First published on 21st December, 2016
Ai Editorial: Real-time automated fraud prevention means that the fraud solution is fully automated to make real time decisions, without any need for manual reviews at all. How far are we from attaining this, explores Ai’s Ritesh Gupta
Commerce today is about seamless movement between devices, and this also means one-click or no-checkout options in an omni-channel environment.
With all this, security is certainly the issue, and in an increasingly global world, so is the ability to accept a variety of payment methods, currencies and devices. Customers want to be able to shop and buy, no matter where they are or which channel they're on – offline, online, mobile, app. Airlines and brands must position their products, goods and services for all channels – keeping in mind that customers of tomorrow will increasingly be interacting primarily or solely from mobile devices.
On the fraud front, improvements in biometrics, authentication, verification and identification will gradually reduce the risk of fraud. The blockchain process, developed for cryptocurrency verification and authentication, holds a lot of promise for increased payment protection in the mobile environment.
Better fraud management
The workload on financial institutions has risen with the advent of real-time payments.
Key components of real-time transactions include certification of payment, availability of funds, instant settlement and confirmation of the transaction. The industry has had to figure out configuration for inter-bank settlement, and also core processes should be available in an unbroken manner. As Accenture points out, considerations include real-time settlement of every payment or deferred net settlement, loss-sharing agreements or prefunding of settlement accounts etc. Global payment infrastructure has been moving toward faster payments and real-time settlement. So considering new ways in which transactions are happening, say via mobile, how this demands better fraud management effort?
Justin Lie, Group CEO, CashShield, a SaaS based self-learning fraud prevention solution for ecommerce, says a decade ago, the payment landscape was largely dominated by banks, and these banks set in place industry security standards and protocol to protect merchants and themselves from breaches and hacks. “However, with the rise of financial technology or FinTech, so has the number of FinTech companies. With more than 9000 companies currently around, and with the number expected to grow, the number of points of breaches have grown as well, since these FinTech companies do have to deploy or adhere to the same security and safety protocol that the banks stick to for protection. Here, the entire payment ecosystem on the whole has weakened with a larger number of fail points,” says Lie.
In addition, traditional rule based fraud solutions require manual reviews to be done before the settlement period (normally the next day after the transaction is processed).
“Real time settlement will greatly hinder these conventional solutions since they will have to either auto accept or reject these manual reviews to process payment,” says Lie.
He says to deal with this, merchants have to either accept almost all transactions (thus increasing chargeback rates) or reject seemingly risky transactions quickly (thus lowering conversion rates). This traditional fraud management is seen as static defence, but it has become evident that such traditional methods are falling behind newer methods that fraudsters are designing to launch their attacks.
“With new channels of payments such as mobile or NFC, more creative modes of fraud are expected to appear. It is important for us to transit then, instead, to active surveillance by deploying big data user and entity analytics to understand the user behaviour behind each transaction. Considering that most fraud attacks come as a coordinated attempt from a single script, automated to maximize the number of hits in the least amount of time possible, they will leave behind a pattern that can only be detected by understanding user behaviour. Even as new forms of payments become popular and mainstream, active surveillance will be more relevant (rather than static defence) and effective in dealing with fraudsters,” explained Lie.
Mobile as a platform for transactions is facilitating new ways of payments.
But mobile fraud is relatively more challenging to handle.
“It is so (mobile fraud is challenging to merchants) as transactions that are made through mobiles collect less information than web transactions, and therefore look much more similar. Without the appropriate technology or expertise, it is difficult for merchants to be able to differentiate between the real or fraudulent orders. As a result, higher costs are incurred, which includes the greater chargeback rates, lengthier time for manual reviews and bad service rendered to users,” said Lie.
Even though, the risk of fraud is greater as there are additional hindrances when it comes to cardholder and device authentication, apps like Apple Pay and Samsung Pay could actually help deter fraud. Both of these apps rely on biometric fingerprint technology in order to authorize a transaction. Therefore, in order for the user to authorize a transaction, the cardholder needs to provide a fingerprint. Not only is this a strong deterrent against unauthorized transactions, but the customer’s fingerprint attached to a transaction is very compelling evidence in the merchant’s favor in the event of friendly fraud.
Real-time automated fraud prevention
Lie says most existing fraud solutions around are still quite far away from achieving real time automation.
While more and more solutions on the market are currently using machine learning to detect fraud, these types of machine learning rely heavily on training data sets to predict probabilities (as opposed to real time automated decisions). These data sets are based on new fraud trends from either
(1) filed chargeback information as historical data (which could be at least 30-90 days old) or
(2) from human intelligence of the large risk analyst team to manually provide inputs.
“The way these machine learning algorithms are designed forces the solution to rely on these training data sets, requiring at least 10-30 days (or even months) of training. As a result, the long training gap and the reliance on training data sets prevents the solution from making decisions instantly, but rather only allows it make predictions of the probability of fraud,” says Lie.
He says real time machine learning is required for real time automated fraud prevention. Real time machine learning means that the fraud system is able to learn instantly on the fly with each new incoming transaction, and requires no lag time or historical training data sets to provide information on the new transaction. Consequently, the system is able to make optimized decisions instantly, without the need for manual reviews.
However, it seems like it will still take 2-3 years for the industry to switch from predictive models of machine learning towards real time machine learning, due to the rarity of such solutions.
Are you bold enough to survive in the brave new world? Assess your preparedness at 11th Airline & Travel Payments Summit (ATPS).
Date: 03 May 2017 - 05 May 2017
Location: Berlin, Germany
For information, click here
Follow Ai on Twitter: @Ai_Connects_Us
First Published on 14th December 2016
Ai Editorial: Retail automation, frictionless checkout, invisible payments etc. are developments that are set to redefine shopping. As commerce evolves, airlines, too, need to respond to such exciting initiatives, writes Ai’s Ritesh Gupta
“No line. No checkout.” This is what the retail sector is inching towards.
Being “made to wait” at any stage of shopping, be it offline or online, can be a dampener. So the retail sector is steadfastly doing away with what can be the bane for conversion or the overall shopping experience.
If we go by what Amazon has come up with (Amazon Go is a new kind of store with no checkout required) or even what Panasonic is testing (convenience-store checkout machines that can scan and bag items on their own), then you don’t really worry about waiting for paying. In case of Amazon Go, the company says you never have to wait in line. Consumers can avail the Amazon Go app to enter the store, shop and leave. In case of Panasonic, the system is retailer agnostic, so one won’t necessarily need Amazon credentials or a specific ecosystem, says Apple or Google. This all needs to be considered as the bar for delighting a customer gets raised. Comparison between retail and travel would be inevitable at some stage, as one would expect travel e-commerce to respond too. So if I am moving straight out of a supermarket without having to wait for my turn to pay, then why wouldn’t I expect the same say during any stage of my journey?
