The Explosion in Travel Fraud: You’ll Pay the Tab

June 11, 2020 | rjmcgarvey | InfoSec, Travel

By Robert McGarvey

Call it a paradox: we just are not traveling, certainly not by air, and we are not staying in hotels but travel related fraud has exploded.

That’s according to the fraud experts at Forter which annually publishes a fraud attack index. The shock in this year’s edition is that fraud attack rates regarding airlines are up 72% over last year.  Fraud attack rates regarding hotels are up 109%.  Fraud attacks on car rental companies and rideshare services are up 86%.

Meantime, our travel habits have cratered. Last Sunday, June 7th, was something of a banner day because TSA screened more than 400,000, the highest number since March 22. That prompted The Points Guy to run a story headlined, Americans Are Flying Again. The story did note that this year’s total was only about 17% of the typical numbers pre-Covid-19.  The Points Guy added that in the first Sunday in June 2019, TSA screened more than 2.6 million people.

STR, which tracks hotel data, pegs average occupancy at about 25% nowadays, down 62% from last year. 

So what gives with the fraudsters?  What makes airlines and hotels so attractive to them?

First off, understand that although fraud is up for many of the sectors Forter tracks travel companies are especially victimized. Fraud is up 42% in variety stores.  32% in food and beverage. 13% in beauty.  9% in apparel.  5% in digital goods.  7% in ticketing and events. All much lower than the travel providers.

But there are sectors that saw a drop in fraud.  Auto parts is down 57%.  Jewelry down 25%.  Home and garden down 51%.

The only sector that rivals travel is what Forter calls money services and crypto currencies – up 90%. And call that the Willie Sutton effect.

Which brings us back to the key question: why the big jumps for travel related companies?  Forter bluntly explains why airlines are targets: “Data breaches and increased focus on loyalty program fraud are major contributing factors to this increase over the last year.”

For some years we have known and reported on attacks on airline loyalty programs.  Lots of data is out there, for sale, that will unlock loyalty programs for pilfering.  Make it a habit to frequently check any program in which you have significant points or miles.  How often is often enough? That’s your call.  For many of us once monthly is enough. 

Forter continues in its explanation of why airlines are prime victims: “Airlines have also suffered from a rising level of sophistication of fraud attacks.”

For instance: “fraudsters adapt their behaviors to better blend into good traffic. Instead of booking last-minute trips (which can often be a sign of potential suspicious activity), fraudsters are now booking their travel further in advance of the actual date of actual departure, making it more difficult for airlines and OTAs to distinguish fraud from legitimate customer activity.”

Simply put: criminals are getting smarter, airline defenses haven’t toughened up and so the theft grows.

Check your credit cards for flights you did not in fact take but are billed for. Forter told Travel Weekly that successful disputes of airline credit card sales were up 56% – which is a graphic proof of how active the crooks are. We need to be as determined as they are.

The Assault on Hotels

Here’s the irony: it’s something hotels have done right that has paved the way for more and more successful attacks.  Just about all the major hotel sites have worked hard to make it very easy to book a room.

So easy a criminal can more easily exploit the sites.

Said Forter: “The prevalence of increasingly ‘friction-free’ experiences for check-in to hotels have contributed to this increase. Fraudsters are taking advantage of these improved customer benefit offerings to slip into the legitimate bookings. This improved and seamless experience accounts for the rise in fraud in this area.”

When hotels noted the spike in fraud, they apparently built more speed bumps into the booking process – but that alienated some prospective guests and the hoteliers went back to an easy booking process.  Which the fraudsters are still exploiting.

Remember, too, to check hotel loyalty program holdings.  It’s up to you to monitor your balances. Those programs too have been looted by criminals.

And of course be ready to dispute any bogus hotel charges too.

On the Ground

As for ground transportation, it’s a similar story regarding frictionless booking proving tempting to crooks.  Said Forter: “car rentals and ride services apply less friction in their platforms (ease of pick up in parking, no ID required, etc.) in order to remain competitive in the market and for the perceived better customer experience. The push for friction-free customer experiences has created vulnerabilities in these platforms, which fraudsters have been targeting.”

The providers remain hung up on the horns of the familiar dilemma: if they introduce friction, they fear they will lose bookings. But if they maintain the status quo, fraudsters will pounce.

For you, it’s the same story: check any accounts you maintain with rideshare companies and rental companies – and be watchful for suspicious charges.

Here’s the reality: we just do not complain that loudly when travel providers get hacked.  The louder we yelled the more changes there would be.  But we stay mum and what we get is what we get.

Leave a Reply

Your email address will not be published. Required fields are marked *