Beyond the Tarmac

Fraudsters seem to have taken advantage of the Covid-19 pandemic to increase the pace of their nefarious activities, targeting even the airline industry.

Cyberattacks, scamming, phishing, and fake refund claims targeting airlines globally have dramatically increased over the last few months, data reveal.

In a normal year, the cost of fraud to airlines is estimated at $1bn, according to the International Air transport Association.

Payment fraud causes airlines to lose 1.2% of revenue annually of their website and mobile sales, according to Cybersource (report produced in collaboration with IATA and ARC).

And it is not just air ticket purchases that are being defrauded. Fraudsters have also exploited airline Frequent Flyer Programmes (FFP), a crime that sometimes is only discovered by accident.

Frequent flyer programmes are clearly among the popular customer reward initiatives in the global airline industry.

Currently, there are more than 220 Frequent Flyer Programmes (FFPs) on the globe — a number that keeps growing.

Undoubtedly, FFPs have grown and become popular, but fraudulent activities too have become a major challenge for aviation’s loyalty programmes. It is not easy to spot “loyalty fraud” and the potential cost to airlines is huge, notes the International Air Transport Association.

An economist’s estimate provided by the global trade body of airlines shows some 23.8tn unredeemed miles in the industry, and with each mile valued at $0.01, nearly $238bn could potentially be at risk!

In addition to hacking individual accounts, there are a number of methods used to trick FFPs, according to IATA. One travel agent, it said, stole 3.7mn airline miles from clients by telling them their cheap fares didn’t generate loyalty bonuses, instead adding the miles to her own account!

Some 135 flights valued at well over $100,000 were booked before the scam was discovered, IATA said in an earlier update.

Another method, the global trade body of airlines says, uses a phishing e-mail that appears to come from an FFP. People are easily fooled by this as they take little notice of what the e-mail address is and don’t suspect a scam asking them to log in to their account for a special offer.

E-mails about bank account details set off alarm bells but one from an FFP may well fall below the personal radar. And one click is all it takes for login details to be stolen, it warns.

Today, defrauding an airline is not just about getting a free business-class trip to a far-off destination.

According to Dr Michael McGuire, a criminologist, cybercrime across different industries generates a minimum of $1.5tn in revenue every year for all those involved.

There are multiple types of fraud techniques that can take place along a process, that start in the theft of information to end up committing a fraudulent payment.

“There are many reasons why fraud is increasing,” an IATA report said.

One is the change in consumer behaviour. Since the advent of e-commerce, consumers have embraced online shopping. They browse and compare, and geographical borders mean little to them, unless restricted. As time has gone on, the flow of money online has increased, providing more opportunities for fraudsters.

As technology has evolved, mobile payments have increased, particularly in emerging markets. Merchants report more attempts at fraud through the mobile channel, largely through mobile wallets.

There are many reasons why fraud is increasing. One is the change in consumer behavior. Since the advent of e-commerce, consumers have embraced online shopping. They browse and compare, and geographical borders mean little to them, unless restricted.

As time has gone on, the flow of money online has increased, providing more opportunities for fraudsters. As technology has evolved, mobile payments have increased, particularly in emerging markets.

Merchants report more attempts at fraud through the mobile channel, largely through mobile wallets.

However, reports say the impact on airlines and travel agencies can be very different. In the direct channel, in the case of a stolen credit card being used for a transaction for example, in most instances the airline will have to absorb the cost of a chargeback following the claim made by the legitimate cardholder and the bottom line impact will depend on the airline’s margin.

In the indirect channel, IATA member airlines can pass the loss on to the travel agency, via an Agency Debit Memo (ADM), in accordance with Passenger Conference Agency Resolution Resolution 890. The travel agency is therefore liable for the total amount of the fraudulently purchased ticket.

The direct cost to the airline, however, is limited to the operational cost of carrying the fraudster, a fraction of total revenue from the flight, as any other transaction.

New Distribution Capability (NDC) standard adoption (an IATA project) will generate a major change in the way fraud is managed in the indirect channel. Relevant industry governances are working on Resolution 890 to make it fit the NDC standard.

The risk of credit card payment fraud will remain the same as in the Global Distribution System (GDS) environment, but as contemplated under NDC it will have to be managed by airlines, which will require close collaboration between airlines’ fraud prevention and distribution teams.

To combat fraudulent activities like the ones on FFPs, IATA established what is called the Industry Fraud Prevention (IFP) project.

Set up in 2016, IFP began laying the foundation for fraud detection and loss reduction, supporting airlines and establishing best practices and standards in all aspects of fraud prevention.

* Pratap John is Business Editor at Gulf Times. Twitter handle: @PratapJohn