WTM 2022: Rush to digitise and mobile during COVID sees rise in cyber attacks

WTM 2022: Rush to digitise and mobile during COVID sees rise in cyber attacks

Jason Lane-Sellers of LexisNexis set out the growing threat to travel firms from online criminals

The rapid adoption of digital and mobile during the COVID pandemic has seen a rise in the number of fraud attacks on businesses, the annual WTM trade show was told this week.

Jason Lane-Sellers, director for fraud and identity at LexisNexis, said organisations that had planned for 30% of their operations to be digital by 2025 found 100% needed to be online.

And the pandemic also saw rising demand for services offered via mobile app like ordering, servicing and managing accounts.

This has combined with rising customer expectations about the speed at which such services are expected to be accessible to create new vulnerabilities criminals are exploiting.

As travel has reopened, the sector has seen a marked increase in the targeting and manipulation of rewards programmes alongside more conventional payments fraud.

Lane-Sellers said because people were not travelling during COVID they did not need to manage their rewards accounts to fraudsters took advantage of this to go undetected.

“In travel and hospitality both human and automated attacks have grown signifciantly in the first half of 2022,” he said.

Lane-Sellers said globally one in ten new accounts created is an attempted fraud, a figure that is believed to be higher in travel.

In payments 4% of attempted transactions are fraudulent and around 1% of log-ins to access accounts are an attempted fraud. 

“If you think about how many people log in to your service, even though it’s 1%, that’s a huge number.”

LexisNexis is seeing a rise in “synthetic ID” attacks where genuine details are combined with fake data to create a new identity.

And Lane-Sellers said there had been a “massive increase” in password reset fraud with one in eight believed to be an attempted attack.

Criminals are using log-in details obtained from data leaks to validate accounts are genuine and then take over the accounts. This crime costs businesses $16 billion a year and growing.

“Most people use the same username and password for multiple accounts. They are not managing their account properly because they have been forced to go digital.”

Lane-Sellers warned WTM delegates that they could be targeted by fraudsters as part of an interrelated network of businesses that work together.

“As soon as you are doing anything digital you open yourself up to multi-industry crossover and global world of criminal enterprises.” 

Travolution is holding a half-day cyber summit for travel and technology firms in November 23 hosted by Deloitte. Register now to attend.