Ai Editorial by Christopher Staab, Managing Partner Americas, Airline Information
3-D Secure, also known as Verified by Visa, MasterCard Secure Code, JCB J/Secure, and American Express SafeKey, is a fraud prevention initiative launched by card schemes. Its intention is to improve the security of Internet payments and provide a shift of liability in case of fraudulent transactions.
In the airline industry, 3-D Secure is causing a classic struggle between airline Finance Departments and Sales & Marketing Departments. Finance tends to like 3-D Secure due the liability shift and the lower merchant service charges (MSC), whereas Sales & Marketing tend to dislike 3-D Secure, as it is seen to have a negative impact on online conversion rates, decreasing sales.
However, most Airlines already know that not all transactions have the same risk. For example, most top tier elite frequent flyer members booking the same route can, generally, be relied upon to be genuine.
Research by the PSP Adyen also showed that 3-D Secure in the USA will lead to a decrease in conversion of 45%, whereas mandating 3-D Secure in India actually increases conversion by 30%. More markets are shown in the graph below:
Adyen has therefore developed Dynamic 3-D Secure to apply 3-D Secure (or not apply it) based on the characteristics of each payment transaction! To find out more about Dynamic 3-D Secure, as well as other fraud prevention measures, we invite you to join the Airline & Travel Payments Summits.
Ai Editorial from Chris Staab, Managing Partner, Airline Information
According to a 2010 article in the New York Times, hotels account for nearly one third of the world's cases of credit card fraud! And by most accounts, the situation has not improved in the last few years. How long before credit card acquirers, the credit card networks, government regulatory agencies and hotel customers demand change from the hotel industry on how it handles credit card data?
The root of the problem appears to be the hotel franchise model, leading to a lack of credit card security and poor procedures. Maintaining brand-wide credit card security standards when there are thousands of franchises, many of whom have properties in multiple brands, has proved an impossible task to date. How often have you seen hotel front desks making physical copies of your credit card at check-in, as well as asking for a copy of your ID or passport? This information can then easily fall into wrong hands and is hardly PCI compliant. Combine this with low pay leading to the temptation for hotel staff to steal card and personal data and it's a card security nightmare! A particular target is the cards of American customers who don't have chip-and-pin (EMV), making them easily cloned for card present fraud. Corporate wide, hotel chains have also had a history of poor data security, having faced several well-publicized data breaches of card information.
I am a perfect example of this problem. In the last 5 years, I have been the victim of credit card fraud on half a dozen occasions- all stemming from the use of my card at hotels. Now when I travel to many countries, I use my card only at the hotel front desk, where it is required. Two years ago in Chile, I only used my card at check-in to a 5-Star major international hotel brand property and my card was compromised. The previous year, I fell victim to the well-publicized Wyndham hack and my card was used to purchase $10,000 in furniture in China. Unfortunately, I also had organized several events in Wyndham properties (including the Airline & Travel Payments & Fraud Summit!) around the time of this breach of security and many of our customers were also affected.
So, returning to my original question, for how long can hotels contribute more to global credit card fraud versus any other industry?
The issue may be resolved as hotels themselves are also increasingly becoming victims of fraud, which will hopefully result in better procedures. Hotels face friendly fraud in the form of charge-backs at very high rates, while online the problem is increasing quickly, as hotels are offering more and more prepaid rates via their own websites. This has made them increasingly the victims of the use of stolen credit cards.
Hotels as both victims and contributors to fraud will be discussed at our upcoming ATPS & Fraud Events. You can find out more about all of these events at www.AirlineInformation.org/events. And, think twice the next hotel you check into a hotel about the security of your credit card details!
In preparing for the Airline and Travel Payment Summit in Toronto on the 12/13th of October 2011, one of the themes that keeps emerging is payment surcharging. In the UK, where I am based, this practice very advanced, but it's also one which the regulators are also looking at closely.
Although Ryanair is registered in Ireland, it does a lot of business in the UK and it's at the forefront of surcharging here. However, they are not alone. You might be surprised to learn that Lufthansa and American Airlines are also surcharging on their own UK websites for credit card payments.
Here is a chart of airlines charging credit card surcharges in the UK market: