Ai Editorial: Opposing loyalty fraud with a collaborative approach
Ai Editorial: Fighting fraud can’t be a competitive issue since criminals are not “brand loyal”. Just the way airlines are fighting card payment fraud, there is a need to combat loyalty fraud in a similar manner, writes Ai’s Ritesh Gupta
Revenue leakage, clean fraud, fresh fraud, criminal fraud…if you are part of an airline, then you would have probably heard of all of these. But there is one more type of fraud – loyalty fraud - that is now entrenched on this list as well.
Yes, loyalty fraud isn’t atypical phenomena anymore.
In fact, nothing is more dreadful than the fact airlines, as an industry on the whole, haven’t come to grips with this menace.
This is exemplified by the fact that not only hackers, but current employees or ex-staff are also currently indulging in illegitimate activities related to FFPs. Not only there is claiming or awarding of miles fraudulently, but the brand value as well as the trust of the customers takes a beating.
A couple of months ago Air India was embroiled in one such controversy. If we type “Air India loyalty” on Google UK or Google India, then on the first page itself there is a news link about theft of passengers’ frequent flyer miles. This means any search about Air India’s loyalty program can have a detrimental impact on the brand, and negative impact on the association of a passenger with the airline or their FFP.
As it turned out, in case of Air India, FFP accounts were hacked and the bunch of fraudsters also featured an ex-employee. He apparently had access to Air India’s intranet and Internet-based systems.
“This is completely unacceptable (ex-staff gaining access even after not being associated with the organization),” stated Peter Maeder, Co-Founder & Secretary, LFPA or Loyalty Fraud Prevention Association, a new entity set up to fight loyalty fraud.
Stealing of points/ miles is attractive
FFPs worldwide continue to face capacity, regulatory, accounting and liability pressures, notwithstanding the fact that we compete for “share of mind” in an over-crowded loyalty environment.
FFPs have evolved, and as a result the earning and redemption options today are more than ever. Maeder says because of the new accounting rules introduced in 2008/ 2009, loyalty program manager are seeking more ways for their customers to redeem their points and miles. “Therefore, cash-like redemption programs are on the increase. As a result, stealing points/ miles have become much more interesting for the criminal fraternity. Furthermore, so called “friendly fraud” - we should not talk about “friendly” fraud , fraud is a criminal act and can’t be friendly! - is very simply done by all people involved in loyalty programs (staff, but also travel agents or other third party organizations),” explained Maeder.
Simple measures first
Maeder says its imperative airlines comprehend all possibilities of fraud - fraud by members, staff, travel agents, partners, data breaches/ hacks/ malware etc. and accordingly train relevant teams and find ways to forge reliability and security across the organization. “Rather than just dwelling on costly initiatives from the beginning, a solid foundation needs to be in place – enforcing certain values and creating awareness. Airlines owe it to their loyal members – protecting data of passengers, and shield their reputation. This is absolutely mandatory at this juncture,” said Maeder. For example, a tendency to keep simple passwords is still there and this can result in a compromise of any IT system if the staff goes ahead with say “123456” as a password.
“Fighting fraud requires resources, both human (trained and dedicated staff) and technical (secure IT infrastructure). Many loyalty programs are being run on legacy IT systems, which are prone to hacking.
Fighting fraud requires a professional organization - few airlines have so far invested in developing teams and systems to respond adequately to the rapidly increasing threat, which costs them not only money, but above all their reputation! Does it require media pressure, until the loyalty industry is waking up and starts taking the necessary steps to fight the phenomena?” questioned Maeder.
Airlines need to take simple measures first to ascertain the danger of cyber security and gradually move on to embracing high-level risk-based rule engines to monitor accounts for suspicious or unusual activity, and establishing automatic alerts for questionable activities.
For instance, Maeder referred to penetration tests. This evaluates the effectiveness of information security controls implemented in the real-world. Advantage of penetration testing: Knowing a system’s vulnerability before an invader gets to know it. This way areas susceptible to attack are exposed. Accordingly, remedial initiatives can be taken to foster a secure environment. Other than evaluating threat from outsiders, an internal assessment, too, can be done with the assistance of specially designed plug-computers to replicate an attack from within the client’s network.
Collective improvement
Maeder referred to an important point when we talk of collective improvement.
“The credit card industry has long recognized that fraud is a significant cost facture to all parties involved in card payments. Therefore, they have set-up standards, guidelines and rules that have to be adhered to when accepting or transmitting credit card data (the Payment Card Industry Data Security Standards or PCI DSS).
To date, there is no body/organization that seeks to support the loyalty industry in a similar way,” pointed out Maeder. “Some airlines have invested significant time and money to make their card payment infrastructure more secure and have been able to reduce their losses due to fraud. Unfortunately, similar efforts have not yet been undertaken so far and the hackers are clearly taking advantage of these “opportunities”.”
Hackers, who are usually a step ahead of the “good guys” have started to switch their activities to loyalty programs, which are not as well protected as card programs. Also, the airline industry is working together in fighting card payment fraud – work groups, data sharing, chat forums etc. “Nothing similar is available so far in the loyalty area,” said Maeder, who added that the objective of the LFPA is to provide guidelines, share best practices, offer training and exchange ideas about fighting loyalty fraud.
Collaboration is definitely going to be an important weapon in the armoury of airlines. Maeder made an important remark.
“Fighting fraud can’t be a competitive issue – the criminals are not “brand loyal”,” he said.
The LFPA will allow and encourage collaboration among industry professionals by running chat forums (open to registered members only), providing a data base of data elements that have been used in confirmed fraudulent transactions, workshops where best practices are being discussed and developed, webinars, conferences. “We are not reinventing the wheel, but are using the experience gaining in fighting credit card fraud. Membership is open to all parties in running loyalty programs. However, participation in work groups, chat forums, etc. is limited to registered members only,” he said.
A two-day event, Annual General Meeting - Loyalty Fraud Prevention Association (LFPA), is scheduled to take place in London (Nov 9-10) this year. The agenda: Is your loyalty program protected?
For any query, email - cstaab@aiconnects.us
Or click here
