevention, data privacy and protection issues?

Check-out Ai’s conferences scheduled for 2020:


Ai Editorial: Biometric authentication – keeping it safe from hackers

21st February, 2020

Ai Editorial: Security safeguards and privacy-related initiatives are becoming stronger. Biometric authentication is an interesting tussle, and the industry is looking at negating fraudsters/ hackers’ moves, writes Ai’s Ritesh Gupta


Biometric authentication has numerous applications, and one of them is verifying/ authorizing a transaction.

Among all the options, facial recognition has gained traction because it is non-intrusive, easy to use and fast. It has gained prominence as it is being facilitated by our smartphones.

Since biometric authentication is about recognizing an individual without friction, rather than doing the same via a password or PIN, it stands out for augmenting the user experience with speed, ease of use and option to pay anywhere. But there are aspects that still need to be looked into. Be it for security-related risks, user privacy concerns or fraudulent transactions, repercussions are being probed at this juncture.

Plus, there are industry-related issues as well. For instance, this form of authentication does indicate that a cardholder himself or herself validated a transaction, but if the card network has no provision to use such data as the main proof, then that knowledge is useless.


According to Gemalto, the efficacy of facial recognition systems is based on: false acceptance, false rejection and  true positive (this describes when an enrolled user is correctly matched to his or her profile. This number should be high.)

As for concerns, artificial intelligence (AI)-based identity fraud is emerging as a serious issue. What is coming under inspection is the efficacy of biometric security measure such as facial recognition. A primary concern that a section of the industry is highlighting is hackers/ fraudsters managing to steal people’s faces.  Recognition of one’s voices and face as a way to validate a person’s identity is under scrutiny with the rise of synthetic media and deepfakes. How damaging deepfakes can be, as they can perfectly imitate features of a person. Deepfakes are powered by deep learning AI. The algorithms behind this AI are fed large amounts of data. Eventually, by capitalizing on such data, “deepfake” videos manipulate audio and video using AI to make it appear as though someone did or said something they didn’t. It does pose a challenge to validating the legitimacy of information presented online.

As highlighted in one of Ai’s recent articles, initiatives are in the pipeline, focusing on automated deepfake detection. Identity verification specialist, Jumio emphasized that it is “vitally important to embed 3D liveness detection into identity verification and authentication processes”. The company is working on plans to combat advanced spoofing attacks including deepfakes. (It is important to know that not all liveness is created equal and many un-certified liveness detection solutions fall prey to deepfakes). Among the others, Facebook, too, last year was in news for working on a ‘de-identification’ technology to morph a person’s face so that they remain unrecognisable to facial recognition technology. Also, specialists are focusing on a certain kind of machine learning. In this type patterns in image data are spotted. It features a system of artificial neurons that copy the functioning of the human brain.

Companies like Apple acknowledge that much of our digital lives are stored on their devices, and it's important to protect that information . While technology in these devices can automatically alter modifications in one’s appearance, such as wearing cosmetic makeup or growing facial hair, the industry is also looking at areas like not unlocking with a sleeping face.  Also, these companies are using smarter technologies. For instance, Apple has highlighted that the camera of its devices captures accurate face data by projecting and analyzing over 30,000 invisible dots to create a depth map of face and also captures an infrared image of face. Also, each time a user unlocks their device, the camera identifies by securing precise depth data and an infrared image. This information is matched against the saved mathematical version to verify.

Earlier this year, Apple asserted that a random person looking at a user’s iPhone or iPad Pro and unlocking it using Face ID is approximately 1 in 1,000,000 with a single enrolled appearance. For more, read here.


Keen on exploring fraud prevention, data privacy and protection issues?

Check-out Ai’s conferences scheduled for 2020:


Ai Editorial: Are acquirers becoming stronger allies for merchants?

18th February, 2020

Ai Editorial: Travel merchants, including airlines, are expecting their respective acquiring banks to contribute more than just processing payments, writes Ai’s Ritesh Gupta


Travel merchants, including airlines, have to focus on several aspects in order to streamline their cross-border payment acceptance.

Of utmost important is the shopper experience - from letting a travel shopper pay via their preferred payment method to ensuring their checkout experience isn’t disturbed with a unified approach to curbing fraud and disturbing even those transactions that shouldn’t be checked for authentication. Other than stepping up the authorization rate, businesses also need to keep the overall transaction fees in check. Plus, they need to prepare for better business decisions based on astute payments data, for instance, comprehending why transactions are being approved or declined with global coverage and granular reporting.

The role of the acquirer

The introduction of invisible payments or one-click transactions are experiences shoppers are increasingly getting used to, and every business needs to find ways to incorporate the same. And accordingly, the onus is on various stakeholders, including the acquirer, to chip in and facilitate the same for travel merchants. The entity, also known as the acquiring bank, is the financial institution that maintains the merchant’s bank account. It passes the merchant’s transactions along to the applicable issuing banks to receive payment. For airlines, hotels, OTAs etc., especially those operating in various countries, factors such as adding local payment options, too, are key to sustaining the desired conversion rate. It doesn’t come as a surprise when acquirers are being expected to support all payments types through all channels. 

