Preparation is vital to cut fraud risk
Attacks by cybercriminals are an ever-present consideration for airlines. There is no “silver bullet”, but carriers can take steps to reduce their exposure and keep up with the rapidly changing landscape, writes Lisa Rankin, vice-president of partnerships at Accertify.
This article is shared with permission from the publication.
Those new attacks emerge quickly and can mean major dollar losses, making it critical that fraud-prevention teams are prepared to fight back.
Of course, preparation and planning are important for the successful operation of airlines every day – the same is true for the systems behind the scenes. Teams need to be prepared for when things don’t go according to plan.
Individuals who work to prevent airline fraud need to have the right tools, training and people supporting them to have an effective prevention programme. Being prepared, proactive and learning from the community of professionals will help to prevent fraud.
One of the challenges of managing fraud is that bad actors are constantly finding new attack vectors. Fraud professionals need to be diligent in addressing and mitigating known vulnerabili- ties, while monitoring the payments system for atypical behaviours.
The good news is that while fraudsters have become more organised and sophisticated, so have the tools and strategies to identify and prevent their attacks. Ensuring fraud teams have the tools and training in place prior to a large-scale coordinated attack can help reduce the risk of being attacked and enable an organisation to respond quickly if such an event occurs.
Airline fraud prevention efforts have been boosted by the use of machine- learning models to identify and detect fraud trends that may not be easily observed and prevented with a strategy that relies on a rules-based approach. While many fraud tools offer machine learning, the effectiveness of those algorithms is highly dependent on the fraud signals feeding into the models. Knowing the experience with specific transaction attributes across a community of businesses, such as the riskiness of cer- tain routes across several carriers, can increase fraud detection rates versus relying on individual airline data.
“One of the challenges is that bad actors are constantly finding new attack vectors”
Vice-president of partnerships, Accertify
Airlines are also more frequently combining device intelligence with the user’s behaviour. Collecting data on the device used to make a transaction can dramatically improve fraud results by providing information on attributes such as if the device has malware installed or if it has been associated with fraudulent transactions previously.
Many solutions are now augmenting device intelligence data with information about how the user interacted on the site prior to transacting – did they research flights on different days, did they scroll the site or copy and paste information, and so on? Understanding what a typical customer journey is versus an atypical journey can help identify and stop automated attacks or a sophisticated manual attack.
Historically, fraud prevention professionals focused on an individual transaction and analysed the attributes of the transaction in isolation. One tactic to gain better insight into the risk of a specific transaction is to evaluate it for out- of-pattern behaviours. When you see a last-minute, first-class international flight booked by a customer who has only flown economy class on domestic routes previously, for example, this might signal a legitimate out-of-pattern spend event or a fraudster. Either way, the transaction warrants further investigation. Having a solution that is able to alert you to the anomalies and prompt for additional investigation is an important tool for mitigating fraud.
With any strategy there is no “silver bullet”. It is important that airlines employ a multi-layered prevention approach so they are prepared when online fraud strikes. While rule engines or machine learning alone are not enough to prevent more sophisticated fraud at- tacks, a robust rules engine, in conjunction with machine learning, user-behaviour analytics and prepared fraud prevention specialists, are critical parts of any successful solution.
Rules engines in particular are an ef- ficient and effective tool for implementing policies where airlines are looking for a binary output. If and when an airline finds itself under a fraud attack, a robust rules engine can be used to stop the attack from affecting additional customers while it does some deeper analysis to remediate the risk.
Like all airline employees, fraud prevention professionals need to be prepared and have the tools, training and teams around them to do their jobs successfully. They should start with a defined approach to catching and reducing fraud from known attack vectors – while also being prepared for unexpected attacks and able to correct their course as needed.