by Robert McGarvey
Online fraud in the aviation sector is up – by a lot. 61% to use the number offered by Forter. “The fraud prevention specialist says the rise can be attributed to loyalty programs as well as data breaches, such as that suffered by British Airways just over a year ago,” reports Phocuswire.
Last week I reported that airlines were doing better than hotels in fighting cybercriminals. But just maybe the fortunes of airlines have shifted from positive to a shambles. Forter’s new numbers tell the sad story.
What’s stunning is that in 2018 fraud attacks on the airline industry in fact went down, 28%.
However, Forter plainly said this was no cause for joy. In its report the company noted: “This indicates that the large data hacks within the industry, some of which made passport information available along with other stolen data, have yet to be reused to commit air travel fraud. This data is valuable enough to be leveraged for fully fledged identity theft (which may have many stages) rather than ‘thrown away’ on a single fraud attempt.”
That prophecy has come true in 2019 with the steep jump in airline fraud – particularly involving miles and loyalty, according to the just released numbers.
Forter especially highlighted this fraud in its most recent fraud index: “Loyalty fraud increased by 89% year over year, while the total dollar amount in online fraud increased by 12% year over year. “
In some respects this is not exactly news. As I wrote last week, “Loyalty programs have for some years been hacker targets. ” The reasons are plain. Most of us are lax about keeping tabs on loyalty accounts and the miles and points are easy for a thief to turn into cash equivalents. Airline tickets are always salable – but so are airline points and miles because they readily convert to air travel.
Loyalty programs are especially vulnerable because companies strive to deliver a frictionless experience – and where there is no friction, generally the on ramp for fraudsters is that much more welcoming.
Said Forter: “As a result, loyalty point programs become more vulnerable to opportunistic fraudsters. Points accrued in a customer’s account are treated like digital goods — redemption is wholly conducted online, and requires no stolen credit card information to execute. Fraudsters are thereby able to leverage these points as ‘free’ funding sources and given the minimal
mitigation efforts by merchants, are able to consistently do damage without raising suspicions.”
The massive BA breach of course fueled much of the jump in airline related fraud. About 500,000 customer details were harvested in the breach.
Land travel incidentally also saw a jump in fraud, up 38%. Said Forter: “This increase is attributed to the fact that car rentals and ride services apply less friction in their platforms (ease of pick up in parking, no ID required, etc.), in order to remain competitive in the market and for the perceived better customer experience. The push for an excellent and friction-free customer experience has created vulnerabilities in these platforms, which fraudsters have been targeting.”
Protecting your accounts – especially your loyalty accounts – is squarely on you. Regularly check balances and, hey, I know it’s tempting not to bother until you want to cash in miles but wait until then and when you look, the miles may be gone.
Now also is a good time to log into any car rental accounts you have. Ditto Uber, Lyft, etc.
Focus in on the loyalty accounts because that’s where fraudsters are hunting. Personally I have in the past couple weeks set up new, complex passwords and I have also set up four airline accounts to work on biometrics. The goal: to never actually input the password and always to use the biometrics.
What to do if miles have in fact been pilfered from an airline account?Prepare for what may turn out to be a prolonged battle. Particularly when many months have elapsed between when a theft occurs and when it’s reported, some airlines are proving to be stubborn about restoring miles. You may get them, you may not, and a real key to success is quick notification on your part.
Which bring us back to our core advice to regularly check balances. How often is good enough? Personally I aim now for once monthly. You may check more frequently with high balance accounts, you may want less frequently with low balance accounts.
But know it’s up to you. Use a very strong password, use biometrics, and stay aware of account activity.
That’s how to protect what is yours. Because – plainly – it’s on you because you can’t depend on the airlines’ defenses.