Get the opportunity to grow your influence by giving your products or services prime exposure with Performance Magazine.
If you are interested in advertising with Performance Magazine, leave your address below or contact us at: [email protected].
Image Source: Pexels | cottonbro studio
Editor’s Note: “Fraud in the Travel Industry: Is Digital Footprinting the Solution?” is originally published in the latest edition of PERFORMANCE Magazine – Printed Edition. This article is written by Gergo Varga, Senior Content Manager / Evangelist at SEON.
Businesses in the travel and ticketing industry are seeing more and more customers buying travel tickets online rather than in person. With this convenience come some risks, creating the need to mitigate against established and emerging types of digital fraud alike.
Of course, fraud is not just an issue for ticketing companies but any industry that focuses on card-not-present transactions and services to streamline customer payments. However, there are different touchpoints and pain points in each sector, and you can only mitigate it if you know what kinds of fraud can hit your business and how you can deploy the right strategies to stop cybercriminals in their tracks.
According to Condor Ferries, online travel bookings now exceed $817 billion around the world in total worth, with an estimated 148.3 million individual bookings completed annually. Following this rise closely, travel and ticketing fraud has become an increasing problem for companies, with fraudsters usually targeting the online ticketing process itself.
Different Kinds of Fraud in Travel and Ticketing
Carding is one of the main types of fraud faced by companies. Carding involves the illegal acquisition of debit and credit card credentials and their use by fraudsters pretending to be the legitimate cardholder.
Tactics employed by fraudsters to gain this information from their victims include card cloning, RFID skimming, phishing, spyware, data breaches and BIN attacks, for instance. In the case of RFID skimming, for example, the public has been so concerned about this in recent years that companies like Duo have had to create guides explaining RFID blockers and similar devices to inform their customers. Fraudsters using a cloned card or stolen card information can then create an account on a website and attempt to buy tickets using it.
But why does this matter to companies selling travel and other types of tickets online? One concern is chargebacks. When the legitimate cardholder realizes a criminal has used their funds, they will ask the card-issuing bank for their money back. In these cases, the merchant ends up losing both the money and the ticket issued, as well as incurring certain admin fees to the bank.
Sometimes, fraudsters use ticketing websites to do testing – to test if the cards they’ve acquired illegally are still “live,” meaning that they haven’t already been frozen or canceled. This entails attempting a payment with each card number, usually small in value, before marking the live ones still in use and moving on to larger, more ambitious schemes with them.
Even when the money the ticketing service loses is small, this can have a knock-on effect because card-issuers keep track of what’s called a chargeback ratio, or how often a merchant incurs chargebacks. If it’s too often, they increase the standard processing fees the merchant pays for each payment — legitimate or not – and, in some cases, even ban merchants from using their networks outright. This means you can no longer serve customers paying with specific types of cards, such as Mastercard or Visa.
Criminals can also try to make a profit by reselling certain types of tickets (usually last-minute flight offers) on dark web marketplaces or via encrypted social media, such as Telegram, as explained in an article on the dark web on Peraton.
Other tactics that cybercriminals use on airline sites include booking a flight using card details that they’ve stolen and then cancelling them. This is so that their account can still be credited with any adjacent bonuses and miles, even if they have canceled the flight, which they will use for other fraud moving forward. Although not as common as they once were, bonus miles and other extras are advertised by airlines and other companies, such as United, as an incentive for travelers to choose them over competitors.
Ticket scalping is another pain point for travel as well as other types of ticketing websites. This occurs when fraudsters use bots to bulk buy tickets from ticketing or travel companies online, causing the flight or event to sell out.
First, they might use an auto refresher to spot when tickets have gone on sale. Then, they’ll employ scripts to automatically fill out forms and details during the transaction process. Fraudsters might also use pre-bots to create multiple fake accounts across many different websites. If a site requires customer identification, then fraudsters might attempt to provide this in the form of stolen or synthetic IDs.
Ticket scalping is a form of arbitrage, as they then resell tickets to customers for a marked-up price, generating a profit. This is also known as ticket touting or ticket reselling and doesn’t just affect travel companies but also music, entertainment, and sporting events.
One prominent case of ticket scalping in the travel industry was during the height of the COVID-19 pandemic, at the start of which airports canceled flights in the face of impending lockdowns. In a report, CNN describes how scalpers seized an opportunity to sell air tickets on the black market to Chinese students looking to travel from the US to China to join their families. With rumors of airlines slashing seats and inbound flights, agents turned into scalpers by putting up a premium on these now highly desirable tickets.
The CNN reporter found a $300-450 booking was hiked up to the equivalent of $1,650 by agents acting as scalpers. According to the report, the Civil Aviation Administration of China claims that it has lost $70,000 to ticket scalpers and has since rolled out price control and outright bans on some ticket exchanges and proxies.
