One of the key drivers of travel’s evolution from
a primarily offline, manually processed business to one increasingly
coordinated online has been the transformation of the payments industry.
The development of the internet, followed by the
birth of e-commerce - notably Amazon in 1994, eBay in 1995 and shortly
thereafter online travel brands such as Travelocity and Expedia - spurred a
need for digital payment options.
One of the first was PayPal, launched in 1999,
and today there are hundreds of ways for consumers around the world to pay for
products and services online.
According to the World Payments Report 2018 from Capgemini and BNP Paribas, global non-cash
transaction volumes grew at 10.1% in 2016 to reach 482.6 billion. That rate is
expected to accelerate through 2021 to 12.7% compound annual growth rate
globally, with emerging markets growing at 21.6%.
But in tandem with the rise of e-commerce has
been a rise in fraud.
According to ACI
Worldwide, the top 21 breaches in 2018 impacted more than 2.5 billion
customers around the globe. Seventy-four percent of organizations have been a victim
of payment fraud, and the average cost of a data breach in 2018 was $3.86
million.
For part two in our series on travel payments, we
talk to industry experts about fraud: the unique challenges facing travel
merchants and the latest strategies to fight fraud while also creating a positive
experience for legitimate customers transacting online.
Background
In the next few years, Phocuswright predicts online will surpass
offline as the method of booking across all segments travel globally.
According to Phocal Point's Global Market Sizing, online booking accounted for 46%
of the total market in 2018 but will increase to 51% - and a value of $838
billion - by 2021.
Subscribe to our newsletter below
Along with this shift to booking online has been a shift
to paying for that travel online - initially just on a desktop computer and now
increasingly on mobile, through credit cards, bank transfers, e-wallets or
other methods.
Digital transactions in any industry are a target for
criminals.
But the travel industry has certain unique characteristics compared
to other e-commerce categories, such as apparel, food and gaming, that can elevate
the potential for payment fraud and make it more difficult to detect.
Average transaction value is high
in travel - Sift estimates the average price of a fraudulent booking is
between $283 and $588 - and there is no physical product that needs to be picked
up or delivered.
Many travel bookings also are made
at the last minute. Sift estimates 72% of mobile hotel bookings are
made within one day of a stay.
“Life happens and you need to get
someplace quickly. So there is always a pressure to handle any assessment of
fraud with some immediacy,” says Jeff Sakasegawa, Sift trust and safety
architect.
Many travel merchants are dealing with bookings initiated
on desktop computers and mobile phones from all over the globe, so traditional indicators
of fraud don’t necessarily fit.
“In travel ... it’s normal to be receiving an Indonesian card
from a Peruvian IP address, for example. That could be a normal client. This is
not the case for all other verticals,” says Rodrigo Camacho, chief commercial
officer at Nethone.
As ACI Worldwide’s principal fraud consultant, Marc
Trepanier, puts it: "The challenge for banks and merchants is that everything
can look risky.”
The balance
According to Forter’s 2019 Fraud Attack Index, land travel companies
such as hotels, car rental agencies and train service providers saw a 19%
increase in attacks from January through December 2018, while air travel
experienced a 29% drop in fraud attacks.
The challenge for banks and merchants is that everything can look risky.
Marc Trepanier - ACI Worldwide
“This indicates that the large data hacks within the
industry, some of which made passport information available along with other
stolen data, have yet to be reused to commit air travel fraud. This data is valuable
enough to be leveraged for fully fledged identity theft (which may have many
stages) rather than ‘thrown away’ on a single fraud attempt,” the report states.
But statistics about attacks only paint part of the picture
of the true cost of payment fraud.
Along with revenue lost due to hacker activity, travel
merchants are losing billions of dollars in revenue every year when they reject
or cancel bookings that trigger a suspicion of being fraudulent.
According to the 2018
Global Airline Online Fraud Management report from Cybersource and Phocuswright,
global airlines reject or cancel nearly 4% of bookings in direct sales channels
due to suspicion of fraud, resulting in a loss of 1.2% in revenue. By 2020, the
report estimates that will translate to about $2.8 billion in lost revenue.
Within those figures of rejected or cancelled bookings are
the false positives - the legitimate customers that are blocked from completing
a reservation due to the merchant’s fraud detection system.
And the cost is of these false positives goes beyond a
single transaction.
“It’s a very competitive space, and a lot of [travel brands]
are counting on repeat business,” says Michael Reitblat, co-founder and CEO of
Forter.
“If you are making all the marketing efforts to bring that customer
in and they want to transact and you decline them, they will not come back to
your platform again. They will go somewhere else that will accept them. So it’s
important to not just view it as one transaction but look at entire lifetime
value of that consumer.”
Machine learning
The cause of these false positives, say industry experts, are
the rules-based models used by traditional fraud detection systems. Relying on
rules - such as an airline rejecting all reservations if the distance between
the IP address of the purchaser and the departure airport are beyond a specified
amount of miles - creates a system that is unnecessarily rigid.
If you are making all the marketing efforts to bring that customer in and they want to transact and you decline them, they will not come back to your platform again.
Michael Reitblat - Forter
“What’s the difference between
someone living 1,999 miles away from the departure airport and someone living
2,0001 miles away?” Camacho says.
“And yet we are
making a dramatically different decision. This is happening every single day
right now. All the largest airlines in the world - this is the way it’s working
right now.”
Machine-learning technology enables fraud detection systems to
analyze customer activity with a more holistic view, using algorithms that
analyze large data sets rather than relying on one or two data points to
determine if a transaction should be accepted or rejected.
There are additional benefits to machine learning
including speed, efficiency and improvement with scale.
“With more volume that we get, the
more data we see, the more consumers flow to patterns ... the more accurate the
system becomes,” Reitblat says.
But specific parameters
of fraud detection can also be influenced by economic factors.
“If you are
an OTA and your margins for air traffic are very, very low, you will tune the
system to be way more restrictive because fraud can eat into a big portion of
your margin,” Reitblat says.
“But if you are in hospitality and margins are higher, you will
probably be optimizing more for reducing friction as much as possible,
optimizing customer experience and increasing acceptance even at the expense of
a little higher fraud.”
That need to balance fraud detection with a positive user
experience will continue to be an issue for travel brands, but industry experts
say it is an issue that can be addressed.
“The job of modern
fraud prevention solutions is to keep the risk exposure at bay or at a
reasonable level but liberating more sales because we can better recognize the
real threat,” says Nethone CEO Hubert Rachwalski.