Isn’t it relieving when you move out of a cab, say Uber, and all you need to do is focus on luggage rather than paying for the ride? It might not take more than a couple of minutes to pay, but when technology saves your time, we start falling for it. We start expecting it in other areas, too.
Technology – the driving force
Technology is driving automation, and it can overlap for different sectors. For instance, Amazon Go’s checkout-free shopping experience features similar technologies as used in self-driving cars: computer vision, sensor fusion, and deep learning.
The Internet of Things (IoT) is also lending a new dimension to convenience.
So as machines take over and manage certain decisions, say ordering grocery, consumer behavior is likely to alter drastically.
This definitely is going to affect e-commerce merchants, including airlines, across the globe.
As we highlighted in one of our recent articles, IoT thinking and increasingly smartphones are leading to more sophisticated digital wallets and mobile payments – which will lead to personalized mobile wallets or payment technologies with predictive capabilities built in. IoT might extent to other transaction or authentication technologies, and some banks or companies are already experimenting with voice recognition, facial recognition, various kinds of chips, even pulse recognition as the identification-verification step needed for payments.
As for facilitating payments, as Ingenico points out, the IoT payment solution will need an infrastructure based on cloud architecture and connectivity. This would call for standardization in the payments process.
Gap between retail and travel
Despite the unique and inherent attributes that have shaped travel into a silo industry, airlines and OTAs alike are coming to the conclusion that the gap between travel and traditional retail is reducing. This is due in part to the growth of ecommerce and evolutional demands of today’s consumers. As a result, a competitive advantage will be given to those companies that think outside the box when it comes to payment acceptance.
Conversion has always been a hot topic, but with the transformational changes in payments, gaining a competitive advantage takes a lot more than layout and price. Similar to what has transpired with big box e-tailers, the changes in consumer behavior today foretells significant innovation requirements for travel and airlines, as asserted by Chargebacks911’s COO, Monica Eaton-Cardone. In a recent interaction, she pointed out that e-commerce leaders such as Amazon and Apple have pioneered efforts that will forever change the way buyers and sellers view commerce, but even before the hype of today’s frictionless frenzy, payment methods and options were evolving. Loyalty programs advanced to store credit, financing options such as “Bill Me Later” became a popular contender, and a variety of monthly recurring options with the addition of new value add-ons helped curb profit requirements in order to support price wars—which are still going on today.
When it comes to airlines, the breadcrumb trail has already been laid. Loyalty programs offer dwindling promises as airlines are forced to follow the footsteps of other industry pioneers that faced similar issues.
The could be fraud risk with emerging payment options and passengers do worry about security and privacy of their information, especially when it is stored in the cloud or available online databases. The good news is that travel isn’t the first industry to test out these emerging options. Effective management strategies, first designed for the pioneering retail sector, are available and scalable for travel. Solutions are derived from rule-based service policies and intelligent feedback.
As for payments, the real challenge is that each payment method has its own risk factors. It’s necessary to plan accordingly—for each different payment method you accept or new technology you embrace, carefully research any security vulnerabilities, and have a solution in-place to mitigate that risk.
But airlines would need to respond swiftly to emerging developments in the retail sector.
The fact is, today’s customer is a very different consumer than those of the past, and the gap between travel and retail is closing quickly. In order to compete, conversion is king. This means being able to identify your customer’s wants and needs, then serving up options that meet or exceed those expectations.
Follow Ai on Twitter: @Ai_Connects_Us
First published on 8th December, 2016
Ai Editorial: As the devices that can be connected to the Internet expand, wrapping up a shopping experience by paying on these devices would be a logical progression. So airlines need to gear up for what all IoT can do to facilitate a transaction, writes Ai’s Ritesh Gupta
Technology that augments your decision-making is enamouring.
Imagine this – a family is in a car, and one of the member’s smartphone is connected to it. The family decides to go on a holiday. A digital assistant (could be a smartphone service or an app) is being posed questions, and itineraries are getting flashed on the screen in the car. And the screen is also displaying things to do, weather-related information etc. Five itineraries are short-listed. The user sees these options in the smartphone app, and ends up booking.
Going by what all is being talked about – seamlessly moving between connected devices and turning any Internet connection into a commerce experience – this makes technology enticing.
IoT and seamless experience
Between the Internet of Things and emergence of concepts such as wearable technology, the travel booking funnel is getting split and fragmented – marked by a number of sessions across devices. There is huge pressure to understand the profile, intent, context/ booking phase, location, device etc.
The IoT assumes that information and data will flow seamlessly and securely from one device or one party to another, where it can be accessed and used immediately, says Kristian Gjerding, CEO of CellPoint Mobile.
“If the IoT keeps track of the items you intend to purchase, it can automatically tally the payment and process the payment as soon as it connects to the nearest payment terminal or app and verifies the customer's information and data,” says Gjerding. “The IoT will remove even more layers and more steps that are now involved in shopping and paying for goods and services – such as the IoT-connected refrigerator that senses the absence of baby formula and orders it automatically.”
The value of IoT commerce is that it can make our lives smarter and simpler.
So how can airlines evaluate the potential of IoT commerce at this juncture?
“Everyone knows how frustrating modern air travel can be, and any technology that simplifies that experience for passengers will be a welcome phenomenon,” says Gjerding.
In the airline environment, IoT can:
- connect a passenger’s baggage to his/ her mobile device for real-time tracking and updates.
- create verified IDs from distributed documents, speeding the process of passing through security, customs or boarding a plane.
- be used to provide real-time alerts about flight changes, status updates or emergency notifications.
“The potential of IoT commerce, however, requires airlines to embrace mobility, connectivity and IoT thought processes and strategies now. Because passengers, consumers and technology innovators are moving faster than airlines and retailers when it comes to technology and expectations, and the travel industry needs to play catch-up,” stated Gjerding.
Transactional capabilities of IoT Commerce
The fundamental transaction model is similar to that of a customary one featuring – a customer, a merchant, an issuer, and an acquirer.
The technologies that are required to process transactions does not change with the IoT – payments still have to go through the usual verification, authentication and security checks that are already in place, says Gjerding.
A traveller transacts, the issuer authorizes the same and the flow of payment runs through to the acquirer and merchant.
“The IoT comes into action because of the role it can play in making transactions and commerce much more seamless, connected and transparent in peoples’ lives,” says Gjerding.
He says airlines should prepare for IoT commerce in the same way that they must prepare for mobile commerce: They must make conscious, tangible commitments to modernizing and streamlining their legacy systems around payments, data collection, data integration, security and other activities. Instead of storing data in separate silos or divisions, the IoT assumes that data can be accessed and acted upon in real time, regardless of where it originates. For airlines, the first order of business is to embrace mobile-first and IoT technologies, and then to make sure that airlines have the right internal expertise, third-party vendors and innovators in place to create real change.
“Instead of thinking about payment processes as a cost center, airlines need to embrace these new technologies and capabilities for their revenue-creating potential. As payments, shopping, travel booking and buying move rapidly away from cash and credit to the mobile and digital environment, airlines need to follow them there in order to capture the revenues that they’re already creating – revenues that will continue to grow as more consumers make the shift to mobile-first payments and as more “things” become connected to each other via the Internet,” explained Gjerding.
Issues related to security and privacy
All customers and passengers worry about security and privacy of their information, especially when it is stored in the “cloud” or available online databases.
Cyber security specialists have been working on roadmaps and architecture of IoT security.
Gjerding says airlines and all businesses must ensure that their payment and security processes meet or exceed the current industry standards, and they must also be open to ongoing security innovation. According to him, blockchain processes, for example, are just one new type of technology that can be used for improving security, verifying identities and authenticating passengers and payments. “No doubt other new technologies, apps and IoT-enabled capabilities will emerge, and all companies – airlines or otherwise – must have their ears to the ground about what’s coming next so that they’re not caught off guard and are fully capable of leveraging and benefitting technology to their advantage,” says Gjerding.
Main challenges in progressing with IoT commerce
The main challenges involve technology and actual implementation.
Gjerding says for IoT capabilities to work, modern devices need to connect to the broader IoT network, and older devices need to be updated or replaced. And even more importantly, the private companies and public agencies involved in collecting and leveraging IoT information need to embrace IoT strategies directly into their organizations and operations, and they need to make sure that policies around data collection and privacy are modern, secure and foolproof.
“Nothing can put the damper on a new technology or bold new idea like lack of consumer trust. There's a balancing act involved – moving quickly enough to stay in touch with the market, revenue streams and travellers’ expectations, but not moving so quickly that critical precautions are overlooked,” he says.
There’s certainly a lot of innovation around the IoT, but broader implementation will take time as the rest of the world catches up to IoT innovation. IoT thinking and increasingly smartphones are leading to more sophisticated digital wallets and mobile payments – which will lead to personalized mobile wallets or payment technologies with predictive capabilities built in. IoT might extend to other transaction or authentication technologies, and some banks or companies are already experimenting with voice recognition, facial recognition, various kinds of chips, even pulse recognition as the identification-verification step needed for payments. Blockchain, a verification-authentication process developed for virtual currencies like Bitcoin, has the potential to evolve and grow as an underlying process for other types of virtual payments, peer-to-peer payments and other transactions.
When it comes to Internet technology and commerce – the sky is the limit, summed up Gjerding.
Follow Ai on Twitter: @Ai_Connects_Us
First published on 14th November, 2016
Ai Editorial: What can reduce an airline’s liability when we talk of chargebacks? Various stakeholders need to jointly improve the situation as there can be instances where airlines and merchants at large can be clueless.
There are multiple stakeholders at risk when it comes to chargebacks. Fraudulently filed chargebacks touch each party in the payment industry.
But is the functioning of the industry in its entirety falling short and ironically rendering most harm to the very consumers it was invented to protect?
The industry cumulatively needs to combat the issue of chargebacks.
As for airlines, today’s solution must be agile and diverse, coupling an evolving defence with effective representment strategies. Do remember - chargeback prevention is much easier than chargeback representment. So plan prevention diligently. If a mistake is legitimate, then disputing the same will be futile. Airlines need to focus on a multi-layer fraud management plan. It should feature complimentary tools for all-inclusive protection, rather than counting on just the basic tools. It doesn’t mean that there is a need to use every product available. Neither strategy will effectively minimize risk exposure. For example, any merchant using Address Verification Service along with card security codes or 3D Secure is technically using multiple solutions to prevent fraud. Other options include card security codes, geo-location, device authentication, proxy piercing, biometrics etc. Airlines need to carefully consider a plan that will address their individual threats.
Other stakeholders, too, need to improve:
· Acquiring banks can help reduce the effects of fraud by establishing internal blacklists and developing chargeback triggers for advanced alert notifications.
· Processors who undergo the most stringent underwriting procedures to maximize their KYC (Know Your Customer) compliance will ultimately reap the benefits through helping to ensure their merchants are following best practice methods that work alongside operational efforts to prevent friendly fraud.
· For issuers, additional due diligence is key. Despite the temptation to rapidly resolve a cardholder dispute, additional effort will pay off in the long run for those who consciously work to prevent bad habits from forming in the first place.
It is pointed out that the problem of chargeback fraud has worsened due to operations of banks that offer both issuing and acquiring services.
“There are various entities involved in the chargeback process and each impacts the outcome differently. Some parties help while others hinder. But more often than not, the individual entity isn’t to blame, rather the policies and regulations set forth for the entire industry,” says Chargebacks911’s COO, Monica Eaton-Cardone. Citing an example, she says, ecommerce wouldn’t exist if card networks and issuers hadn’t taken steps to boost consumer confidence when it comes to payment card use and liability. By abating cardholder’s fears about potential losses tied to fraud, networks and issuers have enabled millions of businesses around the world to experience optimum profitability via card-not-present transactions. However, by advertising zero liability, issuers have inadvertently incentivized friendly fraud. On the other hand, cardholders and merchants are both, technically, customers of the card networks. “As you can imagine, appeasing both sets of customers would be a challenge! Unfortunately, regulations often benefit the cardholder while too much onus is put on the merchant. However, networks have made strides in recent years to slightly lessen the merchants’ liability—for example, accepting flight manifests as compelling evidence and MasterCard’s reason code modernization efforts,” explained Monica.
Despite the hundreds of reason codes used by card networks to categorize chargeback causes, there are actually only three sources of chargebacks: criminal fraud, merchant error, and friendly fraud.
First, merchants need to reduce their exposure to criminal fraud. With the proper technology, customized rule sets, and expert analysis, merchants can significantly reduce the number of unauthorized transactions that get processed. Next, eliminate merchant error. As much as 40% of chargebacks could be cause by the merchant’s own mistakes, oversights, or shortcomings. Ensuring the business’s actions or inactions haven’t actually caused the transaction dispute is essential. An objective and unbiased review of policies and operations can help create an exemplary customer experience and flawless payment processing.
If merchants can eliminate the first two sources of chargebacks, all that’s left is to manage is friendly fraud.
“Nearly all reason codes can be used to mask friendly fraud; cardholders disguise their unscrupulous behavior by claiming a variety of falsehoods. Because merchants don’t have any other way to determine the real motivation, they are forced to take reason codes at face value,” says Monica. “Until there is a reason code labeled ‘friendly fraud,’ merchants will forever be engaged in a guessing game—is this claim legitimate or friendly fraud? This uncertainty is what drives merchants’ inaction. Unless merchants couple professional assistance with chargeback management technology specifically designed to identify the true source of the transaction dispute, they’ll only be able to address the obvious cases of cyber shoplifting.”
Issue of legitimacy
If the case isn’t obviously friendly fraud, merchants are left with the great debate of legitimacy. In these situations, many merchants assume it is better to err on the side of caution, as making an incorrect response could inflict severe consequences. Letting friendly fraudsters slip by is better than mistakenly challenging legitimate criminal activity or an error on the merchant’s part. Moreover, the resources demanded of friendly fraud mitigation is usually more than merchants are willing to sacrifice—especially since in-house teams see such limited ROI. Bottom line: merchants aren’t taking great enough strides towards effective friendly fraud mitigation. However, there are numerous factors outside their control that influence their reluctance to make a more substantial effort.
There are countless examples of how friendly fraud is executed. As Monica explains, airlines can suffer from the equivalent of ‘return fraud’ that is perpetrated in any other ecommerce industry. For example, a cardholder buys tickets but later realizes she must change her travel plans. Because she doesn’t qualify for a full refund from the airline, she’ll file a friendly fraud chargeback and claim the purchase wasn’t authorized—when in fact, it was. Card networks have announced they’ll accept the flight manifest as compelling evidence against friendly fraud. However, there are a very limited number of situations where this documentation can actually help. For example, a cardholder buys a ticket so his girlfriend can come visit at Christmas. While she’s there, the two get in a big fight. Grieved that he paid so much money for such a lousy trip, the cardholder disputes the original purchase. Because the cardholder’s name doesn’t match the flight manifest—because the boyfriend bought the girlfriend’s ticket—there is little the airline can do.
Follow Ai on Twitter: @Ai_Connects_Us
First Published on 11th November, 2016
Ai Editorial: Be it for identifying areas of vulnerability, acting on identified risk or acting swiftly when attack happens, gearing up for website security is of paramount importance, writes Ai’s Ritesh Gupta
Why do websites get hacked and what to do when it happens?
Being ready for the same is an ongoing exercise, and it needs to be an integral part of any crisis management plan today.
Travel brands have been at the receiving end, so it’s important to keep a tab on areas of vulnerability. Specialists label forms, login pages and dynamic content are soft targets.
One needs to assess the modus operandi behind web application attacks.
They can happen over free open-source software and commercial or custom-built applications.
Areas of vulnerability
Today it’s mandatory for every organization to comprehend aspects of an application’s information security.
Airlines need to gear up for penetration tests. This evaluates the effectiveness of information security controls implemented in the real-world. Advantage of penetration testing: Knowing a system’s vulnerability before an invader gets to know it.
Access is considered to be a critical aspect when one talks of hacking.
One needs to have a detailed look at how does one log into hosting panel, server, website, a device etc. A detailed study of how a fraudster/ attacker tends to evade a web application’s authentication and authorization process and ends up gaining access to content of an entire database is must.
Injection errors emanate from a failure to sort out untrusted input. Other than SQL injection, other common mistakes are sensitive data not being encrypted at all times and Cross-site Scripting (XSS) attack (a web application makes use of unvalidated or unencoded user input within the output it generates). An XSS vulnerability results when malicious script that one inserts eventually get parsed in the victim’s browser. Today there are automated web vulnerability scans that are available for guarding one against XSS attacks. The pace with which new code gets deployed today, it is imperative to automate security of a web application.
There is also need to guard against manipulation of software vulnerability, featuring crooked Uniform Resource Locator (URL) or POST Headers. One also can’t ignore instances where a malicious website, email etc causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
Once a vulnerability surfaces, an organization needs to tackle the risk associated.
As Acunetix, a web application security software specialist, recommends, the level of risk can be ascertained from numerous data points – “the severity of the vulnerability, the consequence should the vulnerability be abused, and threats the application faces.” So a Stored Cross-site Scripting (XSS) vulnerability in the authenticated area of a business-critical application hosting sensitive information may appear as a bigger risk than a Blind SQL Injection vulnerability in an internal application that does not pile up sensitive data.
As for new technology, ecommerce sites are relying on analytics and machine learning for real-time cognitive fraud detection. For instance, IBM has come up with new behavioral biometric capabilities that incorporate the use of machine learning to help understand how users interact with banking websites. Fraudsters have a cognitive behavior just like users and it is quite different than a real user. Suspicious behavior is being tracked in new ways to detect new account fraud for online banking and eCommerce sites and malware/ bot activity.
What if attack happens?
Travel brands have faced situations where severe attacks have happened, and it’s a dreadful situation.
Foregenix, a specialist in digital forensics and information security, recommends that organizations need to take compressed backup of the entire web root, and export any database associated with the website. So if payment card data has been stolen then this back-up will needed when there is an investigation by card brands and/or law enforcement. Again, in order to support any inspection, rather than eliminating suspect files from a website, store a copy in a secure, compressed, offline location, recommends Foregenix. Inform processor and acquiring bank. This is in turn will help in dealing with Visa, Mastercard, Amex and the other brands if payment card data has been stolen.
Spot the IP addresses used during the attack. This will help in identifying attack patterns inside of web server logs and other system logs.
Acunetix suggests that companies need to identify accounts that have been compromised. Change the credentials for these accounts. Also, check for malware, malicious software that is developed with the intention of infiltrating a computer or website without the consent of the owner. Check how it works. Viruses, worms, and Trojan horses are examples of malicious software. This is important as most malware are designed to infect other systems. There have been cases where companies have worked with forensic experts and swiftly removed the offending malware.
Being accountable: A leading hotel brand, when its credit card data was breached around a year back, chose to address the question from a consumer’s perspective - How do I know if my credit card has been compromised? The answer from the chain – “If you suspect any unauthorized activity on your card, we recommend you contact your credit card provider directly”. The group also acknowledged that despite having leading data security systems in place, the malware was “undetectable” by all anti-viral systems. Brands are expected to be answerable at all times by customers, and organizations need to be prepared for all external communication related to any such attack.
