Business is booming for the global online travel industry, which is expected to be worth $830 billion in 2017. Research suggests that revenue could surpass $1,091 billion by 2022.
Hotels, airlines, online travel agents and other travel businesses are all experiencing an uptick in today’s continuously fluid and international society. And an uptick in the travel industry comes with an increase in digital payment transactions. It easier than ever for globetrotters to plan, book and alter a trip online, which is where 57% of all travel bookings are now conducted.
But just as it is more common for travelers to book and pay online (a functionality that is actually demanded and expected by today’s travelers), it is also easier for fraudsters to carry out their unsavory activities.
There are many travel merchants that might prefer to simply not accept online or mobile payments as an effort to prevent fraud, however taking that path would not reduce the risk of exposure. Fraud is not only an online problem – it can happen offline as well. In fact, the chances of being a victim of fraud could increase as a result of not accepting online payments, since fewer control measures would be used. Credit card theft and fabricated identification documents, such as a fake driver’s license, could be used in offline fraud, and these types of fraud tactics are usually much more difficult to prevent than online methods.
And even if not accepting digital payments was a valid way of preventing fraud, it would be unwise for today’s travel merchant to do it. As we mentioned above, many modern, on-the-go travelers rely on technology and the Internet to book and pay for travel arrangements and accommodations, so not offering them a way to pay online would surely drive them to the competition.
So, what can travel businesses do to protect themselves as the online travel industry – and opportunity for fraud – grows?
Four ways to fight fraud in the global travel industry
1. Advanced fraud detection technology and scoring modules
By implementing advanced fraud detection technologies, businesses in the global travel industry have a better basis for trusting that the purchaser is who they say they are and that their payment methods are wholly within their right to use.
Card Verification Value (CVV) is one of these factors, and it should be requested with every transaction. The billing and shipping addresses should also be checked against the address on file with the card’s issuing bank through an Address Verification System (AVS).
It is also encouraged to pay attention to the user’s IP address. Using geo-location tracking or comparing the IP address to the billing address helps decrease the chances of flagging a legitimate transaction by mistake. People using an anonymous proxy server to hide their IP address could potentially be fraudsters attempting to hide their digital fingerprint, so those transactions should be selected for further scrutiny.
Implementing fraud detection technology and performing manual checks can be done in-house, but it could be more efficient and more effective to use an digital payment platform that has risk management capabilities included and uses scoring modules to detect and prevent fraud. Scoring modules help gauge the risk involved in the transactions by taking these various aforementioned factors, among others, into account, and either “passing” or “failing” a transaction based on its probability of fraud.
2. Black lists and real-time monitoring
Fraudsters tend to use multiple accounts, credit cards and other payment methods to conduct their illegitimate transactions, which can be challenging for merchants to detect on their own. However, connecting the dots between these transactions with real-time monitoring is key to preventing them from being authorized, particularly because rapid last-minute transactions are a favored method to try to throw businesses off the fraudster’s trail.
Travel merchants can protect themselves by partnering with a service provider that offers secure online payments, so they can take advantage of the vast information that they have gathered and the black lists they they have been given access to from the major credit card companies (Visa, MasterCard, etc.), which are comprised of historically fraudulent transactions and trends.
- Get PCI DSS Level 1 compliance
All businesses that process, store or transfer credit card information must do so in a safe and secure way. The PCI DSS (Payment Card Industry Data Security Standard) is the list of requirements that merchants must follow so that they can accept digital payments. It was established in 2006 by the major credit card companies (Visa, MasterCard, American Express, Discover and JCB), and it is an independent international standard for facilitating payment security. All companies that accept payments via credit cards and mobile payments must have PCI DSS certification, and they could face serious fines and penalties if they do not meet the security requirements of the PCI DSS and suffer a security breach on their site.
The process of getting PCI DSS Level 1 compliance is a time-consuming and costly endeavor, but there is a way for travel companies to benefit from the security of PCI DSS compliance without going through it on their own. The best way to do this is by using the hosted payment page of a payment service provider that already has the certification. By doing so, the merchant does not come into direct contact with sensitive payment information of their customers, and thus cannot store it. All of the payments go directly through the PCI DSS compliant payment platform, so the merchant can feel rest assured that they are not violating any regulations and that their business is safe.
4. Use data to recognize patterns
Big Data analysis reveals patterns that make anomalies stand out like a sore thumb. Suspicious spikes in cancellations or booking multiple tickets from one IP address, for example, could indicate fraud. Real-time analytics, coupled with pattern recognition and fraud rules, immediately alert a business when something fishy may be happening, potentially stopping a fraudulent transaction before it even begins. However, collecting a large enough amount of accurate data can be challenging for most travel companies.
As this is the case, it is recommended that merchants use a secure payment system with built-in risk management capabilities in order to benefit from pattern recognition fraud prevention services of the provider. Reviewing all available data allows them to review the transactions against their fraud rules, as well as define new patterns of fraud and decrease the chances of false positives – all on behalf of the travel company.
For many travel companies, fraud poses a large threat. But that is hardly a good reason to not accept digital payments. Doing so would not reduce the risk of fraud, and it could potentially put the company out of business, as online and mobile payments are a major source of bookings. By implementing these four ways of preventing fraud, travel merchants can accept digital payments safely and securely and successfully grow their businesses.
Eran Feinstein is the founder of Direct Pay Online, a global e-commerce and online payments solutions provider for the travel and related industries. With over 14 years of experience leading technology, sales, marketing and operation teams, Eran is an authority in the East African e-commerce and payments arena. He’s also an avid marathon runner.