Ai Editorial: 3 ways airlines can sharpen their crusade against loyalty fraud

First Published on 18th May, 2017

Ai Editorial: Awareness among loyalty program members, avoiding data breach and fraudulent loyalty transactions, and being a part of a strong merchant community can bring down the risk of loyalty fraud, writes Ai’s Ritesh Gupta


Airlines need to assiduously take initiatives on several fronts in order to safeguard their loyalty programs. The threat of loyalty fraud can’t be ignored as a fraudulent activity via use of miles would denote a write-off on the balance sheet. This eventually affects margins. So airlines must assess their defence against loyalty fraud. 

It is time airlines comprehend how loyalty fraud can involve customers, employees, travel agents, partners, and what can result in data breaches, malware etc. and accordingly train relevant teams and find ways to forge reliability and security across the organization. A recent research by Ai revealed that 72% of airline loyalty programs have an issue with fraud. Additionally, 30% of airline programs reported the problem was growing rapidly year-on-year. However, surprisingly, 10% of airline loyalty programs didn’t know if they had a fraud problem or didn't know that it was possible for loyalty fraud to occur.

In one of Ai’s conferences, it was highlighted that airlines can be attacked from unexpected quarters.

For instance, the case of “registered users fraud”. It was highlighted that it is a common scenario that a registered user is considered to be a “loyal” or “positive” user.  But it is time revisits such notion. Why? As one of the speakers stated, “Because a registered user after an account takeover and without identifying it, could be the most dangerous account in an airline’s user base. The fraudster could use this account to steal any personal details and book via methods with lower friction and probably less fraud analysis. How many of you checking your registered users?”


There are 3 areas where airlines can focus on to combat loyalty fraud:

1.     Creating awareness among loyalty progam members: Members need to know how to protect their loyalty accounts. This is even more critical today as the loyalty earning and burning lifecycle has opened new avenues for fraud. Of utmost importance is the realization that loyalty programs are being hacked and what can be done to avoid this? Do members of a frequent flyer program treat their respective loyalty accounts as credit card information? This type of fraud is similar to card-not-present fraud. An account can hacked by capitalizing on weak passwords, stealing of identity etc. So it must be highlighted that if fraudsters gains access to an account, they can seize points/ miles and rob loyal members by availing redemption options (other threat is data breach). As Michael Smith, Managing Partner, Airline Information and Co-Founder, (Loyalty Fraud Prevention Association (LFPA) says passengers (or customers at large) should be wary about which Wi-Fi they are connecting to, and also as FFP members they must be cautious about sharing name and account number. “With those two bits of information, fraudsters just need to guess your password and they are in to your account,” he says. Smith asserts that a flyer shouldn’t share or post the picture of a boarding pass, as it features vital information.

Managing passwords isn’t an easy thing to do considering so many accounts all of us manage. But having one simple password for all log-ins can probably result in worst nightmare – more than one account getting hacked. When the user account on one airline’s system is breached, hackers will use the exact credentials to take over the same user’s account on the other airlines’ systems as users seldom differentiate their login credentials.   

So airlines need to inform about passengers about seemingly simple mistakes that can unknowingly create havoc with FFP accounts.

2.     Taking internal measures to avoid data breach and fraudulent loyalty transactions: As an industry, airlines have made rapid progress in dealing with card-not-present transactions. There is no reason why the same can’t be replicated for loyalty fraud, as pointers are quite similar. Airlines have to sharpen their real-time decision making, customize as per their current risk engine and workflow. Lot of organizations are adding multiple layers (of course, not at the expense of shopping experience), for instance, how intelligence behind the email addresses of customers can yield better results? Accertify, in a blog post, underlined that email address is being “highly under-utilized” by many companies as a vital tool in an overall risk assessment strategy. Referring to limitations of a device ID or a phone number in case of global companies, Accertify highlighted that every time email is used it leaves a trail of sorts, and this is strong enough to evaluate to the level of risk associated with a transaction. As a specialist, Emailage points out that email addresses have the same convention globally: user-name, “@” sign and domain. This makes the email address a perfect data point for robust risk assessment.  The way that fraudsters use email addresses fall into patterns that are identifiable based on velocity and structure.  

In addition to data from 3rd party sources, the fraud specialists within an airline must be supported to speed up the pace and precision of fraud detection – reduction in manual reviews, how to screen for loyalty fraud, access to real-time custom reports etc. Overall, organizations must gear up for login behavior, account changes and evaluation of purchase behavior. CyberSource recommends tracking of user account creation and login behavior, as well as screening for fraud at purchase and redemption of points.

3.     Being a part of a strong merchant community: Airlines, as seen in the case of payments fraud, have been a part of a strong merchant community to jointly wage a battle against fraudsters. New organizations and tools are coming up. The Loyalty Fraud Prevention Association, set up last year, is focused on using the experience gained in fighting credit card fraud to deal with loyalty fraud. Also, Perseuss, as merchant community’s answer to the problem of fraud, has developed Theseuss. This new platform gathers loyalty fraud intelligence, and features an active and collaborative community of loyalty fraud experts using the system. Theseuss would enable the exchange of fraud intelligence and evidence to allow the identification of loyalty fraud patterns. One of the highlights is the use of machine learning algorithms to discover potential fraudulent loyalty transactions.

Follow Ai on Twitter: @Ai_Connects_Us