Follow Ai on Twitter: @Ai_Connects_Us
First published on 21st October, 2016
Ai Editorial: In an era in which we are talking of winning over “micro-moments”, ‘OS-Pay’ can propel consumers’ purchasing behavior. And it can help in controlling fraud, too, writes Ai’s Ritesh Gupta
No marketer likes to get locked in a particular data ecosystem. But, marketers at large, also can’t do without Facebook, Apple, Google, and if we talk of China, then Alibaba, Tencent, and Baidu.
Be it for brand awareness or completing a transaction on such 3rd party platforms, if there is no provision to get data out of an ecosystem, then it inhibits optimisation of the overall marketing initiative. The repercussions vary from wastage of ad expenditure to annoying a customer – say serving an ad repeatedly even if the customer isn’t interested!
So if we talk of Facebook, Google, Apple etc., then making the most of data from each ecosystem is must.
One might excel in search and the other could be sharp in the arena of apps or social. The challenge crops up when one tries to work on customer profiles or assess the overall customer experience.
On the positive side, ad tech companies like Bitly are looking at this conundrum, and offering trackable links in every channel for a unified view.
Lure of OS-Pay – conversion plus lower fraud risk
No doubt cross device tracking and attribution can be a tough task, but airlines need to go with the flow. The direction in which Google or Apple move, airlines, too, need to capitalize and assess where they can step up conversion, more so when transactions can be facilitated by that ecosystem only. In this context, the recent move by Apple Pay and Android Pay to enable users to use OS-Pay through a web browser is an important development.
This is what Android platform promises - be it your chosen app or checking out on Chrome, one just need to rely on Android Pay at checkout and leave the rest to “Android”.
Chargebacks911’s COO, Monica Eaton-Cardone asserts ‘OS-Pay’ can propel consumers’ purchasing behavior and merchants’ fraud management.
Not only “mobile consumers” are much more likely to complete a transaction, but fraud risk is minimized, too.
“With mobile payments, though, the risk of fraud is greater. There are additional hindrances when it comes to cardholder and device authentication. However, this fraud risk is minimized when transactions are processed with ‘OS-Pay’ mobile wallets; apps like Apple Pay and Samsung Pay could actually help deter fraud,” says Monica. She says no actual credit card information is exchanged between the cardholder and the merchant in the process of conducting the transaction. Moreover, sensitive information isn’t stored on the device or shared with the service provider. “Not only that, but Apple Pay and Samsung Pay employ biometric technology as a means of validating the cardholder’s identity.”
“Both of these apps rely on biometric fingerprint technology in order to authorize a transaction. Therefore, in order for the user to authorize a transaction, the cardholder needs to provide a fingerprint. Not only is this a strong deterrent against unauthorized transactions, but the customer’s fingerprint attached to a transaction is very compelling evidence in the merchant’s favour in the event of friendly fraud.”
Airlines need to support popular wallets and payment apps quickly. Imagine there are two customers - one has downloaded an airline app, whereas the other is keen on using 3rd party app/ wallet. Both are accessing same trip essentials, including an airline seat. So how should airline look at their own digital offerings, and also capitalizing on 3rd party mobile wallet payment platforms?
“Airlines are well positioned to capitalize on the earning potential associated with mobile wallets and branded apps. With the addition of up-sell options and full-service concierge, direct retail apps create an ample opportunity for savvy airlines to leverage current demands. Not only that, but by adapting tokenized technology, airlines can enhance security and reduce overall friction while simultaneously improving conversions,” says Monica. Traffic is key, and giving consumers a one-stop shop has proven to be the most winning solution.
Preparing for fraud
As Monica points out, there are 3 primary strategies for understanding and mitigating fraud, and the same holds true for up-and-coming technologies:
1. Enriched data sources: Data analysis is one of the most important components of a successful fraud detection solution, says Monica. When it comes to new methods or technologies, there are additional elements required in order to perform a relevant analysis. Without knowing these elements and understanding how they relate to the overall picture, fraud exposure is apt to increase.
2. Improved human intelligence: New technology also means new and unknown opportunities for fraud. “However, human intelligence in the form of manual review processes, improved quality control, and customer service checkpoints can help negate the threats that frequently accommodate these emerging payment techniques. Human forensics should be a top priority and aligned with any plans to implement a new method or payment strategy,” says Monica.
3. Collaboration and communication: Airlines servicing multiple countries with many departments are challenged with the task of maintaining continuity while implementing new initiatives. Establishing a feedback loop for fraud suspicions will help keep fraudsters at bay and prevent repeat attacks from happening. There are several types of evolving fraud—friendly fraud, for example. A large percentage of these risks can only be detected through communication and collaboration.
Closer to seamless experience
Today, we are talking about winning over “micro-moments”, and a key factor in same is enabling customers to shop and pay in an omni-channel environment. The ability to use Apple Pay and Samsung Pay for online purchases could streamline the process, considering the prowess of their parent companies. If the customer elects to use one of these methods, they wouldn’t have to worry about typing-in all of their cardholder information for each purchase; that data could simply be stored and recalled at will. As a result, customers would be less likely to abandon a transaction. Of course, as Monica says, this could also be a double-edged sword. There is a kind of balance between streamlining the process and encouraging customers to buy without first thinking through a purchase. As a result, this could lead to buyer’s remorse, which could mean returns or even chargebacks at a later date. Another point of friction could be recalling data smoothly across channels. “If a customer begins a transaction on one device but decides to switch to a different channel, that information will need to be immediately recallable. With even minor points of friction, the likelihood that a customer will abandon a transaction increases dramatically, so it would be wise to try and make the process as efficient as possible,” concluded Monica.
Follow Ai on Twitter: @Ai_Connects_Us
First Published on 14th October, 2016
Ai Editorial: The cloud security set up needs to be payment processor agnostic, tokenize and secure all data types plus manage data in an omnichannel environment, writes Ai’s Ritesh Gupta
Optimizing payments-related infrastructure requires one to excel on many fronts.
Be it for data privacy and data security challenges, the simplicity and speed at which an airline process their business payments and transactions, accepting varied form of payment methods or ensuring the entire set up doesn’t hamper the travel shopping experience by keeping everything under design control, a lot needs to be done. Every facet has its significance, and airlines can’t afford to slip on any account.
Cloud-based set up for processing of payments
Airlines, just like any organization in the arena of digital commerce, need to keep place with telling changes in the enterprise IT environment.
