eNett: The travel trade is under attack

By Anthony Hynes, Managing Director and CEO, eNett International.


High value transactions, rapid consumption and the sheer number of suppliers across the globe means travel intermediaries are highly vulnerable to fraud. It is without question one of the biggest threats to the sector, and our new research has revealed that the problem is costing agencies a whopping $21 billion each year.

With the volume of travel increasing and a shift by consumers towards online bookings, the cost to the industry will spiral. Indeed, by 2020, we found that the cost of fraud is expected to exceed $25 billion, with Online Travel Agents (OTAs) taking the biggest hit.

The scale of the problem is compounded by the fact that fraudsters are adopting ever more sophisticated techniques to catch companies out. Here, we outline some recent developments in travel payment fraud to be aware of:

  • Fake hotels: A fraudster will list a property and use stolen credit cards to make bookings via the OTA’s website. The OTA makes payment to the fake hotel but will then receive chargebacks for the bookings. The fake hotel will have withdrawn all the funds paid by the OTA and won’t respond to any contact attempts. OTAs need to ensure they are verifying the legitimacy of a new supplier during onboarding and perform appropriate due diligence to limit the risk of this type of fraud.
  • Inflated room prices: There are instances of room prices being inflated dramatically followed by a spike in booking volume. This indicates collusion between a hotel and a fraudster. The hotel will raise the cost of their room and the fraudster will then use stolen card details to book rooms via an OTA. The OTA will receive chargebacks, but the hotel will provide documentation related to the guest to avoid being debited for the fraud. OTAs need to implement a check for price spikes/booking increases to identify this type of fraud. It’s recommended OTAs also review their supplier contracts regarding liabilities for this type of fraud.
  • Tickets to attractions: Fraudsters may use stolen credit card details to purchase tickets to tourist attractions. These tickets may then be on-sold via a social media platform for a discounted price. In this situation the ticket is either utilised, leaving the tourist attraction operator or travel intermediary out of pocket after a chargeback, or when the tourist arrives at the attraction the operator advises the ticket has been cancelled as it has been reported as fraud, leaving the tourist out of pocket, not to mention a bad holiday experience. This type of fraud occurs with velocity and in a short time window. OTAs need to be alert to volume increases to a particular supplier.
  • Pop-up shops on social media: Some fraudsters are setting up social media accounts masquerading as shop fronts and offering cheap, last minute flights. They ask travellers to pay via a method that is difficult or impossible to trace and then use stolen card details to purchase the ticket for the tourist. By the time the fraud is reported by the valid credit card holder, the services may have already been provided to the unwitting tourist.
  • Crime-as-a-service: A recent trend in organised crime has also arrived in travel. Law enforcement has targeted fake online travel agencies, specialising in purchasing airline tickets with stolen card information for other criminals – providing them a service. One criminal enterprise offered financial services, fake documents, and fraudulently purchased tickets.
  • Brute force card number generation and testing: Rather than seeking to find and compromise a known existing credit card, fraudsters are using brute force card generation and testing mechanisms that automatically and rapidly create variations of credit card details and test them with low value transactions. Once a ‘working’ card is found, the fraudster receives an alert and can begin to use the card.
  • Low value flood on credit cards: After an initial low value test, a large volume of low value charges may be posted against a compromised credit card in quick succession, either via automated or manual means. Some fraudsters share information with communities of people who may use the card details to make small purchases, such as add-ons in mobile apps or games. The large number and low value of transactions, combined with the direct and indirect (i.e. effort) costs of chargebacks or other recovery mechanisms related to each transaction may mean these types of fraud events require bespoke approaches to prevent and recover from them.

Agents need to be aware of these new types of fraud and understand how to reduce their incidence and impact. If they don’t, they could find themselves outsmarted and out of pocket.

Related reading