Travel fraud — could it happen to you?

Booked your summer vacation yet? February is one of the busiest months of the year for booking vacations. But, despite making every effort to avoid getting scammed, some consumers could still end up falling victim to fraud — in a way they'd least expect.

Fake villa anyone?
The average American family of four will spend $4,580 on vacation travel this summer according to newspapers. So it's no wonder that criminals set up fake websites packed with fake luxury villas in an attempt to cash in.

Consumers should be aware of fraudulent websites, online scams and travel companies that have no financial protection. "Be smart, always book with an ASTA Travel Company" — that's the underlying message from the industry.

Fraud happens with real companies too
Unfortunately, there's another danger that awareness campaigns can miss. Problems can also happen with real companies, selling real products. It occurs when the card data received from customers in Card Not Present (CNP) transactions slips into the wrong hands.

The scenario can work like this: you call up to book a Hotel room for your vacation. When it's time to make the payment, the call center agent asks for your card information which you read out over the phone — and these are keyed in by the agent. The payment goes through, email confirmation arrives and you can relax and look forward to your vacation.

Summer can't come soon enough, but trouble strikes
Imagine what would happen if the agent taking the customer’s booking copied down the customer’s card details to use later for themselves — or they sold the information to someone else? What if someone else was watching over the agent's shoulder and made a note or a snapshot when the card numbers appeared on the screen?

Don't forget, the call was also probably recorded for training purposes - what if someone listened back to the call recordings to get the credit card details? And what if the travel company's systems were hacked or batch information sent via partner websites were intercepted — and thousands of your customers’ card numbers were stolen?

Criminals exploit the weak links
In the US, CNP fraud across all sectors is currently running at 47% of all card fraud. Why? Card Not Present transactions are far more susceptible to fraud than face-to-face transactions - and businesses taking CNP payments can no longer ignore this. If their business takes these payments – it’s their responsibility, even if it’s very tricky to secure these channels.

Just scraping by a PCI DSS compliance audit does not equal security either. Compliance is a point in time, not a strategy.

Yes there are methods to reduce risks, such as 'clean rooms' or ‘pause and resume’ systems, but they don't eliminate risks. What's needed, is a way to remove unnecessary sensitive data from your business — so when criminals turn up, they’ll leave with nothing.

Some travel operators have found answers
During the telephone payment process, some travel companies are now making it possible for their customers to use their telephone keypad to submit payment card numbers instead of having to read them out loud. And these advanced payment systems go even further.

They prevent real card numbers from ever appearing on agents' screens — or being deciphered from the audio sounds made when telephone keys are pressed. Instead, keypad sounds or DTMF (Dual Tone Multi Frequency) tones are masked by flattened tones. There are also ways of replacing customers’ card numbers by placeholder tokens. In short, there's nothing real to steal.

The delicate process of handling everyone's sensitive card data is managed completely by an outside, trusted payment partner. The moment that numbers are submitted by consumers, the data is jetted off to the payment provider — without ever touching the travel company's own systems.

Can consumers trust you absolutely?
Travel association logos on holiday websites are a fine thing. But maybe what's also needed is a badge that says 'CNP trustworthy' — so consumers can be certain their valuable card data will travel around in first-class safety.

During 2017, CNP security will become one of the biggest issues facing contact centres around the world. To discover more about how to protect businesses and customers, travel operators and any other companies that take telephone payments should read this essential guide from Eckoh.

Loading Conversation

Posted by eckoh at 2:33 PM on Jan 17, 2017


Recent Posts

Healthcare identity theft and fraud is a fast-growing threat in the US, but some…

This year is the 40th anniversary of the classic 1978 sci-fi movie Invasion of…


While the US retail industry is reeling from what has been declared by some as…