With the right fraud prevention and detection software in place, organizations can spot and prevent fraudulent accounts before they have a chance to target your transaction process.
Digital footprinting can be part of that process, helping assess the true intentions of any customer looking to transact. Imagine a fraudster who has acquired card details stolen during a data breach and is looking to register an account to buy tickets fraudulently and then resell them for a profit.
It’s at this sign-up touchpoint that digital footprinting techniques, such as reverse email and phone lookup, can help. The digital footprint module will check this new user’s email address or phone number to see if they have social media or other web histories.
Why does this matter? Because reverse lookup tools, as a form of data enrichment, tell you a lot about a user. Starting with information the customer submits, such as an email or phone number, digital footprint analysis sources hundreds of data points to create an accurate, real-time profile of the person who uses the address or phone number, from which we can evaluate their intentions – or even automatically ban or approve them.
For instance, when a customer provides a phone number as part of their check-out process, you can use the resulting data points to find out if this phone number is a disposable or VoIP number, as well as any associated names and addresses. As SEON’s guide to phone lookup explains, using reverse phone lookup, you can find out whether the phone number is valid, the country the carrier is based in (which you can combine with IP analysis), and any connected social media or instant messenger accounts, among other information.
Real people, even those who aren’t techies, almost always have some sort of online presence. But if a new user’s phone or email address is not linked up to any social media or online platforms – for instance, accounts on Airbnb, Skype or Facebook – you have good reason to be suspicious and thus request additional verification and proof of their identity. Furthermore, each country has its own mix of popular digital services, so a customer that deviates from the norm could also signal an anomaly that warrants closer inspection.
It’s incredibly difficult and complex for fraudsters to fake a legitimate digital footprint. The email address they create to defraud you will not have a digital presence, instead having been created recently just for this purpose. Scalpers use bots to bulk buy tickets, and these are typically in control of multiple accounts at a time (multi-accounting). All these accounts, of course, will have registered using new, not-before-seen-online email addresses. This is a huge red flag.
Digital footprinting can be a good low-friction fraud prevention and detection option, as it can help keep the transaction experience for your genuine customers efficient and enjoyable. With risk ratings, each individual looked at can be assigned a risk score on the basis of their profile, and a customer with no digital footprint will have a much higher risk score than a user with one. Such risk scoring can help introduce friction only where it is needed, in what’s called dynamic friction that changes based on the customer’s score.
Although digital footprinting is an excellent, cutting-edge tool for spotting fraudsters, it works most effectively when combined with other fraud prevention and detection tools. Device fingerprinting involves collecting information about a user’s device, while IP analysis looks at where in the world they connect from and how. These help in multitude ways. For example, it is suspicious if several different users use the exact same device and IP, so an extra check can be introduced.
Another consideration of fraud prevention is velocity checks, which examine customer actions through the lens of time. For example, if a customer has attempted to purchase multiple tickets from your website for events at various locations over the course of just a few hours, then this will be flagged by the velocity-checking process. While some customers may do this for legitimate, non-fraudulent reasons, it can also be a sign of fraud. Other kinds of behavioral analytics include looking at abnormal interactions and a user’s typing cadence.
By combining data points from digital footprinting, device fingerprinting, velocity checks and more, through sophisticated fraud prevention software, travel companies can be better protected.
Some vendors allow the merchant to fully customize each of these elements to match their risk appetite and past fraud events, while others promote a set-and-forget approach, often making use of blackbox (non-transparent) machine learning.
Digital footprinting is a great tool to stop fraudsters from hijacking your ticketing and other transaction systems. Thanks to data enrichment, it crucially involves scaling, which means that you can introduce as many or as few checks as you need, from 100 checks an hour to one check an hour.
By adopting strategies such as dynamic friction, suspicious accounts will need to provide more information, while customers proven to be trustworthy will enjoy frictionless check-out – all keeping you safe from instances of carding, account takeovers, and ticket scalping, as well as every other type of fraud.
About the author
Gergo Varga has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He’s the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Senior Content Manager / Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what’s happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.
High quality data can play a huge role in increasing efficiency and improving performance and can help managers in the decision-making process. Sometimes, it is acceptable to make decisions based on instincts and gut-feelings, but the majority of them should be backed up by numbers and facts.
Data-driven decision-making is a process of collecting measurable data, based on organizational goals, extracting, and formatting data, analyzing the insights extracted from it, and using them to develop new initiatives. Nowadays, advanced software is available to help with data gathering, processing, reporting, and visualizing, to support managers.
The main steps of the decision-making process
The first step to build a well-functioning, data-driven decision-making process is to clearly define organizational goals, and to identify the questions to which the answers we find can help reach these goals. For example, if our company’s revenue goal is to increase its portion of the market share by 20% until the end of the year, a good question would be: what are the most important factors which have influence on market share?
