First Published on 20th February, 2018
Ai Editorial: Loyalty fraud and account takeover, friendly fraud, inferior user experience and avoiding a risk-averse fraud strategy are areas that continue to garner maximum attention, writes Ai’s Ritesh Gupta
The Ai’s Travel Fraud Prevention Symposium in London, being held in London today, underlined the threats that travel merchants need to deal with.
We re-visit some of the issues that the industry is struggling with as of today:
Threat of loyalty fraud looms large with data breaches and stolen credentials: Airlines need to prepare diligently for the threat of account takeover or ATO, especially considering their business falls in the “high ticket value, with a low margin” category. Why ATO is proving to be lucrative for fraudsters at this juncture? There are multiple reasons behind this. First, this type of fraud can be more valuable than credit card fraud. Second, organizations don’t have stringent measures in place to fight against ATO. As the team at Sift Science points out, the time available to exploit the information before detection is typically longer. Third, this type of cheating isn’t easy to detect. Since the account already exists and is related to a genuine customer, the fraud is relatively tougher to spot and the fraudster has more time to operate before they are caught.
ATO in the loyalty space (featuring airlines, hotels etc.) is coming under scrutiny owing to data breaches. Password stealing tactics pose a risk to all account-based online services.
Fraudsters get access to stolen credentials from a number of sources:
From data breaches, sold on the dark web
Phishing with fake websites
Malware, trojans, spyware
Hijacking a mobile device
Airlines need to look for more protections beyond just passwords. The claim for owning an account needs to be handled carefully. Machine learning comes in to understand the user behavior. Even as credentials have been stolen, it is imperative for organizations to bolster the authentication process. This way the risk of loyalty fraud can be minimized. So it comes to down to authentication and one of the tools is machine learning.
Friendly fraud – a battle that still isn’t easy for airlines to cope up with: Friendly fraud remains probably the biggest challenge and quite often the significance of an effective fraud mitigation strategy is underlined. Friendly fraud refers to “fraud that is committed when an individual had knowledge of and/or was complicit with and/or somehow benefited from the transaction on their own account, although the individual reported the transaction as unauthorized”. This type of fraud is a major issue for merchants as it can be tough to detect at the time of purchase, the chargeback process does not adequately address friendly fraud, and also it is time consuming to fight against the same.
“The predicament (pertaining to friendly fraud) is getting worse,” says a senior executive.
The executive pointed out that the available data is limited. Merchants definitely suffer from industry-wide lack of transparency. Their stance is feeble as there are plenty of factors outside merchants’ control that influence their reluctance to make a more substantial effort. “There is hardly enough information available pertaining to chargebacks and friendly fraud. This means there isn’t a strong foundation to bank on, to comprehend the situation. It’s challenging to amass authentic information on the matter without substantial contribution from banks, card networks, and merchants,” added the executive.
Managing transactions and fraud with new tools…be realistic with expectations: Managing revenue and fraud shouldn’t be about adding friction to transactions. One needs to set right expectations from initiatives such as Dynamic 3DS and biometric authentication. Many fraud prevention methods introduce dilemmas between maximising revenue and minimising fraud – e.g. with more rules, implementation of 2FA or multifactor authentication fraud rates can be lowered, yet more genuine customers will be blocked; on the other hand, with less rules and lax authentication to maximize revenue, merchants will be more vulnerable to fraud attacks. Merchants should still develop their own fraud tools that are able to tap on their own sources of data for greater efficiency and more accurate detection of fraud. It is imperative for airlines and all other travel e-commerce players to study in detail the utility of emerging tools and technologies. What is going to be their role in managing criminal fraud, friendly fraud, chargebacks etc. and the same time how they impact the customer experience at the time of making a transaction.
Trapped in risk-averse fraud strategy? Stop focusing only on rules-based approach!: The shortcomings of the traditional rules-based approach for fraud prevention continue to get highlighted. At a time when the efficacy of fraudsters and hackers in cracking areas of vulnerability is on the rise, it is imperative for merchants to improvise and sharpen rules on the fly. If an entity is heavily following rules-based methodology, then the main KPI would be to cut down the fraud rate as close to zero as possible. At the same time in many borderline genuine transactions would fail to pass through. Rather the focus needs to be on - rely on an algorithm to make decisions to optimize sales as much as possible while keeping fraud and chargeback rates under control.
Follow Ai on Twitter: @Ai_Connects_Us