Talking of payments, cloud computing is an attractive proposition, and this is owing to several benefits – curtailing expenditure, cost cutting etc.
But is cloud secure for payment processing?
This is a vital conundrum to solve as no airline or any travel organization would imagine being a victim of any sort of fraud or even a data breach. No matter how strong the infrastructure is for processing of payments, airlines and other travel merchants can always be jittery when it comes to trusting a 3rd party vendor with key details such as traveller’s credit card information, with the perception that data must be stored in-house in order to handle chargebacks etc. When one talks of drifting away from on-premise software solution for processing, there would always be some level of reluctance. There is a need to evaluate potential risks in a shared environment. As observed over a period of time, cloud data-centre security is being labelled as more vigorous than that of on-premise legacy servers. As a result, cloud-based software is gaining prominence.
WEX Travel, a provider of virtual payment solutions to the travel industry, in one of its recent blog postings, did refer to apprehensions about cloud specialists’ ability to “keep data secure” as a major roadblock that hinders shifting of processing to the cloud. As WEX also acknowledges, cloud providers “devote more resources to security”, but still there is need to verify the plans for storing data at the cloud.
It needs to be highlighted that the utility of cloud computing is on the rise. Payment specialists are looking at delivering seamless omnichannel payment processing within a single payment solution. This week Adyen announced that for the first time, merchants “can enable credit card payments, manage complex alternative payments, offer fraud solutions and conduct EMV card-present solutions globally over a single interface delivered entirely in the cloud”. Adyen says with this move, one can avoid costly systems integration, data reconciliation is in real-time, and the offering is payment method agnostic.
Cloud-based payment tokenization
Cloud-based payment tokenization lays a strong foundation and ensures that an organization’s sensitive data doesn’t get stolen from their business systems.
Tokens can feature in transactions involving debit and credit cards, loyalty cards; cloud-based payments; e-commerce and m-commerce payments - card-on-file data.
By tokenizing sensitive data, you remove it from your environment, reducing scope and compliance.
Also, airlines can’t afford to work with specialists that only tokenize payment data, and leave other sensitive data streams.
Importantly, tokens (essentially results from a procedure in which a sensitive data field, Primary Account Number or PAN from a credit or debit card, is swapped with a proxy value named as token) can pave way for accomplishing compliance with requirements that specify how sensitive data needs to be handled and secured by companies in order to adhere to guidelines such PCI DSS.
The proxy value or tokens cannot be upturned to their primary values without retrieving the original set up that relates with their original values. Such key information is kept in a secure location inside a company’s firewall. Only cloud tokenization erases toxic data out of PCI, PHI, and PII scope. (In comparison, when we talk of encryption, the surrogate can be reversed to the original value via the use of a “key”).
Travel companies need to assess the efficacy of the chosen cloud security offering, especially in terms of taking care of most of the scope of PCI Compliance by eradicating payment details from enterprise systems and substituting it with surrogate value or token; capturing payment data prior to its entry into systems and storing the PANs in data vaults, returning tokens to systems; replacing tokens from systems and transmitting PANs to payment processors and service partners; batch processing PAN files into tokens and securely vaulting the PANs.
Speed is of essence, too.
In today’s fast paced shopping environment, microsecond latency counts.
The time taken to transforming PAN to token and back to PAN needs to be done in a swift manner, and this shouldn’t have any sort of negative impact on payment processing.
As WEX highlighted, airlines need to curtail the level of detailed information an entity needs to store. Plus, restrict staff’s access to such data.
Also, when it comes to paying vendors with Virtual Card Numbers (VCNs) one doesn’t need to be aware of bank account information and don’t need to protect their sensitive information. WEX stated that VCNs also mean that your own account information is safe whether you or the vendor tracks and processes payments in the cloud. “Because VCNs can be used only once, even if there’s a breach, as has happened with hotel chains including Hilton, Marriott, and others, there’s no risk of fraudulent transactions,” highlighted the company in its blog.
Follow Ai on Twitter: @Ai_Connects_Us
First Published on 7th October, 2016
Ai Editorial: If airlines adopt a risk-averse approach to managing fraud, then sales can suffer tremendously. Ai’s Ritesh Gupta explores this issue
When one talks about the role of machine learning in managing fraud, there is one question that immediately crops up.
How does machine learning take the onus and deliver – in terms of liability shift as well as handling fraud and boosting sales? The industry is already talking about 100% chargeback protection i. e. getting entirely refunded for any unauthorized transaction not getting detected.
As it turns out, a huge problem with the traditional rule-based fraud solutions and reliance on manual reviews lies in a risk-averse approach to managing fraud. Methods like these are overly focused on bringing down the fraud rate as close to zero as possible, and tries to prevent the first chargebacks from happening. When this happens, sales suffer tremendously.
Firstly, fraud managers would rather not take the risk of accepting a borderline transaction (which could be genuine), resulting in much greater false positives. At the same time, rules deployed (location based, amount based, time based, etc) limit genuine users from making transactions.
In addition to the effectiveness in detecting fraudsters, with machine learning, the system understands when to skip rules when positive behaviour is detected. Furthermore, an optimized algorithm (another form of machine learning) allows the system to optimize and make the most of all the transactions that are seen as part of a portfolio. Based on calculated risks, the system passes the optimized number of transactions while ensuring that chargeback rates are still under control. As a result, borderline genuine transactions can be passed and unnecessary rules and bans are lifted, improving sales greatly.
What hampers sales?
According to Justin Lie, Group CEO, CashShield, a SaaS based self-learning fraud prevention solution for ecommerce, around 3-4 years ago, airlines were reluctant to speak about big data and machine learning as they were still very reliant on payment gateways to handle fraud. However, in recent times, fraud has evolved to become much more complex, and airlines have increasingly come to understand the importance of fraud management to gain competitive advantage and optimize sales.
“We are definitely seeing a positive trend of airline companies gaining back control of their payment options, flow and procedures in the industry, and they are more and more knowledgeable about putting together the various pieces of puzzle to enhance performance,” Lie says.
The use of rules and manual reviews hamper sales and are not the most effective form of managing fraud, added Lie.
“When airlines move away from traditional methods, they must be comfortable with automating most or all of the fraud systems, which means that they can redirect resources to more important areas and focus on their core business, and also allows them to scale up operations much easily while keeping the cost managing fraud under control,” said Lie.
