Loyalty schemes are the “weak link” in airline and OTA fraud prevention systems and the COVID-19 crisis has exacerbated the problem, a leading anti-fraud firm warned.
Speaking at last month’s Travolution European Summit Stuart Barwood, director global airlines strategy at Forter, said it is seeking a spike in loyalty fraud.
He told a panel session on the travel sector reboot post COVID that loyalty points for most major travel brands can be bought on the dark web for just $100 per 10,000.
Forter reported a 118% increase in fraud during the pandemic as travel company revenues collapsed, prompting many companies to review their cybercrime prevention systems.
However, with 7% to 10% of transactions declined wrongly by fraud detection systems, Barwood said firms risk triggering alerts for their most loyal and higher spending clients.
“One of the challenges is old data is no longer relevant because people’s behaviour has changed.
“Legacy based fraud measures no longer work because people are doing unusual things, buying things that they would not normally buy which trigger the normal fraud rules.
“They had to manually create new rules on the fly and that was causing friction between allowing too much fraud through and having too many restrictions.”
Barwood said the COVID crisis saw criminals spin up authentic looking OTAs with genuine API links to sell product but that would also sell stolen airline tickets via wire transfer.
He said airlines that saw revenues declining could not afford to turn away bookings, particularly from high value customers.
One way in which airlines and OTAs reacted was to offer loyalty points or refunds which were loaded into customer profiles.
These are often highly vulnerable to hackers, Barwood warned. “We are seeing a spike in loyalty points going on the dark web.
“It shifts and fluctuates but you can probably buy loyalty points on the dark wen for the all of the top 10 OTA, airline and hotel brands.”
Barwood said all this value in customer profiles now sits in the most hackable part of firms’ websites.
And he said with many brands using the value of their loyalty schemes as collateral to raise money from banks and investors this now represents a huge potential financial risk.
Barwood said Forter is constantly working to understand how fraudsters are operating to keep up with their activities.
“They learn very quickly,” he said, “we are all working from home, but these guys have always worked from home.
“And we have pushed more business into the digital realm which is more accessible to them. To some degree this is their Christmas.”