Airlines

Fraud in the airline industry

why carriers need
to think of themselves
as crimefighters

July 2020
Fraud in the airline
industry – Index 1
“Global Airline Industry
Almanac 2017 ↗

“Benchmark Study: 2018

why carriers need to

2

Global Airline Online Fraud

Management”,

think of themselves
March 2018 ↗

as crimefighters

What to expect from

1. Fraud is widespread, increasing
this white paper and far-reaching 3
Fraud affects airlines as much as any other · Fraud is organized crime 6
industry. Commerce in air travel is often online
· Fraud and cyber-crime will grow with further digital adoption 8
– approximately 38% according to Amadeus
and T2RL1, and cross-border, making it a perfect
target. It is also high value, with rewards being
greater than the face value of what is defrauded. 2. Fraud has an impact on airlines’
The ill-gotten gains of fraud committed against profitability 9
airlines enable further fraud and generate
financial proceeds that are used to perpetrate · Damage is not always obvious 11
illegal and reprehensible activities. · How good are airlines at fighting this crime? 14

Payment fraud causes airlines to lose 1.2% of

revenue annually of their website and mobile
sales, according to Cybersource2 (report
3. Forewarned is forearmed –
conducted in collaboration with IATA and what airlines need 15
ARC). IATA latest estimates put this number
· Tools and best practices are the industry weapons 17
at a minimum of $ 1 billion annually. And this
does not include the impact on reputation, nor · Innovation can help airlines win the battle 18
the cost of preventing and managing fraud, or
even fraud in other other related areas such as
frequent flyer programs. 4. How IATA supports the airline industry
A full understanding of how fraudsters operate to win the battle 22
is a first step in combatting fraud. This is
· Global Airport Action Days: International collaboration
however an ongoing process, as technology,
among airlines, travel agents, airports and international law
attack methods, and industry responses evolve.
enforcement authorities 23
It requires working together, as an industry,
and as an anti-fraud community, sharing relevant · IATA Events: Global Fraud Prevention Event and other forums 24
information and best practices, and putting · IATA Fraud Prevention Working Groups: Payment Fraud
knowledge into action. In this whitepaper, IATA and Frequent Flyer Fraud 25
aims to give a good basic understanding of · IATA Perseuss 25
fraud in the airline industry, to indicate how to
· Industry cost of distribution and payment modelling:
get involved in the community, and what airlines
sizing fraud impact 26
stand to gain from doing so. The contents are as
follows:

5. The industry can rise to new heights 27

2
1
Fraud in the airline → index
industry

Fraud is widespread,
increasing and
far-reaching
Fraud is organized crime

Fraud and cyber-crime will

grow with further digital
adoption

3
Fraud is widespread, Fraud in the airline
industry
→ index

increasing and 3
Card Fraud Worldwide

far-reaching
2010-2027,Nilson Report,
November 2019 ↗
4, 6
Juniper Report
“ONLINE PAYMENT FRAUD
WHITEPAPER 2016-2020”↗
5
Forter – Fraud Attack Index,
7th edition – 2019 ↗

According to Nilson Report, from 2012 to 2018, mirror the mobility of fraudsters and their
fraud in online payments across all e-commerce skillset. Additionally, its widespread acceptance
types of business grew 240% . Credit card
3
of credit cards, and the relatively high value
payment fraud shows the greatest incidence. of its offer, contribute to exposing it to high
These sums have been steadily increasing with a levels of fraud. According to RSA Security and
16% Compound Annual Growth Rate (CAGR), and Juniper4, airlines are in fact the vertical most
a high proportion of this amount concerns Card- affected by online fraud, accounting for 46%
Not-Present (CNP) transactions. of fraudulent transactions. Money transfer
and computers/electronics Money transfer and
Fraud levels are not equal around the world, computers/electronics are much less impacted
however. Brazil, Mexico and Argentina experience at respectively 16% and 13%. From 2018 to
the greatest fraud pressure – the highest number 2019 alone, fraud attacks on the airline sector
of attempts at fraud in a given period of time. increased by 61%, as per latest Forter Fraud
It is mainly what is commonly known as “friendly” Report5. Additionally, the average value of a
fraud – an illegitimate chargeback on a legitimate fraudulent air ticket purchase is significantly
purchase, also known as cyber shoplifting. Next higher than that of the average value of a
in line are China, the USA and France, where fraud legitimate purchase, with fraudsters targeting
attempts are more sophisticated and come in the upper-tier products. The average legitimate
form of account takeovers, bots and fake proxies. purchase is worth US$606, while the average
fraudulent purchase is more than three times
The inherent international scope of the
higher, at US$1,9306.
airline business and its interdependency with
technology, both for direct and indirect sales,

Top Merchants Affected Average Value Source:

4
RSA Security
by Fraud Transactions of Fraud Transactions

$2,000

$1,500

$1,000

$500

• Airlines 46%

• Computer / Electronics 22% $0

• Money transfer 16% Airlines Automotive Ticketing Travel Pharmacy

• Clothing 5%
Other services 11%
• Average value of fraud
• Average value of transaction 4
Fraud is widespread, Fraud in the airline
industry
→ index

increasing and
far-reaching

And it is not just air ticket purchases that

are being defrauded. Fraudsters have also
exploited airline Frequent Flyer Programs (FFP).
Unfortunately, sometimes FFP fraud is only
discovered by pure accident. A large volume
of unredeemed miles could become a serious
liability for the airline financials. In addition,
loyalty programs generate revenue, as well as
being important sources of customer data. It is
therefore in the interests of airlines to protect
this investment in customer relations.

Common Types of Loyalty Program Fraud

Points/miles purchased with

60% fraudulent/stolen credit cards

Loyalty account theft (where loyalty

52% account is taken over by someone other
than the owner)

Travel agents purchasing tickets for customers

33% with agency miles and charging the customer full
or discounted fares

"Double-dipping": Customers attempting

15% to use points or miles from more than one
program for a single flight

Fraud/misuse of accounts
10% by airline staff

Source:
2
Cybersource 5
“Benchmark Study: 2018 Global Airline Online Fraud Management”
Fraud is widespread, Fraud in the airline
industry
→ index

increasing and 7
Into the Web of Profit:

far-reaching
Tracking the Proceeds
of Cybercrime RSA
Conference 2018 ↗

Fraud is organized
crime
Today, defrauding an airline is not just about Online ticket fraud, also called
getting a free business-class trip to a far-off Card-Not-Present (CNP) fraud
destination. According to Dr. Michael McGuire,
criminologist, cybercrime across different With deep knowledge of the way the travel
industries generates a minimum of $1.5 trillion in industry functions, fraudsters book near-term
revenue every year for all those involved .
7 departures, for any ticket value, with airlines and
Online Travel Agent (OTA) websites, during ‘out-
There are multiple types of fraud techniques of-office’ hours, when trained staff have handed
that can take place along a process, that start in over to less-experienced call center personnel.
the theft of information to end up committing a They pay using stolen credit cards or other
fraudulent payment. Here are some of the most Forms of Payment (FOP) such as debit cards or
common ways they obtain those tickets or funds: e-wallets.

"According to Dr. Michael

McGuire, criminologist,
1 cybercrime across Loyalty fraud
different industries To access FFP member accounts, fraudsters use
generates a minimum of password hacking and phishing and even resort
to compromising employees. Once access is
$1.5 trillion in revenue gained, they purchase tickets for resale or for
every year for all those use by criminals, or redeem stolen miles against

involved." partner offers, such as hotel accommodation,

car rental, stores, etc.

6
Fraud is widespread, Fraud in the airline
industry
→ index

increasing and
far-reaching

Fake travel agent sites, also In-flight fraud

known as triangulation scheme Using counterfeit credit cards, fraudsters
Bookings on fake travel-agency websites notify purchase duty-free products, aware that
a fraudster who books an actual flight with onboard payment terminals are offline, and no
fake payment information, and re-sells it to the authorization request can be carried out. The
trusting customer for the advertised incredible goods are then re-sold at a markup.
discount. There are potentially three victims in
these cases: the passenger, who will not be able
to fly, the airline, which is out of pocket the actual
cost of the ticket, and perhaps an intermediary
travel agent.

Baggage fraud
Checked-in carry-ons are declared lost at
destination, and claims are for high-worth
contents. Fake receipts back up insurance
►
claims.
Order with Order shipped
payment to customer

Beware of the latest phishing attacks by fraudsters

► using IATA's identity. You can consult latest
Order paid with
stolen credit card
information and report suspected scams on ↓

••
J.
Unsuspecting customer places an order on an
auction or fake marketplace using some form of
payment
.......
IATA
o.

.,.
Fraudulent seller receives the order and then

.l.,. places the same order for the actual product with
a legitimate eCommerce website using a stolen
Email & Website Fraud Protection
____ < a
.. __ ......_.,._
M---·---"1•-•---
,_., ~_...,. ___
.._......,,......,,
"", ____
_.., ________
credit card

___
....,..,__C _____ Ulflo ___ _
~
~

✓--- . . . ----°'---.-
....
---·
a Legitimate eCommerce website processes
the fraudster's order
~

..,_,_.-....
,.~ _____
-·---""'-·~__,,
____ _
.,._. .. ~

.,,
7
• .,_,......,_ _____ .._,.,._WA ____ .,_.,, _______ IO\il,lA'l-

,...__.__,. __ .-""_lt_\ll
_ _.....f//_11
0c,..,._.,,._~...,,,, _______ _,..,....._........ ~.
Fraud is widespread, Fraud in the airline
industry
→ index

increasing and 8
Forbes ↗

far-reaching 2017 Verizon Data Breach

9

Report ↗

Firms, however, have not been keeping up with

this sophistication, and it is increasingly difficult

Fraud and cyber- for businesses to keep up with the size of the
problem. Breaches affect the rate of fraud in
crime will grow more ways than one. Insufficient security can
lead to direct fraud on a platform, or it can
with further digital provide fraudsters with sensitive and complete

adoption
information about customers that can be used
to commit fraud in different ways later, such as
creating credit accounts. The 2017 Verizon Data
There are many reasons why fraud is increasing. Breach Report cites that 81% of hacking-related
One is the change in consumer behavior. Since breaches in USA leveraged either stolen and/
the advent of e-commerce, consumers have or weak passwords, up from 63% reported in
embraced online shopping. They browse and previous years9.
compare, and geographical borders mean little
to them, unless restricted. As time has gone on, Rigorous authentication is the first defense in
the flow of money online has increased, providing cybersecurity, but companies are struggling to
more opportunities for fraudsters. As technology reconcile their aim of frictionless user experience
has evolved, mobile payments have increased, with an increased number of steps in the login
particularly in emerging markets. Merchants process. Weak security goes beyond passwords,
report more attempts at fraud through the mobile of course, and the data breaches suffered by
channel, largely through mobile wallets. several major companies around the world in
recent years highlight other deficiencies in
As well as increasing, fraud is becoming more company systems, both technology- and people-
sophisticated, with perpetrators using new related. This is a trend that is not set to diminish.
technologies and attack methods. Only in the Advances in technology are disrupting many
second half of 2018, 2.1 million bot attacks on industries and creating new ones, and these
e-commerce sites were reported . Cybercrime
8
transformations could increase companies’
is also becoming more professionalized, as can exposure to cybercrime if not addressed in
be seen with the number of cybercrime experts depth.
and the technical availability of cybercrime tools
such as malware.

Rigorous authentication is the first

defense in cybersecurity, but companies
1 are struggling to reconcile their aim of
frictionless user experience with an
increased number of steps in the login
process.
8
2
Fraud in the airline → index
industry

Fraud has an
impact on airlines’
profitability
Damage is not always
obvious

How good are airlines at

fighting this crime?

~ i __ j&
''-*~
:;~

- \ ~ 1 .•

9
Fraud has an Fraud in the airline
industry
→ index

impact on airlines’
profitability

The expression ‘fraud loss’ can be defined Some countries, it appears, are better at filtering
as the incurred loss, cost or expense which the air they breathe. This could be explained by
is not reimbursed and arises out of the fraud the fact that the countries of North America and
committed. It is the value that has been written Europe have had to contend with more fraud
off as unrecoverable as a result of theft or historically and have been more aggressive in
compromise. Unlike “necessary” costs, such as fighting it. Should fraud attempts become more
staffing, utilities, procurement, accommodation vigorous in other regions, it is likely that efforts
etc., fraud loss is considered “unnecessary”. to stop them will increase, which will reduce
revenue loss in these areas.
Thinking about it only as a cost of doing
business, however, minimizes its actual impact.
In fact, fraud has a direct economic impact in
the topline of online businesses. Sales are a
business’s life force. Every legitimate sale is like a
breath of clean air to a company. Every fraudulent
transaction is a polluted one. There is an inverse
relationship between bookings rejected and
revenue loss: the more bookings the airline
reject, the less revenue it loses.

Revenue loss Bookings reject

~ North
America
0,3% • 7,0%

Latin
America
1,0%
• 4,4%

Europe 1,1%
• 3,8%

Asia
.
..
;
\.":·"' Pacific
1,5%
• 1,7%

•
.,.
· /

Middle East
& Africa
1,1%
• 4,7% Source:
Cybersource report 10
Fraud has an Fraud in the airline
industry
→ index

impact on airlines’
profitability

Damage is not always

obvious
What impacts the top line, naturally has a knock-
on effect on the bottom line. The importance
of this effect will depend on the gross margin:
the lower the margin, the greater the impact of
fraud will be. This is called the multiplier effect of
fraud. Going back to previous analogy, the more
trouble one has breathing, the worse pollution will
affect you.

Payment fraud loss of revenues may impact

the operating margin of the airline significantly

Operating Margin Operating Margin Operating Margin Operating Margin

3% 4% 5% 6%
-1% -1% -1% -1%
Fraud Fraud Fraud Fraud 11
Fraud has an Fraud in the airline
industry
→ index

impact on airlines’ 10
IATA Resolution 890

profitability

However, it is important to note that the impact

on airlines and travel agencies can be very
Principles for an NDC payment fraud liability shift
different. In the direct channel, in the case of a
stolen credit card being used for a transaction for
example, in most instances the airline will have
to absorb the cost of a chargeback following the NDC Seller involved
claim made by the legitimate cardholder and the in the payment transaction?
bottom line impact will depend on the airline’s
margin. In the indirect channel, IATA member
airlines can pass the loss on to the travel
agency, via an Agency Debit Memo (ADM), in
accordance with Passenger Conference Agency
Resolution Resolution 890. The travel agency Card transaction Transaction was
is conducted on conducted on
is therefore liable for the total amount of the the basis of data Airlines' own
fraudulently purchased ticket. The direct cost to forwarded by the payment page
seller
the airline, however, is limited to the operational
cost of carrying the fraudster, a fraction of total
revenue from the flight, as any other transaction.

New Distribution Capability (NDC) standard

adoption will generate a major change in the Is the transaction susceptible to
way fraud is managed in the indirect channel. card fraud chargeback?
Relevant industry governances are working on
Resolution 890 to make it fit the NDC standard10.
The risk of credit card payment fraud will remain
the same as in the Global Distribution System
(GDS) environment, but as contemplated under
NDC it will have to be managed by airlines, which
Transaction is
conducted in
a non-secure
o
"' "'

Transaction was
conducted in a secure
manner removing
manner the risk of a fraud
will require close collaboration between airlines’ chargeback
fraud prevention and distribution teams.

Note: Examples:
Whether a transaction is a 3DS transaction is
susceptible to fraud liability not susceptible to fraud
or not also depends on the chargeback
rules of the card scheme
a Visa transaction was
approved by issuer
despite CVV2 mismatch,
the transaction is not
susceptible to card fraud NDC seller is liable for the risk No payment fraud liability
chargeback of card fraud chargeback on the NDC seller 12
Fraud has an Fraud in the airline
industry
→ index

impact on airlines’ 11
The Hidden Cost of

profitability
Reputation Risk –
Oliver Wyman 2017 ↗

But airlines should not be tempted to brush this

“Fraud cases lead to significant
off as inconsequential. Again, the industry could
take into account the indirect cost of fraud reputational impacts on the impacted
when considering the impact on airlines’ bottom
1 institution, with the additional
line. This includes internal fraud management
teams, but also IT security professionals,
reputational loss predicted to be
fraud investigators, externally managed fraud ~140% of the announced loss.”
detection software services and legal advice.

The industry should take also into account the

cost of damage to the brand and the associated
loss of custom, particularly when it is not put
right satisfactorily. According to management
consultants Oliver Wyman, both externally and
internally perpetrated “Fraud cases lead to
significant reputational impacts on the impacted
institution, with the additional reputational loss
predicted to be ~140% of the announced loss.11”

13
Fraud has an Fraud in the airline
industry
→ index

impact on airlines’ 12, 13

“Benchmark Study:

profitability
2018 Global Airline Online
Fraud Management”,
March 2018 ↗
14
Juniper Report
“ONLINE PAYMENT FRAUD
WHITEPAPER 2016-2020”↗

competent anti-fraud measures; after being

thwarted for a while, fraudsters will move on to

How good are airlines easier pickings.

at fighting this crime? Globally, in all sectors of e-commerce where

credit cards are concerned, the fraud-coded
In the airline industry, payment fraud is chargeback rate is estimated at 0.47%14. Japan
measured in the gross amount of fraud rates are the lowest at 0.3%, bringing down the
chargeback and rejected bookings. In most of average. In Mexico, however, observed rates
the world, the average rate of bookings rejected reach 1.3%. Local factors and banking practices
is 3.8%, though North America experiences that make chargebacks easier explain these high
double that . This could mean that North
12 rates compared to the rest of the world.
American airlines are more cautious and that
they are potentially sacrificing valid orders.
“In the airline industry, the
Overall, full-service carriers reject over twice
as many bookings as low-cost carriers, at 4.5% 1 average rate of bookings
compared to 2% . Fraud pressure can reach
13
rejected is 3.8%” * Source:
a significant percentage of online transactions 14
RSA Security
received, but it can also be reduced with ** Source:
14
Ingenico Payment Services

Top Countries by Attack Percentage of transaction Value Reported as Fraud

Volume* Chargeback by Country (any e-commerce sector)**

1.40%
1.31%

1.20%

1.00%

0.80%
0.80% 0.74%
0.68%

0.58%
0.60%
0.50% 0.50%
0.47% 0.47%
0.40% 0.40%
0.40% 0.36%
0.30%
• Netherlands 6%

• China 8% 0.20%

• UK 9%

• US
Others
52%
25%
0.00%

14
3
Fraud in the airline → index
industry

Forewarned
is forearmed –
what airlines need
Tools and best practices are
the industry weapons

Innovation can help airlines

win the battle

15
Forewarned Fraud in the airline
industry
→ index

is forearmed –
what airlines need

To understand how to better combat fraud, Stolen information is then tested and used in
airlines first need to be aware of how fraud different ways. Fraudsters might mix it with fake
is carried out. “Payment fraud”, an illegal information to create new identities – so called
transaction that is unauthorized, or diverts “synthetic users” – that can then be used to
merchandise, or where funds are unavailable make fraudulent transactions. Large amounts
(including false requests for refunds or returns), of personally identifiable information (user
is but the tip of the iceberg. It is most commonly names and passwords, for example), the product
carried out using stolen or lost credit cards of massive data breaches, are now widely
or card information. Although widespread, it available for purchase. This can be used to set
occurs as isolated cases, with fraudsters using up automated logins to try and gain access to
the credentials as soon as they obtain them. private accounts on a massive scale and take
Payment fraud losses from e-commerce, airline them over.
ticketing, money transfer, and banking services,
are predicted to grow, but this type of fraud is Such Account Take Over (ATO) concerns bank
losing favor with fraudsters, who are starting accounts, online or e-commerce accounts, and
to prefer more elaborate methods, which are loyalty accounts. Fraudsters take advantage of
harder to identify and provide higher rewards. the financial information already linked to the
account, and add new information obtained
These more elaborate methods start with through illicit methods. Fraud committed
theft of information, including data breaches, through a bona fide account that has been
malware and phishing. Employee account taken over is hard to detect. Only if there is a
phishing is an example. Fake emails enable sudden and notable change to the account or
fraudsters to obtain employee credentials. Since in the buying pattern of the legitimate customer
employees often have access to customer might a flag be raised.
credentials and, in the travel industry particularly,
Source:
this information can be quite full, that’s a lot of IATA internal analysis
information cybercriminals can re-use.

Fraud types summary

Information Information Account Fraudulent Physical goods

theft testing theft/creation payment delivery

Data breach Credential stuffing Payment fraud Re-shipping

Malware Card testing Synthetic user Loyalty fraud

First party fraud

Phishing Account takeover ► Account takeover

Employee Employee Employee
account phishing account takeover ► account takeover

Merchant
16
Forewarned Fraud in the airline
industry
→ index

is forearmed – “Benchmark Study:

14, 15

what airlines need

2018 Global Airline Online
Fraud Management”,
March 2018 ↗

As mentioned, ATO also affects loyalty schemes. Some 86% of airlines also either use or are
As indicated earlier, according to Cybersource’s planning to implement 3D Secure16, a card
2018 Global Airline Online Fraud Management industry standard protocol to have the issuer
survey, “loyalty account theft” is the second authenticate and approve their cardholder,
most common type of loyalty fraud in the which protects the merchant from fraud
airline industry (cited by 52%). “Points/miles chargeback by a liability shift. Please, note
purchased with fraudulent/stolen credit cards” that 3D Secure is mandatory in Europe under
has the top spot (cited by 60% percent of Payment Services Directive 2 (PSD2).
airlines). Fraudsters later redeem the funds that
loyalty points represent, either buying tickets, These validation tools are the first front in the
purchasing merchandise, or cashing them in, and fight against fraud, and they are backed up
loyalty fraud is on the rise. by data tools and purchase-device tracking.
On average, merchants use between 10 to
15 different variables to prevent fraudulent
transactions, and this number has increased in
recent years as new technologies have given us
Tools and best access to greater amounts of information.

practices are the Exchanging best practices through fraud forums

and events, and consulting publications by
industry weapons industry bodies is also essential for airlines
to ensure they stay updated with the latest
Of course, while knowledge of how fraud is developments. The Merchant Risk Council ↗
committed is key, it is not enough to prevent it. is a good example, and fraud conferences are
Following best practices in fraud detection and occasionally organized by card schemes or other
prevention is a first step. Where credit cards private organizers.
are concerned, real time authorization requests
is an absolute requirement, as is obtaining
Card Verification Numbers (CVN) - used by
78% of airlines - which cannot be calculated by
fraudsters. In countries that support it, (USA,
UK and Canada), verifying the address of the
cardholder via the Address Verification Service
(AVS) field is an additional safeguard - used by
50% of airlines15.

17
 Forewarned Fraud in the airline
industry
→ index

is forearmed –
what airlines need

However, properly managing fraud according

to best practices has proven challenging for
airlines. Some may not have enough internal
resources or expertise. Lack of resources is
Innovation can help
understandable when significant percentages airlines win the battle
of airline direct bookings require manual
review. Others do not have the technologies
Fraud continues to evolve quickly, requiring
they need, including the ability to track various
an innovative approach to manage it, and the
Key Performance Indicators (KPIs). Some are
implementation of more sophisticated solutions.
struggling to keep compliant as regulations
Optimal fraud management is a balance of
change and improve, adding reporting
three key aspects: accurately detecting and
obligations and fixing different thresholds
rejecting fraudulent orders to minimize fraud
according to country or region. Automation and
losses; efficiently managing the operational
systematization are therefore high on the list of
costs of anti-fraud activities; and maximizing
airline priorities to help improve performance.
the acceptance of legitimate orders, to deliver
a positive experience for legitimate customers.
This is no easy objective to attain, but trends are
moving solutions closer.

Aspects to be
balanced in fraud
management
Source:
IATA internal analysis

l
Minimize Secure Efficient
fraud loss revenue management

Accuralety detect and reject Maximize the acceptance Efficiently manage the
fraudulent orders of legitimate orders, to deliver operational cost of fraud
to minimize fraud losses a positive experience for legitimate management activities
customers 18
Forewarned Fraud in the airline
industry
→ index

is forearmed –
what airlines need

Airlines are strengthening their fraud-fighting Learning (ML) is the first technique being
capabilities, enabling better detection used, to speed up decision-making, improve
and rejection. They are adopting holistic accuracy and reduce costs. With the rise in
management of fraud throughout the entire ML, this branch of artificial intelligence has
company, rather than channel by channel. become a key technique for solving problems
In this way, they can consolidate their fraud in very diverse areas, and is recommended
management teams. This approach also allows for complex tasks or problems involving large
them to redesign the customer journey, where amounts of data and lots of variables, but no
necessary, with the aim of reducing the impact existing formula or equation. This is the case in
of fraud management techniques, such as fraud detection, where the rules of a task are
authentication, on the customer experience. constantly changing with each introduction of
Leading companies are adding weapons such new tactics by fraudsters. ML models continually
as visual monitoring, alerts, robotics, lean analyze and process incoming data, and
management and interactive dashboards to autonomously update with the new information,
their arsenal, helping them to speed up their making ML an effective tool for detecting the
fraud decision-making. Other companies, those most common types of fraud such as payment
which have grown quickly and not been able fraud, account takeovers (whether of customers
to build in-house capabilities, for example, are or employees), triangulation or loyalty fraud.
augmenting their forces with the superpowers of Additionally, it improves accuracy and reduces
fraud specialists. And this can benefit the whole the system’s response time to new attack
industry. Fraud reduction is a shared objective patterns and trends. ML also facilitates real-time
within an economic sector, and specialists who decision-making by rapidly evaluating large
work with multiple companies are able to pass amounts of transactional data, eliminating time-
along the benefits of their experience. consuming manual interaction and, therefore,
enabling a significant reduction in fraud
Advanced analytics techniques are like management costs. Blockchain or Distributed
microscope or magnifying glass, improving Ledger Technology (DLT) also promises future
the effectiveness and efficiency of fraud benefits for fraud prevention. Let’s imagine the
management, thereby reducing costs. The application of this highly secure technology for
integration of high-quality data sources identity management, certification and smart
and the use of new modeling techniques contracts.
are transforming fraud prevention. Machine

19
Forewarned Fraud in the airline
industry
→ index

is forearmed –
what airlines need

The third trend is Strong Customer of creating user friction, it could potentially
Authentication (SCA), which aims to reduce the negatively impact sales conversion. In the
risk of fraud and, therefore, increase legitimate European Union (EU), the PSD2 regulation aims
sales. SCA requires at least two independent primarily to protect consumers, which might
elements among three different categories make it more palatable to them. But it is also
(something the user knows, such as a password important to consider how to alleviate the impact
or Personal Identification Number (PIN); on the client and avoid deteriorating customer
something the user has, such as a smartphone experience. Some exceptions are allowed, low
or chip card; and something the user is, such as risk payments under EUR 30, subscription or
a fingerprint or facial recognition). By increasing recurrent payments or white-listed merchants
the number of steps required at the expense identified by consumers.

Knowledge Possesion Inherence

~,7
l.; ~

,•
Password Smart card

o
Facial features

(ffjj))
Passphrase Mobile phone Fingerprint

o
r.7
Sequence

L.: :.J
Wearable device

(i)
Iris format

~
Secret fact Token DNA signature

••••
Pin Badge Voice patterns 20
Forewarned Fraud in the airline
industry
→ index

is forearmed – 16
McKinsey:

what airlines need

Fraud Management:
Recovering value through
next-generation solutions ↗

In parallel, the international card schemes According to McKinsey16, the impact of such
(Mastercard and Visa (EMV)) have introduced new techniques is significant. Companies using
3DS or 3DS 2.0, which is also compulsory. The them report a 15-20% improvement in fraud
updated 3DS EMV version supports mobile detection, a 20-50% reduction in false positives,
payment and improves customer experience and a 1-2 point increase in customer satisfaction.
by reducing the friction generated by the extra Such measures can be an attractive proposition,
steps it takes for the issuer to authenticate the opening the way for investment. Airlines should
card holder. Gaining ground, mobile payment however bear in mind that fraud, like all crime, is
wallets use the powerful authentication an ongoing campaign. Fraudsters adapt to every
capabilities of the cell phone (fingerprint reader, new challenge and wins on the side of the good
facial recognition) to secure the payment guys are short-lived. Investment therefore needs
transaction. And they reduce friction by storing to be ongoing.
securely the customer's payment details, thus
removing all need to enter them manually.

21
4
Fraud in the airline → index
industry

How IATA supports

the airline industry
to win the battle
Global Airport Action Days:
International collaboration
among airlines, travel agents,
airports and international law
enforcement authorities

IATA Events: Global Fraud

Event and other forums

IATA Fraud Prevention

Working Groups: Payment
Fraud and Frequent Flyer
Fraud

IATA Perseuss

Industry cost of distribution

and payment modelling:
sizing fraud impact

22
How IATA supports Fraud in the airline
industry
→ index

the airline industry 17

Europol press release ↗

to win the battle

A notable feature of fraud prevention is its

IATA Fraud
collegial nature. Like superheroes, joining forces
will result in significant efficiency gains. IATA Prevention Global Fraud
Prevention
provides support to the airlines across various
Event
working groups, events and activities.

Global Airport Action

Days: International Fraud
Prevention
Best Practices
Guides
collaboration among Groups

airlines, travel
agents, airports
and international
law enforcement Fraud Industry Regional Fraud
authorities Sizing Groups

The Global Airport Action Days (GAAD)

is an activity that results in arrests and
investigations of fraudsters. This concerted
effort involves representatives from IATA, online
travel agencies, payment card companies
and Perseuss, as well as airlines and the
Perseuss Global Airport
international law enforcement authorities such
FraudChasers Action Days
as Europol, Interpol, and Ameripol17. In the case
Event
of fraud, pooling understanding and joint actions,
are the only ways an industry can successfully
combat it. Collaboration is required to face the
network of fraudsters.

23
How IATA supports Fraud in the airline
industry
→ index

the airline industry

to win the battle

IATA Events: Global

Fraud Prevention
Event and other
forums
IATA Global Fraud Prevention Event is a
two-day annual symposium, occurring in
Request participation
conjunction IATA's World Financial Symposium
by contacting
(WFS) every year. It brings together airlines,
travel agents and Online Travel Agents (OTAs), ➔ cardservices@iata.org
card schemes, service providers and law
enforcement agencies from all regions of the
world to share the latest payment legislation
developments and industry solutions that will
impact the way fraud prevention is carried IATA
out. IATA is well placed to steer such industry
initiatives, and expert at developing resolutions
and recommended practices. Industry standards
WORLD
simplify common processes, reduce cost and
complexity, encourage innovation and assist
FINANCIAL
airlines in providing a better experience for
customers. And they allow airlines to work SYMPOSIUM
seamlessly with each other and with other
stakeholders such as travel agents, airports, and
governments. Holistic fraud prevention should be
no exception, but the rule.
IATA
There are also airline industry regional forums,
which IATA supports, in Europe, Latin America
and Asia Pacific, the Middle East, and Africa, and
GLOBAL
which meet at least once a year. FraudChasers
is an online secure forum organized by
FRAUD
Perseuss↗, an IATA partner. It brings together
fraud analysts from airlines and OTAs. PREVENTION
How IATA supports Fraud in the airline
industry
→ index

the airline industry

to win the battle

IATA Fraud Prevention IATA Perseuss

Working Groups:
Payment Fraud and
IATA Perseuss is a leading platform for fraud
intelligence, allowing airlines and other

Frequent Flyer Fraud merchants to cooperate to identify and fight

fraudulent schemes. IATA Perseuss enables
real-time access to cross-sector fraud data,
Fraud Prevention Groups for Payment Fraud through community based sharing between
and Frequent Flyer Programs – acting under the stakeholders in the commercial and payment
Pay-Account Standards Board↗, one of the five industry. As fraudsters don't limit their activities
Management Boards that ultimately report to the to one industry or region, there's an average
IATA Passenger Standards Conference – have fraud overlap of 35% between merchants. By
developed Fraud Prevention Best Practices (FP cooperating and learning from each other,
BP) Guides, for airlines. These guides are a true industry can decrease fraudulent transactions.
industry-collaborative effort, with many airlines
from around the world contributing to each of
them. Covering all the major aspects of payment-
fraud and loyalty-fraud prevention respectively,
they are updated on a continual basis. ◄

Request IATA recommended best

practices by contacting
➔ cardservices@iata.org
MPerseussJ

◄
How IATA supports Fraud in the airline
industry
→ index

the airline industry

to win the battle

COVID-19 crisis has put temporarily on hold

these undertakings. IATA has reviewed priorities

Industry cost of to support the industry during these challenging

times. In this regard IATA's focus in 2020 is on
distribution and three Emergency Priorities improving airlines’
liquidity, reducing their costs and preparing the
payment modelling: industry for activity restart. Airlines’ tight cost

sizing fraud impact

control remains more relevant than ever. IATA
expects to resume this work very soon and is
open to include any airline wishing to contribute.
Additionally, in 2019, IATA received a new
strategic mandate from its Board of Governors.
This strategy was articulated around ten
strategic streams, covering aspects from digital
Airlines wishing to participate,
transformation to environment. Stream 7, “Airline
please contact IATA at
Efficient Process” scope consists in helping the
industry to reduce its cost of distribution and ➔ cardservices@iata.org
payment. Following goals have been established:

2022
3% airline unit cost reduction vs. 2017

2035
30% airline unit cost reduction vs. 2017

Therefore, under the Financial Advisory Council

(FinAC), IATA received the mandate to estimate
recurrently the size of cost of distribution and
payment acceptance. In collaboration with the
Payment Method Working Group (PMWG), IATA
has identified what concepts to include in such
study. In the area of payments, these cover
payment processing fees, fraud and defaults
and treasury management. Various industry
groups, including those dedicated to Fraud
Prevention have agreed on the metrics and
collection of data methodology.

26
5 Surfing on a wave Fraud in the airline → index
industry
of bank modernization

The industry can rise

to new heights

Imagine a world in which all industry

stakeholders would share intelligence on
cyber-security and fraud challenges across our
industry. And not just challenges but also details
on existing solutions. Where none are readily
identified, all actors work together to identify
them and, when needed and possible, develop
then in a faster and more cost effective way than
anyone could do on their own whether at the
passenger transaction level or the agent level.
IATA could also assist the industry by developing
relevant tools to help relevant stakeholders
address payment and frequent flyer fraud risks.

Let’s keep imagining! Innovative smart new

contracts, governing a particular transaction
with any travel actor, can stipulate the preferred
payment method, fraud levels suspected or
specifying that it be made at a specific date
to encourage the transaction and control
costs. For example, using dynamic offering in
distribution with payment and fraud prevention
could potentially be a win-win-win proposition,
providing a safe, fast and cost-efficient cash
collection for the airline, while agents (and
ultimately the traveling customer) could benefit
from a lower fare or other benefits.

The travel industry must secure a place and

act now and decisively by offering innovative
and cost-effective fraud approaches that meet
customers’ needs, but also support the industry
to face current COVID-19 crisis challenges.

27
Subscribe to IATA Air Pulse
to learn more with future
publications on payments.

www.iata.org/airpulse