From detecting fraud to predicting it
When using traditional methods of detecting fraud (deploying hard rules and manual reviews), it is often based on analysing the standard fields (name, address, email, IP location, fingerprint and what can be found on the order form) and what transactions have passed through the hard rules. The problem here is that those standard fields and hard rules are extremely easy for fraudsters to manipulate and get passed once they have figured the rules in place. For example, it is now easy for fraudsters to generate hundreds or thousands of new fake emails, and once they realise that a time based rule (no more than 3 transactions in an hour) is in place, they will try to write their program to attack the system with 3 transactions per hour each time. Not only so, genuine customers are likely to be blocked. For instance, a geo-location rule would block customers booking transactions from ‘riskier’ locations.
Moving towards machine learning allows airlines to remove all these unnecessary rules that would have otherwise blocked genuine customers. The combination of big data and machine learning allows more effective fraud prevention. To simplify what has been said about big data and machine learning, big data is first used to collect information about the user’s behaviour on the website (how the mouse moves, what he likes or puts into his wishlist, etc), and this information is combined with machine learning, which uses pattern recognition to map the pattern of his behaviour to match it either with positive (genuine) or negative (fraudulent) behaviour, as well as predictive analytics that records the positive/ negative behaviour and uses that on future transactions for potential signs of fraud. Lastly, an optimized fraud risk algorithm should be used to make decisions on whether or not to accept a transaction based on calculated risks to best optimize sales while controlling fraud and chargeback rates.
Automating fraud analysis
Since the information and data that each airline collects are different (including their web structure and payment options), airlines should refrain from using a one size fits all solution. Instead, they should consider using fraud solutions that cater and adapt to their industry and business model.
Rather than collecting as much data as possible, the quality of the data and how the airlines use the data for better decisions in fraud prevention and increasing sales is much more important.
As for machine learning, it often encompasses different types, and simply using one type (predictive analytics) is insufficient. Merchants should learn to discern and understand the different types of machine learning, and be sure to know if the fraud solution uses only predictive analytics or covers more bases with more than one kind of machine learning. To “improve” machine learning, or rather just to get the best out of machine learning, businesses should deploy solutions that use more than just predictive analytics, or upgrade to a solution that uses predictive analytics, pattern recognition and optimization if they are still using traditional methods of preventing fraud.
Follow us on Twitter: @Ai_Connects_Us
First published on 29th September, 2016
Loyalty fraud is a malice that continues to spread. It is up to loyalty practitioners to educate the senior management, including CFO and CEO, on the seriousness of loyalty fraud, writes Ai’s Ritesh Gupta
Are you thinking like a fraudster? Are you contemplating how your rewards program or FFP can be exploited by a criminal?
It’s time to take action. It’s time to be in control.
Fraud is happening, and it’s growing.
The onus is on businesses to respond, simply because consumers aren’t changing their behavior and as a result they are more vulnerable to fraud. In one of its recent surveys, ACI indicated that consumers are not really protecting themselves enough. For instance, they “leave phones (with ever increasingly available mobile wallets) unlocked and perform sensitive transactions on public computers”. And to make it worse, if the perception is weak, or there is not adequate customer support as a result of a fraud incident, then the customer moves on.
As highlighted in one of our recent articles, the fact that airlines present more earning and redemption options today, mainly via partnerships and rewards ecosystems, this also means that the overall loyalty earning and burning lifecycle has paved way for new means of fraud. We referred to following initiatives to keep a tab on loyalty fraud – monitor activity, keep data/ information secure, stringent verification, being savvy with data, customer experience shouldn’t be jeopardized and creating awareness among consumers.
But, as I interacted with experienced airline industry and loyalty consultant, Iain Webster, it became clear that there are other areas, too, that need to be focused upon. Webster, currently associated with ICLP, a part of the Collinson Group, in London as senior loyalty consultant, asserted that fraud is growing. “The fraudsters are getting more serious as they realise the gains to be had. Loyalty practitioners need to get serious too,” suggested Webster.
Aligning things internally for fruitful results
Importantly, the industry also needs to align itself internally in order to have a bigger control over the malice of loyalty fraud.
Webster said it boils down to too few airlines recognising that loyalty is big business.
“A successful FFP can easily bring in more revenue than a Cargo division, for example. It is up to loyalty practitioners to educate their CFO and CEO on the seriousness of loyalty fraud,” he said.
He said there are 2 main issues when it comes to combating loyalty fraud today.
1. Detection: Most loyalty programs sit within marketing departments and therefore have neither the skills nor the inclination to spend time and resource digging around looking for an unseen problem. Detecting fraud requires a mix of data, financial and technical knowledge, said Webster.
2. Prosecution: “I deliberately use the word ‘prosecution’ because that is the logical consequence of theft. Loyalty fraud is theft. Period. But it is not easy to persuade top management or the authorities that something of value has been stolen. Therefore in instances where fraud is uncovered the usual response is to do little more than close the account and blacklist the email address of the fraudster who is then free to move on and do it again somewhere else under an alias,” explained Webster.
So airlines need to dig deeper, and need to have resources and processes in place.
· Define roles and set up a process – The fraud/ security team needs to be established with clear definition of roles. Also, airlines need to establish business policies and operational practices in addition to implementing fraud detection and prevention tools. Is there a process in place to assess multiple data points in order to detect modus operandi? How to work out manual and automated tools to keep a tab on fraud related to loyalty? Who is going to decide on performance metrics and related accountability?
· Areas of improvement - Loyalty program fraud largely tends to revolve around purchase of points or miles via fraudulent or stolen credit cards, and taking over of loyalty accounts by a cheat/ imposter, who generally redeems the points or miles. Where do you think airlines can improve at this juncture? “Firstly, if they are not already doing it, airlines should apply the same rigor to detecting credit card fraud with point purchase as they do with revenue ticket purchase. Then I believe the issue is not so much ‘taking over’ of loyalty accounts, but one of identity theft where an account is set up by the fraudster using a stolen identity,” said Webster. “Anecdotally I can well remember ringing up the genuine individual who was the named person on an account we had under investigation only to spend the first ten minutes trying to explain to him what a frequent flyer program was. He had no idea that the fraudster, his travel agent, was operating the account and then selling on the redemption tickets.”
· Understand new developments – A lot is being talked about real-time, behavioral analytics-based fraud detection and prevention. “I would like to see greater use of technology and data mining to detect suspect behaviour patterns in much the same way as the insurance claims industry has been doing for years,” suggested Webster. Specialists highlight that behavioral analytics can be banked upon to discover and probe changes in user behavior with precision. So one can come to grips with complex fraud patterns with high accuracy based on dynamic user behavior modeling.