The next step is to identify data sources and to find custodians. The source of the data highly depends on its type. There are qualitative data, which cannot be expressed by numbers, and quantitative data, which can be measured by numbers. We can collect data from primary and secondary sources. Primary sources can be observations, interviews and surveys, whilst secondary data can be collected from external documents, third-party surveys and reports.
The third main step is to clean the gathered data. During the data cleaning process, raw data is prepared for analysis by correcting incorrect, irrelevant or incomplete data. There are six data quality dimensions which should be kept in mind, during this process: Accuracy (indicates the extent to which data reflects the real world object), Completeness (refers to whether all available data is present), Consistency (refers to providing the same data, for the same object, even if this data appears in different reports), Conformity (consists in ensuring that data follows a standard format, such as YYYY/MM/DD), Timeliness (indicates whether the data was submitted in due time, respecting the data gathering deadline) and Uniqueness (points out that there should be no data duplicates reported).
Only now, the data analysis process can start. Statistical models should be used to test data and find answers to the business questions identified beforehand. Descriptive statistics can help to quantitatively describe and summarize features of data and to describe, show or summarize data in a meaningful way. For example, monthly sales or changes in employee competency levels can easily be presented in a visual manner.
Interferential statistics can help find correlations between different variables and predict future outcomes. For example, by using regression analysis, we can make a prediction on how growth, experienced in the employee competency level, can positively affect the sales volume.
Even if the data gathered is cleaned and correct, and the data analysis process has respected all the recommendations above, if the data is not presented in a meaningful way, it will not be of much use. Well-presented information and the outcomes of the analysis can help in interpreting data, thus supporting the decision-making process. From time to time, data should be updated and re-evaluated, to make the best decisions in today’s continuously changing business environment.
The advanced analysis techniques and software, which are available nowadays for the majority of organizations, make it possible to build up a data-driven decision-making culture, which leads to more prudent business decisions. These tools generate more thoughtful decisions that help performance improvement, which ultimately lead to organizational growth.
Find out more about the dat sources in our Certified Data Analysis course.
We already know that good quality data can help in the decision-making process. The first important step is to collect data from reliable sources. There are two types of data sources to consider: primary and secondary.
Data from primary sources are first-hand data, tailored to provide information on the firm’s own products, customers, and markets. It can be collected from both the internal (employees, board of directors, investors etc.) and external stakeholders (customers, suppliers etc.) of our organization.
Data from secondary sources are facts & figures already collected and recorded prior to the analysis done by others, and can be collected from internal sources, i.e., our annual report, sales data etc., or external secondary data, from government database and reports, national reports etc. This type of data includes both raw data and published summaries.
Primary and secondary data can be either quantitative or qualitative. Quantitative data refers to numbers and quantities like age, competency level, etc. Qualitative data is descriptive, observable and cannot be measured, i.e., clothing style.
Sources of primary data
The most widely used methods of primary data collection include the observation, interview, and survey. While these are not the only ones, most others are less popular than the former three.
The observation is the most used method of data collection in social and natural sciences. This method consists of gathering knowledge by observing certain phenomena when it occurs.
There are two types of observations: participant and non-participant. In case of the participant observation, the researcher watches the events and activities from inside, by taking part in the group he is observing. The researcher can freely interact with the participants. In the case of non- participant observation, this occurs when the researcher observes the events passively, from a distance, without direct involvement.
During this specific data collection process, chances of personal biases are high, as the observer interprets the situation in his/her own way.
When it comes to all fields of science, the survey is one of the most used methods of data collection in research. Questionnaires are formulated to acquire specific point information on any subject area. The questionnaire is an inexpensive method of data collection, when compared to other methods of primary research. Questionnaires can be submitted by vast audiences, at a time, and responses can be registered quite easily.
Lastly, the interview is another important method of primary data collection in all fields of science. During the exchange, the interviewer collects information from each respondent independently, making this process much more expensive and time-consuming when compared to other methods of data collection.
Sources of secondary data
We can collect secondary data from many sources, such as:
What data sources should we focus on?
There are advantages and disadvantages to each of the sources, which is why choosing the appropriate data source is highly dependable on the research’s objective. Here are some considerations that might help deciding:
Advantages of data from primary sources
Disadvantages of data from primary sources
Advantages of data from secondary sources
Disadvantages of data from secondary sources
As we can see, data collection can come in many forms, types, and methods, almost as varied as the very object it desires to aggregate. Which method suits your needs is conditional on your research objective. Whilst some may require an in-depth, live approach via the interview or even observation, others could do with just a quick & easy fix, via surveys.
Moreover, carefully consider which sources will yield the most accurate and trustworthy data. Some research benefit greatly when you incur information from primary sources, whilst others yield surprisingly pinpoint results with just secondary references.
Find out more about the dat sources in our Certified Data Analysis course.
No matter the size or type of your business, reports probably get created for it regularly. Whether you’re a public agency or a private organization, data clarity & accuracy are two must-haves nowadays.