× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

Holiday fraud — could it happen to you?
Tuesday, 17 January 2017

Booked your summer holiday yet? February is one of the busiest months of the year for booking trips. But, despite making every effort to avoid getting scammed, some consumers could still end up falling victim to fraud — in a way they'd least expect.

Holiday fraud 900

Fake villa anyone?

The average cost of a holiday for a family of four ranges from £2,000-3,000 according to newspaper reports. So it's no wonder that criminals set up dodgy websites packed with fake luxury villas in an attempt to cash in.

The Association of British Travel Agents (ABTA) is so concerned for travellers, that it's running an advertising campaign called 'Travel with confidence’ throughout February 2017.

Consumers are being warned about fraudulent websites, online scams and travel companies that have no financial protection. "Be smart, always book with an ABTA Travel Company" — that's the underlying message. And there's much to applaud about the campaign.

Fraud happens with real companies too

Unfortunately, there's another danger that awareness campaigns can miss. Problems can also happen with real companies, selling real products. It occurs when the card data received from customers in Card Not Present (CNP) transactions slips into the wrong hands.

The scenario can work like this: A consumer calls up a reputable flight operator or package company, to book their holiday and speaks to a contact centre agent. The agent asks the customer for their card details to take payment, and the customer reads these details out loud over the phone – these are manually keyed in by the agent. The payment goes through, email confirmation arrives and the customer can relax and look forward to July.

Summer can't come soon enough, but trouble strikes

Imagine what would happen if the agent taking the customer’s booking scribbled down the customer’s card details to use later for themselves — or they sold the information to someone else? What if someone else was watching over the agent's shoulder and made note when the card numbers appeared on the screen?

Don't forget, the call was also probably recorded for training purposes - what if someone listened back to the call recordings to get the credit card details? And what if the travel company's systems were hacked or batch information sent via partner websites were intercepted — and thousands of your customers’ card numbers were stolen?

Criminals exploit the weak links

In the UK, CNP fraud across all sectors is currently costing £400 million per year and it's growing by an alarming 17%. Why? Card Not Present transactions are far more susceptible to fraud than face-to-face transactions - and businesses taking CNP payments can no longer keep their heads in the sand. If their business takes these payments – it’s their responsibility, even if it’s very tricky to secure these channels.

Just scraping by a PCI DSS compliance audit does not equal security either. Compliance is a point in time, not a strategy.

Yes there are methods to reduce risks, such as 'clean rooms' or ‘pause and resume’ systems, but they don't eliminate risks. What's needed, is a way to remove unnecessary sensitive data from your business — so when criminals turn up, they’ll leave with nothing.

Some travel operators have found answers

During the telephone payment process, some holiday companies are now making it possible for their customers to use their telephone keypad to submit payment card numbers instead of having to read them out loud. And these advanced payment systems go even further.

They prevent real card numbers from ever appearing on agents' screens — or being deciphered from the audio sounds made when telephone keys are pressed. Instead, keypad sounds or DTMF (Dual Tone Multi Frequency) tones are masked by flattened tones. There are also ways of replacing customers’ card numbers by placeholder tokens. In short, there's nothing real to steal.

The delicate process of handling everyone's sensitive card data is managed completely by an outside, trusted payment partner. The moment that numbers are submitted by consumers, the data is jetted off to the payment provider — without ever touching the travel company's own systems.

Can consumers trust you absolutely?

Travel association logos on holiday websites are a fine thing. But maybe what's also needed is a badge that says 'CNP trustworthy' — so consumers can be certain their valuable card data will travel around in first-class safety?

During 2017, CNP security will become one of the biggest issues facing contact centres around the world. To discover more about how to protect businesses and customers, travel operators and any other companies that take telephone payments should read this essential guide CNP Crime in Contact Centres

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out the critical next steps to ensuring security for your remote workers involving your people, processes and technology. #contactcentres #securepayments #eckoh bit.ly/2D7QLLx
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh had an excellent performance in the year, with double digit revenue and profit growth as well as record order levels for a second year running. #contactcentres #paymentsecurity bit.ly/30NSO0U
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out about the 5 lessons learned from COVID-19 for contact centre resilience. bit.ly/3cPDxz3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube