Ai Editorial: Protecting a passenger’s identity in a connected world

First Published on 24th March, 2017

Ai Editorial: Operationalizing digital identity assessments is one initiative that every e-commerce enterprise needs to manage diligently, writes Ai’s Ritesh Gupta


Airlines, like any merchant, need to safeguard their users’ personal details saved. Imagine a situation where flyers open a personal account on an airline’s digital platform to access speedy bookings and swift flight check-ins, and at some point such data gets stolen, forces breakage in access to digital services and even results in negative publicity. This is indeed going to be a dreadful situation.

E-commerce entities require data to serve personalised offerings, but if they become a victim of a data breach then even a project like digital transformation receives a major setback. No airline can fathom breach of loyalty miles, and hacker selling account credentials to redeem the miles for tickets!

While e-commerce entities like Ryanair are looking at account personalization in a big way, this also means fraudsters can count on user identities to access personal and payment details. The reason being: use a trusted credit card saved in a valid customer account.

There is no scope for traditional ways of securing accounts or fraud prevention, for instance, savvy digital entities, focused on enrolling customer details in new ways to personalise their offerings, now consider static information being stored as a potential threat to being breached. The level of security or layers needs to be evaluated as fraudsters can hijack legitimate login sessions. Do seek a tighter measure against malware or social engineering attacks.

In fact, the threat of being breached can have detrimental impact on a bunch of airlines at one go. How? Experts don’t rule out multiple airlines systems being breached at the same time: when the user account on one airline’s system is breached, hackers will use the exact credentials to take over the same user’s account on the other airlines’ systems as users seldom differentiate their login credentials.

Bigger threat with “connected” world

Today’s intricately connected world means airlines have to work on their IT infrastructure, data management, digital interfaces etc. to ensure there is consistency in interactions. But this digital first approach also calls for stringent protection.

For instance, the Internet of Things (IoT) assumes that information and data will flow seamlessly and securely from one device or one party to another, where it can be accessed and used immediately. If the IoT keeps tracks of the items you intend to purchase, it can automatically tally the payment and process the payment as soon as it connects to the nearest payment terminal or app and verifies the customer's information and data. But wouldn’t this call for a stronger protection?

Fraudsters can work out near perfect identities from the digital detritus that digital entities and consumers are providing.  As ThreatMetrix aptly states: “It is identity, not passwords or payment details, that is the cybercrime currency of 2017: near perfect, yet terrifying, simulacrums of you and I that can be used to open new accounts, hack into existing ones, and monetize fraud attacks.”

According to ThreatMetrix’s Q4 Cybercrime Report, few of the alarming trends that need to be watched out for include:

·      New account originations continue to be the riskiest transactions with nearly 1 in 10 rejected.

·      Considering a spate of data breaches,  organizations can’t rely on static data elements. Dynamic information featuring a user’s digital identity will be critical in distinguishing “good customers from bad”. 

·      Fresh assaults will target collection of more details to strengthen stolen identities, rather than immediate monetization.

Attack from several quarters

Airlines need to consider the fact that one doesn’t distinguish between identities penetrated from behind a network/ firewall or via an account compromise. It is a big blow, one that, propelled by convincing identities as formulated by fraudsters, can fuel large-scale attacks. 

Organized crime

This stolen data is traded by organized and networked crime networks via certain websites, apparently made accessible via specialized encryption software and browser protocols that conceal the location of cybercriminals who are part of such sites.

Recently, a cybercriminal was reportedly sentenced to 50 months in prison for identity theft. This fraudster was caught selling personal data of victims on a cybercrime platform, AlphaBay.

Definition of being safe

When we talk of digital first for a seamless, personalised experience, the safety of identity or account data to needs to be prioritized as well.  Also, considering the lightening speed with which consumers expect every digital interaction to shape up,  airlines need to validate customer identities without any friction.

Bot detection, ID verification, device check, cookie erasing etc. are coming into use.

Specialists assert that it is critical to evaluate every digital identity, one shaped up by dynamic, shared intelligence unearthed from a variety of sources rather a specific organization a user transacts with. Time one looks at blending static identity data with dynamic, real-time intelligence from current and historical transactions. In order to gain better results and minimize friction, specialists are counting on behavioral biometrics , analytics and a predictive model based on past behavior and transaction data to authenticate transactions. The plan is to relate user and device interactions in the present session to past user and device interactions, and look at the gamut of attributes associated with the user, device and connection.


Are you bold enough to survive in the brave new world?  Assess your preparedness at 11th Airline & Travel Payments Summit (ATPS).

Date: 03 May 2017 - 05 May 2017   

Location: Berlin, Germany 

For information, click here

Follow Ai on Twitter: @Ai_Connects_Us