And the acquirer is also expected to contribute in other areas. A core of area of expertise is managing processing of cross-border payments in an adept manner. An established acquirer is expected to contribute in terms of “local acquiring” and bring down the rate of bank declines. And they key lies in working with only a few, or maybe one acquirer even for multiple markets. This tends to make reconciliation less complex for travel merchants. Another area is the settlement aspect. Also, the ecosystem has witnessed certain players doing away with the blended pricing model. There are benefits, for instance, when the interchange fees goes down, the overall costs also go down. There is now more transparency in terms of the cost of the processing, what is charged for the interchange, the processing cost etc. As for the future, one can only expect an increased level of standardization on a European level and globally, too.

As for dealing with card payment conversion, there are ongoing improvements that merchants are looking for. For instance, credit card decline codes are not standardized; they differ from one payment gateway to the next. Details pertaining to why a payment tends to get rejected can be provided by an acquirer and this in turn can boost the conversion rate. Even though the rejection or response codes offered by acquirers may appear dauntingly technical, it’s extremely useful to understand what they mean.

Travel merchants are assessing the prowess of payment analytics and evaluating key metrics pertaining to the overall payment flow. Primarily, the focus is on the associated cost with each transaction, the rate of authorization, and the chargeback ratio. Delving deeper, payment specialists are counting on analytics for assessment of the risk profile, the relevance and performance of the acquirer, fee for alternative payment solutions etc. It is worth following how data and algorithms are shaping up to contribute both in terms of cost reduction and revenue optimization.

An acquirer is also expected to respond to the regulatory requirements. For instance, the PSD2 Strong Customer Authentication (SCA) migration completion deadline for online payments in Europe continues to be a weighty issue, with concerns about the preparedness and compliance still coming to the fore. Again, acquirers (and other stakeholders have to support EMV 3DS 2.1 and 2.2 by the end of this year) need to enable merchants prepare for the same and contribute in terms of the overall authorization success. Another area that is worth following is how this regulation is going to impact multisided platforms, or marketplace businesses, and some other areas such as licensing.

The traditional merchant-acquirer model has evolved, and today’s payment facilitator model has made the chain a lot more fragmented. For instance, certain entities are an extension of the acquiring bank and provide merchant processing services on the acquirer’s behalf.  As for the external factors, it is worth following how acquirers, post the merger activity, are going to respond to the rising competition.  


Keen on exploring fraud prevention and payment-related issues?

Check-out Ai’s conferences scheduled for 2020:


Ai Editorial: Stepping up card payment conversion via deeper introspection

3rd Februrary, 2020

Ai Editorial: Dealing with credit card decline codes is a daunting task. Ai’s Ritesh Gupta explores how a deeper analysis of these codes and collaborative approach can help in payment authorization.


Evaluating ways to improve upon approval rates for online card payments is always high on the agenda of travel merchants.

Independently travel e-commerce players are looking at ways to seamlessly authenticate users across the omnichannel customer journey. The role of cloud-based intelligence, backed by artificialintelligence and machinelearning, is coming to the fore. Assessment of both risk pointers and positive identity indicators is the way to go. This way travel merchants can better comprehend the context of a shopper, their behavior, and their score in terms of digitalidentity trust and risk. Other than ensuring that a legitimate shopper shouldn’t suffer owing to a wrong decline of a card, travel merchants also need to be in control of processing costs as well as focus on fraud prevention. There is no secret sauce for all this in the payment landscape, but crafting an astute authorization strategy is an ongoing effort that demands continuous introspection. Working with other stakeholders holds key here.

When it comes to authorization and acquiring for more than one market or cross-border transactions, a merchant can assess options such as  working with a payment services provider, setting up a local legal entity and entering into merchant agreements with local acquiring banks etc.

Coming to grips with soft and hard declines

Technically, credit card rejection happens when a card payment cannot be processed and the transaction is declined by the payment gateway, the processor, or the bank issuing the money. A credit card decline code is a message issued in response to a request for authorization during a transaction.

It is here dealing with the travel shopper in an apt way – via a simple and transparent communication – can help.

According to Chargebacks911, the issue is credit card decline codes are not standardized; they differ from one payment gateway to the next. They also tend to be rather unclear, as this helps in shielding the cardholder’s privacy and avoid giving away sensitive information in the event of a genuine fraud attack. Details pertaining to why a payment tends to get rejected can be provided by an acquirer and this in turn can boost the conversion rate. As Ingenico points out, even though the rejection or response codes offered by acquirers may appear dauntingly technical, it’s extremely useful to understand what they mean.

Adyen recommends that  profile of each transaction needs to be considered based on its amount, if it’s recurring, local regulations, issuers' authentication preferences, your relationship to your shopper, and more.

