Ai Editorial: Public Wi-Fi and fraud, how safe are you as a merchant?

First Published on 10th August, 2017

Ai Editorial: Cyber-attacks resulting from hacking of public Wi-Fi connections aren’t new. But travel e-commerce companies need to be sharper than ever, writes Ai’s Ritesh Gupta


Connecting to a free Wi-Fi is one move that majority of us can’t do without. As much as the urge to stay connected is understandable, this can also play havoc with our sensitive data. Hackers can steal our credit card numbers, login credentials pertaining to a loyalty program or any account etc. So as much as travel e-commerce companies try to combat every possible loophole that puts traveller’s key details at risk, this threat continues to trouble all the stakeholders.  

The significance of safeguarding a Wi-Fi network was highlighted recently by the WannaCry ransomware cyberattack.

In this context, airlines and other travel companies need to be more vigilant than ever. For instance, an unsafe Wi-Fi connection used by the airline staff can pave way for illegal access to internal networks for cyber criminals. Also, companies can’t ignore the threat of drive-by ransomware downloads and phishing attacks. It also needs to be understood that just because a connection requires a password to log in, it doesn’t mean a user’s online activities are encrypted.

Attacks on public Wi-Fi

There are basically two kinds of public Wi-Fi networks: secured and unsecured, for the latter users can be connected without any type of security feature like a password or login.

In May this year, Norton by Symantec surveyed over 15000 mobile device users who had connected to Wi-Fi. The findings were as follows:

·          60 percent feel their personal information is safe when using public Wi-Fi, yet 53 percent can’t tell the difference between a secure or unsecure public W-Fi network.

·          75 percent of consumers don’t use a Virtual Private Network (VPN) to secure their Wi-Fi connections, even though it’s one of the best ways to protect your information.

·          87 percent of consumers have potentially put their information at risk while using public Wi-Fi

Organizations need to be ready to combat “Man-in-the-middle” vicious strikes. These are carried by cybercriminals or hackers using a rogue hotspot.  

For such malicious move, a fraudster or a hacker works out access to an unsecured, or weak secured Wi-Fi router. Such connections are usually found in public areas with free Wi-Fi hotspots. Once the weak link – say poor configuration or weak password - has been cracked, the hacker then deploys their kit in between the users’ computer and the websites the user visits. Cyber criminals are also finding methods to infuse malware into computers, which then settle into the browser and the user isn’t aware of the same. Post this the data being exchanged between the casualty and specific targeted website is recorded and coded into the malware.  Yes, many companies use secure websites —HTTPS or Hypertext Transfer Protocol Secure —to provide online security. But once an affected user gets connected, HTTPS encryption on web pages can be evaded in some cases, and the website could be displayed in plain text HTTP including all input form text boxes for passwords, credit cards, etc.


Offering a secure Wi-Fi

In case an airline or hotel is offering a public Wi-Fi connectivity then some of the points to consider are:

·          How to keep Wi-Fi networks safe and control the content that can be accessed? It is must to look into areas related to Wi-Fi content filtering and security.

·          How to be in control of Wi-Fi content in multiple locations?

·          What are the potential risks that are associated with unsecured Wi-Fi hotspots?

·          How can the liability be minimized via cyber insurance?

·          Should free Wi-Fi systems be hosted on a stand-alone network? One that is not connected to systems that maintain sensitive data.

·          Are guests/ passengers going to be protected from malware and ransomware infections? There needs to be a provision to counter phishing websites.

Travel e-commerce companies have been relying on Internet Protocol (IP) intelligence to cut down on fraud. Such information is about the location of the user/ device initiating the contact and the reputation/ risk score of the IP address. This includes details related to suspicious Internet locations such as public Wi-Fi hotspots.

Creating awareness among travellers

Airlines need to ensure their loyalty program members’ respective accounts are safe from hackers especially when they are on public Wi-Fi.

As highlighted by Points, a loyalty e-commerce and technology specialist, travellers need to add a mobile hotspot to mobile data plan. This way they can set up a private Internet connection on the go. In order to encrypt any data users send or receive over a public Wi-Fi network, they can use a Virtual Private Network (VPN) from a trusted vendor. VPNs provide a “secure tunnel” that encrypts data being sent and received between your device and the Internet. Use them for your privacy.

Other recommendations include:

·          Try verifying the authenticity of the Wi-Fi network before using it. Never connect to a network identified as computer-to-computer. And if you are using, then don’t access sensitive personal data or important accounts on unsecured public networks. Even secured networks can be risky.

·          Users need to protect their passwords. Whether banking or email passwords, those are very valuable to cyber criminals. Don’t update your passwords on a public Wi-Fi.

·          Ensure your device is not set up to automatically connect to an unknown Wi-Fi network. If yes, this means users can seamlessly connect from one hotspot to the next. Switch them off when in unfamiliar locations. Keep a vigil on your Bluetooth connectivity, too.

·          Refrain from doing transactions over an unsecured Wi-Fi network. Also, turn off file sharing while using Wi-Fi.

·          Only browse websites that start with HTTPS and avoid websites that start with HTTP while on public Wi-Fi.

·          Install a reliable security solution.


For latest on CNP- and loyalty fraud, attend Ai’s 6th Airline & Travel Payments Summit Asia-Pacific, to be held in Bali (29 – 31 August). For more, click here

Follow Ai on Twitter: @Ai_Connects_Us