MANAGING FRAUD ON TRAVEL BOOKINGS
EXECUTIVE SUMMARY The highly competitive travel industry faces a unique set of challenges around payments acceptance and fraud prevention. The sector is particularly susceptible due to an increasing number of virtual, remote bookings that offer high-value, low-risk opportunities for fraudsters to act as intermediaries rather than choosing to travel using the fraudulent booking themselves. Whether a merchant is an airline, travel agent, hotel or car hire company, most operators in the travel industry rely on low-margin transactions and the ability to fill as many customer spaces as possible, making it critical to strike the right balance between efficiently processing genuine customer bookings and protecting the company from the risk of fraud. Despite this, across the sector few sophisticated fraud tools are in use and merchants rely heavily on manual review processes and card issuer fraud prevention measures such as address verification (AVS), card verification number (CVN) and 3D Secure. This often creates inefficient fraud prevention processes, reduces accuracy and acts as a drain on merchants in-house teams. It is no surprise that, for many travel operators, fraud rates can reach ten times target levels, and many are losing revenue not only to fraudsters, but also by inadvertently declining good customers. Here, ACI Worldwide outlines some of the key fraud management issues facing the travel industry and provides best-practice tips on how to mitigate them. 1 TIMING HOTSPOTS TIME TO DEPARTURE Last minute bookings are a major fraud management challenge, with fraudsters often making their bookings as close as possible to the time of travel to improve their chances of evading detection. Across ACI s travel merchants, nearly 80% of the total volume of chargebacks occur where the time to departure is less than three days. By contrast, approximately 4% of chargebacks come from longer term bookings where the order is processed more than 60 days in advance. % of Total Chargebacks 65% 60% 55% 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% ATTEMPTED FRAUD (CHARGEBACKS) ACROSS TIME TO DEPARTURE <1 Day <2 Day <3 Day <4 Day <5 Day <6 Day <7 Day <8 Day <9 Day <10 Day <30 Day <60 Day <90 Day >90 Day Source: ACI travel merchants, Jan June 2017 2 Managing Fraud on Travel Bookings
With last minute bookings also popular with genuine customers, merchants have a challenge on their hands to distinguish between good and bad bookings. For this reason, other trends in each sub-segment become important in helping to spot the fraudster. For instance, in hotels, last minute bookings by fraudsters are often for short stays in desirable locations. For airlines, these last minute fraudulent bookings are usually for standard or economy class, to avoid attracting attention. BOOKING CHANGES Fraudsters are also well versed in the advantages of changing a booking at the last minute. Here, a fraudster will make a booking well in advance of the travel date, knowing that this type of purchase looks low risk to a fraud management team and is less likely to be challenged. The fraudster will then change the booking close to the departure time, with the knowledge that some travel companies do not re-screen for potential fraud on booking changes. These booking changes are also often completed across different channels, which can make the fraud harder to spot. For instance, it is a common practice for fraudsters to make their original booking online and then call a contact center to make the amendment to the booking, because contact center staff are generally not trained or targeted to look for fraud. A lack of data compilation and sharing across channels also means that the fraudulent activity can be difficult for merchants and their fraud providers to pick up. 2 LOCATION HOTSPOTS High attempted fraud rates on foreign payment cards continue to be a common problem for travel sector merchants, creating particularly difficult fraud management challenges for merchants looking to expand internationally. However, there are broader and more complex location-related trends which all travel companies must be wary of. For instance, some travel routes are more frequently targeted by fraudsters, with locations such as Nigeria, Egypt, Malaysia, Indonesia, Russia, the Dominican Republic, Ghana, Brazil and South Africa being some of the highest risk, as either the departure location or the travel destination. It is also common for fraudulent bookings to cover travel from a country of high economic prosperity to less developed regions. 3 BEST-PRACTICE FRAUD PREVENTION FOR TRAVEL COMPANIES With effective fraud prevention strategies and solutions, travel companies can mitigate these areas of risk, successfully increase revenues and open up new routes and payment channels. To find the right balance, ACI analysts offer the following recommendations: Move beyond 3D Secure: While the liability shift offered by fully authenticated 3D Secure (3DS) transactions is of great benefit to travel companies, it is important to use additional measures for a couple of reasons: The rise in dynamic 3DS means consumers are having to enter their passwords less frequently, which is increasing the percentage of fraud that is fully authenticated via 3DS. Fraud which passes through 3DS still counts towards a merchant s overall fraud level with the card schemes, making it vital to monitor and screen these transactions to avoid scheme penalties. Fraudulent 3DS bookings are a source of fraud intelligence merchants must capture this data to build a more holistic picture and stop associated fraud. Practice positive profiling: Wherever possible, it is valuable to proactively collect, collate and analyze as much customer profile information as possible, including passenger name reference (PNR) data, email, address information, associated payments information, customer preferences and booking history. This allows merchants to build a positive picture of their genuine customers and ensure their bookings are processed seamlessly helping to support loyalty and increased sales. Use all available data: Fraud rules and predictive models must be built on a thorough understanding of all available internal and external data. Collaboration and sharing fraud intelligence among travel sector companies and other players in the payments chain 3
can enable merchants to get a fuller picture of customer profiles and fraud trends supporting better informed fraud strategies and effective action to adjust rules, block fraudsters and prevent further losses. Tailor fraud strategies: Using fraud and customer data to create tailored but flexible rules allows fraud prevention strategies to be targeted and effective, reducing false positives and the impact on genuine customers, while keeping fraud to a minimum. Fraud solutions must be tailored to payment type, customer and card issuer location, timing of booking, etc. and include customer history and profiling information. They also must be adapted in line with seasonal changes and promotions, emerging trends, merchant KPIs and market developments. Employ comprehensive monitoring and reporting processes: Quick and accurate reporting is crucial in the fight against fraud, since small increases in fraud can have a huge impact, eating into already small margins. Effective and timely reporting allows for new and emerging fraud trends to be picked up and fraudsters to be closed down quickly. The ability to use business intelligence tools and analytics to monitor transactions and interrogate data in a timely way can also help to produce fast, actionable intelligence which can heighten performance and support a continuous improvement process. Prioritize high-risk and short-notice bookings: Real-time screening of transactions is essential for timely action against fraud and to ensure genuine customers receive smooth service. Automated decisioning plays an important role in this process particularly for merchants who can t operate a 24/7 fraud management team. Implementing different rule strategies for short-notice bookings made outside of office hours can help manage the potential impact of fraud and optimize use of internal resources by automatically releasing or canceling orders. For those bookings which can be manually reviewed, high priority cases need to be prioritized in the process to ensure minimal disruption. Screen and re-screen: Real-time screening of transactions is essential, but not sufficient. Fraud and customer data is constantly changing and what doesn t look like fraud at the time of booking, may look different once new fraud data is added later. Retrospective screening can help to build a more accurate, detailed profile of transactions and associated fraud. In this way, bookings that are initially accepted and later identified as suspect or confirmed fraud could still be recovered by canceling bookings before the travel date, or, where the travel date has already passed, initiating refunds and preventing associated bookings from being processed. 4
ACI Worldwide, the Universal Payments (UP ) company, powers electronic payments for more than 5,100 organizations around the world. More than 1,000 of the largest financial institutions and intermediaries, as well as thousands of global merchants, rely on ACI to execute $14 trillion each day in payments and securities. In addition, myriad organizations utilize our electronic bill presentment and payment services. Through our comprehensive suite of software solutions delivered on customers premises or through ACI s private cloud, we provide real-time, immediate payments capabilities and enable the industry s most complete omni-channel payments experience. LEARN MORE WWW WWW.ACIWORLDWIDE.COM @ACI_WORLDWIDE CONTACT@ACIWORLDWIDE.COM Americas +1 402 390 7600 Asia Pacific +65 6334 4843 Europe, Middle East, Africa +44 (0) 1923 816393 Copyright ACI Worldwide, Inc. 2017 ACI, ACI Worldwide, ACI Payment Systems, the ACI logo, ACI Universal Payments, UP, the UP logo, ReD, PAY.ON and all ACI product names are trademarks or registered trademarks of ACI Worldwide, Inc., or one of its subsidiaries, in the United States, other countries or both. Other parties trademarks referenced are the property of their respective owners. ATL6563 11-17 5