Some declines may be the direct result of the cardholder's actions while others are the result of external factors. The most important distinction is between “hard” and “soft” declines. A hard decline happens  when the issuing bank or processor denies the processing of the transaction and retrying the card won’t help at all. Hard declines are not recoverable at the time of the transaction. Whereas soft declines are generally a temporary issue. Retrying the provided payment method information may be successful.  One way to deal with such scenario is to automatically route selected failed transactions to a secondary acquirer for a “retry”. This can increase authorization with virtually no impact on the customer experience, asserts Ingenico. Essentially merchants need to constantly explore ways to salvage such situations.  A partner should be adept at analysis of past declines, transparent data, ongoing analysis of global transaction types etc. Also, developments like PSD2 are all about more carefully processing and managing data, including payment transactions.

PSD2 SCA 2020 - how to go about it as a travel merchant?

Not just merchants

And it’s not just merchants, but even other stakeholders, including card schemes and issuers, too, are focusing on sorting some common issues that tend to block transactions that simply should not have failed in the first place.

Traditional companies are stepping up their efforts  in the wake of increasing competition from alternative form of payments plus new developments that are fueling emergence of fintech digital payment specialists. For instance, it is being acknowledged that as a vital link in the payment chain issuers need to share relevant details regarding why the transaction has been declined. Many tend to supply response codes that are ambiguous and tough to comprehend. And in certain cases such codes cannot be interpreted at all. Effective fraud prevention and detection requires real-time collaboration and data sharing. In fact, with a collaborative approach where data on fraudulent and suspicious transactions is shared (and keeping it anonymous, too, where required), details are out on new fraud attempts no matter where they first appear.  But all of this demands a diligent effort. For instance, considering the case of passing SCA or Strong Customer Authentication  messages through complex transaction flow in the travel e-commerce sector.  

It is imperative for merchants to work collectively internally (fraud and risk management, customer service, operations, technology and product management teams) to optimize authorization and fraud strategies, and work with various external stakeholders as well for the same.


Keen on exploring fraud prevention and payment-related issues?

Check-out Ai’s conferences scheduled for 2020:


Ai Editorial: Why uncovering patterns of fraud with one approach won't work?

23rd January, 2020

A study, by Sift, has shared that fraudsters are moving freely from one fraud type to another. With data breaches, it is easy for hackers and fraudsters to gain additional information and plan other types of fraud beyond payment fraud.


A unified or a blanket approach to dealing with various types of frauds that exist in the e-commerce sector isn't going to work anymore.

The travel e-commerce sector, being a lucrative proposition for fraudsters, remains a prime target. Fraudsters are always looking at new methods to discover an  enterprise's vulnerabilities. So travel merchants not only need to be vigilant of the types of fraud but also be prepared to deal with them discretely.

Fraudsters are becoming better at what they do. They are increasingly going after more than one type of fraud. Plus, fraudsters commit fraud in more than one industry. According to an analysis by Sift, fraudsters are moving freely from one fraud type to another.

As for the types of fraud, the list includes payment-related fraud (unauthorized payment transactions, featuring stolen credit cards, debit cards etc.); new account or fake account (created by a fake identity, a fraudster or bot signing up for an account using another person’s real identity/credentials) and account takeover (a genuine user creates an account, and a fraudster later gains access to it and uses it for fraud). Sift also referred to fake content and fraudsters abuse promotions by redeeming coupons multiple times, or by creating fake accounts to redeem additional promotional offers.   

Looking beyond payment-related fraud

The latest analysis, based on the team's study of over 34,000 sites and apps in Sift’s customer base, with "data breaches making users’ credentials readily available on the dark web, it’s easy for bad actors to obtain additional information and attempt other types of fraud beyond payment fraud".  

Some of the other key findings:

  • Highlighting the way fraudsters continue to move ahead and pose new threats, the study indicated that various verticals are targeted concurrently. And whether those verticals are connected or not, doesn't matter. While digital e-commerce is the industry most plagued with fraud, fraudsters move fluidly from one industry to another, attempting multiple types of fraud. Fraud is not linear, but rather an interconnected web.

- 78% of fraudsters who start in digital e-commerce are also likely to commit fraud in another industry.

- 86% of fraudsters commit fraud in more than one industry.

  • In the list of the "fraudiest" industries, the travel sector is at the third spot. The top two sectors are digital e-commerce and physical e-commerce.

With such cross-industry focus of fraudsters, it is must for stakeholders to find out how the culprits find ways to hide or execute malicious tactics. Merchants and fraud prevention specialists acknowledge the significance of the same. For instance, spoofing has become more commonplace. Fraud is more complex than ever, and the only way to battle it out with fraudsters is to comprehend the perpetually evolving fraud landscape.


Keen on exploring fraud prevention and payment-related issues?

Check-out Ai’s conferences scheduled for 2020: