First published on 20th June, 2016
Ai Editorial: Be it for shielding customers’ information or nullifying fraudsters’ move to grab funds, OTAs have to be alert all the time, writes Ai’s Ritesh Gupta
Online travel agencies (OTAs), even the established global intermediaries, tend to be vulnerable when it comes to online fraud.
There are a couple of issues. One of them is fraudsters gaining access to contact details of customers. OTAs frequently receive complaints from customers about unauthorized credit card transactions. Plus there are areas where OTAs can be at the receiving end. Of course, nobody would like to face implications in case they end up with excessive fraud and chargeback rates.
Merchants are expected to adapt their risk settings and business practices accordingly to ensure fraud and chargeback levels are at an acceptable level.
The likes of Booking.com have had problems in the past as far as customer data is concerned. Also, fraud today is as an organized crime. I spoke to a couple of OTAs in the Asia Pacific to gain insight into 5 key areas/ trends:
- Protecting customer’s data
It is imperative to shield customers’ personal and financial information. Otherwise it can severely impact a brand’s image. Travel companies need to understand how hackers are gaining access to system data or server functionality. The breach of data is happening and it could be owing to a web application getting manipulated and a fraudster tricks that application into performing commands and accessing data. Another way is to get hold of an authorized account via focus on session IDs, and eventually stealing them.
Experts recommend that additional steps can be implemented to curtail risk of credit card and personal data exposure, such as compartmentalization and tokenization on the inside of the company’s DMZ (Demilitarized zone. Network added between a private and a public network to provide additional layer of security). This is being considered to be a vital add-on to firewalls and external fraud measures. Such mechanism keeps a tab, acts and reports on dubious activity and can feature configurable fraud-alert rule sets, data- profiling modules, and other validation methods. Also, at another level, it is important to know how to strike a balance while focusing on stringent fraud rules. Otherwise this can result in reduced acceptance and revenue.
- Going beyond passwords
It is being highlighted that password is no longer the best way to authenticate users. In fact, there is a need to go beyond conventional passwords and PIN based approach.
As highlighted by Visa, biometrics offer “the only way to link” a person’s physical identity to his or her digital identity. Biometric authentication features fingerprints, facial recognition to authenticate one’s identity. This is something that cannot be replicated with ease. Also, from a user experience perspective, there is no need to remember a password. However, an OTA executive mentioned that biometric authentication is still in its nascent stages as far as intermediaries in the region are concerned.
Also, Visa is working with EMVCo to develop an updated and enhanced version of 3D Secure, paving way for more consistent UX across various payment channels, including mobile web, in-app etc. The company has asserted that 3DS version 2.0 will offer a more seamless checkout experience via intelligent risk-based decisioning.
This sort of authentication features data to assess genuine user behaviour, device, location and other well-known characteristics, so there’s less need to ask for a password.
- Sudden spurt in dubious activity from one region
A senior executive from Mumbai-based OTA Cleartrip.com shared that there tends to be sudden spurts in fraudulent activity from one market/ country. For instance, last year it related to “seemingly Russian citizens” booking itineraries featuring a particular LCC in the Middle East. “The bookings featured destinations like Moscow, Kiev, Bishkek etc. Most of the passengers booked through these transactions sounded like Russian citizens (female names ending with “ova” or male ones ending with “ev”.” The carrier had strict policies, and before the OTA could verify and reach out to the airline, fraudsters were cancelling those flights, and gaining credit vouchers for future bookings. “We eventually decided to cancel the sector.” And this year, the same executive referred to “Indonesia fraud”, where fraudsters are using cards issued in the U. K., US and Australia, and booking same day check-in hotels and non-refundable/ non-cancellable airlines. Lot of activity is related to travel and booking of hotels in Indonesia.
There are tools in place that can differentiate between threats and genuine transactions by pinpointing the buyer’s location.
- Reviewing cancellations
Cleartrip.com also shared that it has been working on plans to curb virtual wallet fraud. “In this case, a fraudster does the fraud transaction using international card and cancels the trip to obtain the refund in a virtual wallet. The same can then be used for future booking. It also surpasses all the fraud conditions due to payment mode.” So rather than funds going back to the original instrument after cancellation, when fraudsters decide to cancel a booking they put into a private closed wallet. So Cleartrip.com reviews such cancellations, and nullifies the action taken by a fraudster. Rather the money is sent back to the credit card or the original instrument. “We revert in quick time,” shared the executive, who also referred to discount coupon fraud (the fraudster finds out a loophole in the system and uses the code to obtain false cashback).
- Relying on machine learning
While the moments between when a shopper clicks “buy” and when a merchant must deliver a reservation seems fast to us, it’s plenty of time for a computer to recognize a bad user or reward a good one with a smooth, easy buying experience. A flexible and online (instead of offline) machine learning system can start learning the second a user lands on your site, gathering behavioral data so you can spot a suspicious user long before he enters a stolen credit card number and you get hit with the inevitable chargeback. Armed with actionable machine learning findings, a business can create an adaptive checkout flow, that is tailored based on how risky each user is.
One of the best things about using machine learning is that it automatically learns about new fraud patterns in real time so you don’t have to keep close tabs on new tactics.
Fraudsters always move on. Managing online fraud is an ongoing initiative, one that needs constant improvisation for better results. If this is not the case, then a travel organization would end up being a soft target.
Here it needs to be mentioned that the booking experience of a customer shouldn’t be jeopardized.
I know of an instance where an airline called up my colleague in the U. S. past mid-night, who had booked me for a trip in Asia. The airline had concerns about the itinerary, considering that the booker was in the U. S. But my colleague felt the check needed to be more vigilant, considering that the airline had information about him, and disturbed his sleep by calling at 3am!
Hear from experts at the upcoming 5th Airline & Travel Payments Summit Asia-Pacific to be held in Kuala Lumpur (17-18 August, 2016).
For more, click here
Follow Ai on Twitter: @Ai_Connects_Us
First published on 15th June, 2016
Ai Editorial: New payment options, especially 3rd party mobile wallets are exciting. One needs to assess how all of this fits with the complex world of airline payments, writes Ai’s Ritesh Gupta
The buzz around some of the new ways in which one can pay for a transaction is unmistakable.
What is increasingly standing out is the ease with which we can pay.
Options like Apple Pay and Android Pay let travellers check-out with a single touch. Travellers can get going by adding their preferred debit or credit cards. And this means businesses gain instant access to an extensive user base potential.
And it’s not only Apple (which continues to make progress, for instance, Apple Pay in China) and Android, even Facebook and Amazon are making news. Plus, one can’t ignore other options such as Alipay that have become dominant for targeting a particular section of audience/ market. In fact, talking of Alipay, the fact that it is a part of Alibaba group (includes Alitrip and other divisions such as big data/ cloud computing), brands need to be a part of such shopping ecosystem. It offers content/ information and shopping environment in a seamless manner. The likes of Air France-KLM and Cathay Pacific already have Direct Connect agreements in place with Alitrip. As for Alipay, supported methods include standard web, web-to-mobile, and in-app transactions.
Embracing various mobile payment options are paying off. Early movers in mobile payments are already witnessing benefits. Transavia’s mobile payment share stands at 20%, which according to Adyen, is 65% higher than the airline average. The airline has benefited as it focused on crafting a mobile-optimized experience.
Dealing with constantly evolving payments ecosystem
There are several areas that need to be looked upon as options increase:
- Be realistic: The travel commerce ecosystem is complex, with many moving pieces. “I think airlines will always need to be in full control of the payment ecosystem. It’s something that an airline or OTA does very well, better than these (Facebook and Amazon) networks. Some brands like PayPal make total sense and work well within space, but when it comes down to it, managing payments needs to be owned entirely by the airline or OTA. Many of the reasons why to revolve around risk, bookings, issuer relationships, travel rewards and beyond. Getting from point A to point B on the map hinges on money moving from account A to account B. As travel itineraries change, upgrades, cancellations, and delays occur there’s a delicate dance that needs to happen,” explained CardinalCommerce’s VP, Consumer Authentication, Michael Roche.
In case of airlines, “may be you will see little to no incremental sales lift from adding an alternative payment brand. Much of the time offering another brand is going to cannibalize your current card business, so you need to make sure that it’s going to be worth it: rates, risk, and operational overhead,” asserted a source.
Referring to the likes of Facebook and Amazon, a source said, “(I doubt) if it will ever make sense to outsource the full payment functionality that airlines and OTAs have today. I also don’t think these networks will have the capacity to handle it on the levels that would be required. There’s a big difference between buying and delivering a pair of shoes vs. booking an international trip with two layovers. Being a great airline or OTA means you have an efficient payment ecosystem.”
- Adopting new options: Airlines are going to have challenges with any new payment types that don’t pivot on the credit/ debit. “Anything that doesn’t use the authorization and settlement model will cause additional work across the travel infrastructure. Most payment networks and brands are going to present a challenge. PayPal, however, has had adoption success within the travel industry since it ties closely with the network card model,” said Roche. When considering any new payment options, you will need to do your due diligence to ensure all entities within the supply chain can handle how it operates from authorization to settlement along with all other payment functions like refunds, reauthorization, split orders, and any other type of customer service use cases that you could imagine.
Airlines need to work with their respective acquirer or PSP when identifying a new payment type. They should also discuss it with all other entities which handle bookings, customer service, or any other function where payment is tied to action throughout the travel lifecycle.
A specialist like CellPoint Mobile highlights that when it comes to supporting Android Pay, it would only require a few tweaks to their existing configuration, and passengers will have access to Android Pay in less than one week. Option like Android Pay should work seamlessly across all the e-commerce channels deployed by airlines, and one also needs to ensure how passengers’ payment, loyalty, and transaction data would be protected.
- Keep an eye on the future: What we’re going to see in the future would be a payment ecosystem that’s more secure, confident, and accountable. The risk is going to be mitigated across the supply chain, and the online payment channels will become as trusted as the Card-Present space. Experts recommend that airlines keep their eye on these concepts in the next couple of years:
- Wallet Mobilization of the POS
- Strengthened and streamlined acquiring relationships
- EMV Online
- 3-D Secure 2.0
- Payment Tokenization
How is the world of 3rd party mobile wallets shaping up? Hear from experts at the upcoming 5th Airline & Travel Payments Summit Asia-Pacific to be held in Kuala Lumpur (17-18 August, 2016).
For more, click here
Follow Ai on Twitter: @Ai_Connects_Us
First published, 6th May 2016
Ai Editorial: Payment options that are emerging as an end-to-end alternative to SWIFT are unsettling old-fashioned ways, writes Ai’s Ritesh Gupta
There are several aspects that need to be scrutinized before any travel e-commerce company can work out timely cross-border payments in an extremely complex global payments environment. If coming to terms with associated total costs is one critical issue, then assessing the sort of support needed from a payment provider and spotting what payment options are suitable for receivers are some of the other equally important aspects.
If we consider the significance of a compliance program, then China is one example that exemplifies intricacies involved in the B2B payments space.
Dealing with peculiarities
For instance, it is being highlighted that due to new Chinese government regulations people in China can’ t receive online credit card payments from an international business account to their personal local bank account anymore. This will affect thousands of single business owners in China, foreigners and Chinese, travel agencies and hotel owners who use PayPal or other foreign payment processors/ providers to accept online deposit and balance payments from foreigners as they can’ t receive their foreign funds from a business account into their personal account here to pay providers, staff, etc.
“Each market presents its own set of regulatory requirements for B2B senders and receivers,” says Nagarajan Rao, SVP, Global Head of Business and Product, Transpay, a B2B/B2P cross-border payments platform.
Rao further explained, “For example, a business sending funds into a country may have only one regulated entity to choose from that can move money into that market. On the receiver side in places like China there is also the likelihood that the business has to have a mandated form to accept cross-border payments, which can be cumbersome approval process to receive. Additionally, countries like Brazil and Russia, require businesses to report every dollar of cross-border payment received. So even though it seems like the world has opened up for business transactions, some of these local regulations and requirements are impediments to business growth.”
Continuing with the example of China, many foreign businesses use Alipay or Tenpay to accept payments from Chinese travellers but what about the other way around?
Rao mentioned that these Chinese acceptance companies have done a great job in creating a strong localized payment industry.
“However when payouts need to be made to foreign entities- travel agents, hotel properties and vendors- these in-country businesses have to rely on antiquated wire system that only a few banks in China offer and pay a high amount in fees for FX. The payouts part to funds flow is the next problem for China to solve.”
As for the sort of international payment products that are available, according to Transpay, the options include:
- eWallets (A virtual account where funds exist. No need to share private account information);
- SWIFT Wire Transfers
- International Prepaid Cards (among most costliest ways to receive money);
- International ACH (banks and 3rd party companies work out a direct deposit service. Funds are transferred to the receiver’s local bank account in local currency through the local clearing systems. Tends to be costly when used in emerging markets).
According to Rao, traditional bank wires, eWallets, and prepaid cards “too often come with hidden fees, lack of transparency and inexcusable lag times that are oftentimes bore by the recipient”. With Transpay, the funds are delivered in local currency within 1-2 days.
Traditionally, travel brands sending cross-border bank transfers have had to rely on the SWIFT wire networks. Oftentimes this means slow transactions and opaque funds flow, as funds have to go through multiple financial institutions to get to the ultimate end recipient. Each stop along this correspondent bank network also comes at high cost, as each financial institution charges a fee for handling the transaction, says Rao.
Payouts are inherently more complex than payment acceptance, as it involves one entity making mass payments to different recipients and bank accounts. With solutions that have their own proprietary bank network, travel brands are able to process payouts locally, reducing the number of financial institutions involved, and ultimately reducing the cost of sending mass payouts.
There is also talk of alternate payment solutions. So how are these offerings capitalizing on cross-border opportunity?
There are several applications for travel companies to utilize alternate payouts. Airlines, for example, need a solution for issuing refunds on cancelled flights or OTAs need a payout option for making commission payments. According to Rao, Transpay’s solutions would complement what’s being done for all outbound payments without the expense that virtual cards and traditional bank wires charge to all parties involved.
What to watch out for
According to Transpay, the focus is now on cross-border payment settlement and strategies for paying international recipients.
“Payouts are the last 100 meters of the payment flow that until recently, have been largely disregarded. It’s very glamourous to talk about the customer payment experience, but at some point businesses need to get the funds to the ultimate provider of the product. There are several trends in travel that are shifting the payment dialogue. A growing movement towards pre-payment for hotel booking for example, as well as a growth in the merchant model in the OTA sector- with more funds needing to move from the OTA to the hotel property- are all factors leading to an increased need on payouts that are economically viable,” said Rao.
Also, entities are drifting from manual and batch payout processing to an embedded user experience.
In travel, branded websites and OTAs have mastered the art of embedding local payment acceptance forms into their customer-facing user experience, said Rao. “However, when these companies need to do payouts to agents, suppliers or individual recipients that experience currently site outside of their platforms. As the industry grows and the need for faster transacting increases, streamlining the payout experience is now front and centre. Having an embedded user experience with an industry grade payment network is the next step forward for businesses to ensure that payment acceptance and payouts go hand in hand,” mentioned Rao.
Also, blockchain technology has the potential to improve the speed, accuracy and accessibility of cross-border payments.
Rao underlined that options that are emerging as an end-to-end alternative to SWIFT are unsettling old-fashioned ways. As the cross-border payouts sector moves on, solutions that are curtailing costs and managing FX gain to stand out.
Follow Ai on Twitter: @Ai_Connects_Us