Booked your summer holiday yet? February is one of the busiest months of the year for booking trips. But, despite making every effort to avoid getting scammed, some consumers could still end up falling victim to fraud — in a way they'd least expect.
Fake villa anyone?
The average cost of a holiday for a family of four ranges from £2,000-3,000 according to newspaper reports. So it's no wonder that criminals set up dodgy websites packed with fake luxury villas in an attempt to cash in.
The Association of British Travel Agents (ABTA) is so concerned for travellers, that it's running an advertising campaign called 'Travel with confidence’ throughout February 2017.
Consumers are being warned about fraudulent websites, online scams and travel companies that have no financial protection. "Be smart, always book with an ABTA Travel Company" — that's the underlying message. And there's much to applaud about the campaign.
Fraud happens with real companies too
Unfortunately, there's another danger that awareness campaigns can miss. Problems can also happen with real companies, selling real products. It occurs when the card data received from customers in Card Not Present (CNP) transactions slips into the wrong hands.
The scenario can work like this: A consumer calls up a reputable flight operator or package company, to book their holiday and speaks to a contact centre agent. The agent asks the customer for their card details to take payment, and the customer reads these details out loud over the phone – these are manually keyed in by the agent. The payment goes through, email confirmation arrives and the customer can relax and look forward to July.
Summer can't come soon enough, but trouble strikes
Imagine what would happen if the agent taking the customer’s booking scribbled down the customer’s card details to use later for themselves — or they sold the information to someone else? What if someone else was watching over the agent's shoulder and made note when the card numbers appeared on the screen?
Don't forget, the call was also probably recorded for training purposes - what if someone listened back to the call recordings to get the credit card details? And what if the travel company's systems were hacked or batch information sent via partner websites were intercepted — and thousands of your customers’ card numbers were stolen?
Criminals exploit the weak links
In the UK, CNP fraud across all sectors is currently costing £400 million per year and it's growing by an alarming 17%. Why? Card Not Present transactions are far more susceptible to fraud than face-to-face transactions - and businesses taking CNP payments can no longer keep their heads in the sand. If their business takes these payments – it’s their responsibility, even if it’s very tricky to secure these channels.
Just scraping by a PCI DSS compliance audit does not equal security either. Compliance is a point in time, not a strategy.
Yes there are methods to reduce risks, such as 'clean rooms' or ‘pause and resume’ systems, but they don't eliminate risks. What's needed, is a way to remove unnecessary sensitive data from your business — so when criminals turn up, they’ll leave with nothing.
Some travel operators have found answers
During the telephone payment process, some holiday companies are now making it possible for their customers to use their telephone keypad to submit payment card numbers instead of having to read them out loud. And these advanced payment systems go even further.
They prevent real card numbers from ever appearing on agents' screens — or being deciphered from the audio sounds made when telephone keys are pressed. Instead, keypad sounds or DTMF (Dual Tone Multi Frequency) tones are masked by flattened tones. There are also ways of replacing customers’ card numbers by placeholder tokens. In short, there's nothing real to steal.
The delicate process of handling everyone's sensitive card data is managed completely by an outside, trusted payment partner. The moment that numbers are submitted by consumers, the data is jetted off to the payment provider — without ever touching the travel company's own systems.
Can consumers trust you absolutely?
Travel association logos on holiday websites are a fine thing. But maybe what's also needed is a badge that says 'CNP trustworthy' — so consumers can be certain their valuable card data will travel around in first-class safety?
During 2017, CNP security will become one of the biggest issues facing contact centres around the world. To discover more about how to protect businesses and customers, travel operators and any other companies that take telephone payments should read this essential guide CNP Crime in Contact Centres
Latest Blog Items
Tuesday, 13 August 2019 Is your PCI DSS strategy killing your agility?Contact centres must protect customer card data — but the wrong PCI DSS strategy can hold back your business. Sometimes, only a security rethink will give you the freedom to thrive.
Tuesday, 30 July 2019 PCI DSS - are you playing whack-a-mole and losing badly?Is your contact centre protecting customer card data with expensive sticking plasters? If so, then don't be surprised if fraudsters tear through. You'll need a radical rethink to stop criminals.
Thursday, 11 July 2019 Contact centre safe from fraud? Think againContact centre crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organisations need a new strategy, fast.