Loyalty Fraud Association
A new association, Loyalty Fraud Prevention Association, has been set up to fight loyalty fraud.
“By bringing together loyalty managers from different industries, travel, financial, and retail we will create an environment of shared knowledge of the techniques being used by the bad guys and the counter-measures that others have found successful. This way we can alert our members as to existing and potential scams. The loyalty version of Interpol. Maybe ‘Interpoints’ ?” said Webster, president, Loyalty Fraud Prevention Association.
A two-day event, Annual General Meeting - Loyalty Fraud Prevention Association (LFPA), is scheduled to take place in London (Nov 9-10) this year. The agenda: Is your loyalty program protected?
Or click here
Ai Editorial: Fighting fraud can’t be a competitive issue since criminals are not “brand loyal”. Just the way airlines are fighting card payment fraud, there is a need to combat loyalty fraud in a similar manner, writes Ai’s Ritesh Gupta
Revenue leakage, clean fraud, fresh fraud, criminal fraud…if you are part of an airline, then you would have probably heard of all of these. But there is one more type of fraud – loyalty fraud - that is now entrenched on this list as well.
Yes, loyalty fraud isn’t atypical phenomena anymore.
In fact, nothing is more dreadful than the fact airlines, as an industry on the whole, haven’t come to grips with this menace.
This is exemplified by the fact that not only hackers, but current employees or ex-staff are also currently indulging in illegitimate activities related to FFPs. Not only there is claiming or awarding of miles fraudulently, but the brand value as well as the trust of the customers takes a beating.
A couple of months ago Air India was embroiled in one such controversy. If we type “Air India loyalty” on Google UK or Google India, then on the first page itself there is a news link about theft of passengers’ frequent flyer miles. This means any search about Air India’s loyalty program can have a detrimental impact on the brand, and negative impact on the association of a passenger with the airline or their FFP.
As it turned out, in case of Air India, FFP accounts were hacked and the bunch of fraudsters also featured an ex-employee. He apparently had access to Air India’s intranet and Internet-based systems.
“This is completely unacceptable (ex-staff gaining access even after not being associated with the organization),” stated Peter Maeder, Co-Founder & Secretary, LFPA or Loyalty Fraud Prevention Association, a new entity set up to fight loyalty fraud.
Stealing of points/ miles is attractive
FFPs worldwide continue to face capacity, regulatory, accounting and liability pressures, notwithstanding the fact that we compete for “share of mind” in an over-crowded loyalty environment.
FFPs have evolved, and as a result the earning and redemption options today are more than ever. Maeder says because of the new accounting rules introduced in 2008/ 2009, loyalty program manager are seeking more ways for their customers to redeem their points and miles. “Therefore, cash-like redemption programs are on the increase. As a result, stealing points/ miles have become much more interesting for the criminal fraternity. Furthermore, so called “friendly fraud” - we should not talk about “friendly” fraud , fraud is a criminal act and can’t be friendly! - is very simply done by all people involved in loyalty programs (staff, but also travel agents or other third party organizations),” explained Maeder.
Simple measures first
Maeder says its imperative airlines comprehend all possibilities of fraud - fraud by members, staff, travel agents, partners, data breaches/ hacks/ malware etc. and accordingly train relevant teams and find ways to forge reliability and security across the organization. “Rather than just dwelling on costly initiatives from the beginning, a solid foundation needs to be in place – enforcing certain values and creating awareness. Airlines owe it to their loyal members – protecting data of passengers, and shield their reputation. This is absolutely mandatory at this juncture,” said Maeder. For example, a tendency to keep simple passwords is still there and this can result in a compromise of any IT system if the staff goes ahead with say “123456” as a password.
“Fighting fraud requires resources, both human (trained and dedicated staff) and technical (secure IT infrastructure). Many loyalty programs are being run on legacy IT systems, which are prone to hacking.
Fighting fraud requires a professional organization - few airlines have so far invested in developing teams and systems to respond adequately to the rapidly increasing threat, which costs them not only money, but above all their reputation! Does it require media pressure, until the loyalty industry is waking up and starts taking the necessary steps to fight the phenomena?” questioned Maeder.
Airlines need to take simple measures first to ascertain the danger of cyber security and gradually move on to embracing high-level risk-based rule engines to monitor accounts for suspicious or unusual activity, and establishing automatic alerts for questionable activities.
For instance, Maeder referred to penetration tests. This evaluates the effectiveness of information security controls implemented in the real-world. Advantage of penetration testing: Knowing a system’s vulnerability before an invader gets to know it. This way areas susceptible to attack are exposed. Accordingly, remedial initiatives can be taken to foster a secure environment. Other than evaluating threat from outsiders, an internal assessment, too, can be done with the assistance of specially designed plug-computers to replicate an attack from within the client’s network.
Maeder referred to an important point when we talk of collective improvement.
“The credit card industry has long recognized that fraud is a significant cost facture to all parties involved in card payments. Therefore, they have set-up standards, guidelines and rules that have to be adhered to when accepting or transmitting credit card data (the Payment Card Industry Data Security Standards or PCI DSS).
To date, there is no body/organization that seeks to support the loyalty industry in a similar way,” pointed out Maeder. “Some airlines have invested significant time and money to make their card payment infrastructure more secure and have been able to reduce their losses due to fraud. Unfortunately, similar efforts have not yet been undertaken so far and the hackers are clearly taking advantage of these “opportunities”.”
Hackers, who are usually a step ahead of the “good guys” have started to switch their activities to loyalty programs, which are not as well protected as card programs. Also, the airline industry is working together in fighting card payment fraud – work groups, data sharing, chat forums etc. “Nothing similar is available so far in the loyalty area,” said Maeder, who added that the objective of the LFPA is to provide guidelines, share best practices, offer training and exchange ideas about fighting loyalty fraud.
Collaboration is definitely going to be an important weapon in the armoury of airlines. Maeder made an important remark.
“Fighting fraud can’t be a competitive issue – the criminals are not “brand loyal”,” he said.
The LFPA will allow and encourage collaboration among industry professionals by running chat forums (open to registered members only), providing a data base of data elements that have been used in confirmed fraudulent transactions, workshops where best practices are being discussed and developed, webinars, conferences. “We are not reinventing the wheel, but are using the experience gaining in fighting credit card fraud. Membership is open to all parties in running loyalty programs. However, participation in work groups, chat forums, etc. is limited to registered members only,” he said.
A two-day event, Annual General Meeting - Loyalty Fraud Prevention Association (LFPA), is scheduled to take place in London (Nov 9-10) this year. The agenda: Is your loyalty program protected?
Or click here