The growth of ecommerce has had an enormous impact on most industries, but perhaps none more than travel.And one of the by-products of this has been the rise of card not present (CNP) fraud – criminals stealing credit card information and using it to book flights and hotel rooms.
Fraud is present in most online verticals, and travel is particularly exposed: razor-thin margins mean every chargebacked order is a huge revenue setback, especially when so much is invested to bring in customers to begin with.
Selling digital goods makes airlines and OTAs particularly vulnerable to fraudsters, who get the stolen reservation – for a seat or room – delivered instantly to a makeshift email address.
The ramifications of fraud on travel merchants
The most obvious hit merchants take from ecommerce fraud is on the bottom line. Chargeback rates in the industry are relatively high, and no business wants to pay out-of-pocket to fly a fraudster. But in a commodity-based market, lost customers are also a major issue.
A long review process that adds friction to the purchase process can send your customers directly to the competition. Identity verification can also be cumbersome, and it’s all the more frustrating when it involves looking up an old code, or sending a photo of your credit card. Newer verification methods such as text messages can also leave a bad taste, especially for travellers on the go, who aren’t connected to their local phone network.
And then there’s the more difficult-to-measure losses due to false declines. The impact of this phenomenon is far from trivial: a Business Insider report from 2016 found that US merchants lost more than $8.6 billion to false declines, $2 billion more than the actual fraud that these safeguards were created to prevent. Indeed, Riskified is typically able to approve 20-40% of orders that travel merchants planned to decline.
Merchants also incur significant internal costs trying to prevent fraud. The total cost of ownership of fraud management can put a dent in revenues. Training and maintaining an in-house manual review team is costly. Even when merchants progress to automated ecommerce fraud solutions, system maintenance, data enrichment tools, and IT resources (maintaining rules and training models) are all costs that need to be accounted for.
Why fraud in travel is so hard to manage
Fraud management is always difficult, but the travel industry faces unique and particularly tough challenges.
Many products in this vertical such as tickets and hotel reservations are sold in digital form. Orders for these goods are far more difficult to vet for fraud because there are fewer standard data points to review (i.e. there’s no physical shipping address, because the goods are “delivered” via email).
Furthermore, many fraud prevention systems rely on spotting mismatches – incongruent data points within an order such as a billing address in a different country than the IP address where the order was placed. But in the travel industry these sort of mismatches are common even in legitimate orders: shoppers book hotels and flights on the go, resulting in unusual IP data. Recipient and billing name mismatches are also frequent in corporate travel, where one person purchases on behalf of someone else.
Tips for combating fraud and overcoming false declines
So how can travel merchants reduce fraud-related losses? Here are three good steps to start with:
- Track your data to isolate your risk
It’s common for shoppers to book reservations while traveling, meaning it’s unwise to put too much stock in their IP location. Fortunately, most OTAs and airlines collect a wealth of other very relevant geographic information: namely the origin and destination of the flight. This can reveal a lot. According to Riskified research, flights departing from Denmark are extremely safe – while Indonesia is among the riskiest flight destinations. Even just knowing whether the flight is domestic vs. international is valuable, as international flights are (surprisingly) far safer.
- Take advantage of your travel-specific data points.
Besides geographic data, travel merchants often have access to very rich information about an order, including passenger date of birth, ticket type (round trip vs. one way), number of passengers on the itinerary, and how long before the trip the purchase was made. A suitably configured review system that can note fraud patterns among these variables and incorporate this into decisions is sure to be far more effective than one that would otherwise ignore this data. This data can be used not only to find fraud (for example, there’s a correlation between age and risk), but also to help approve good orders faster, for a better shopping journey.
A lot of travellers use their mobile devices to book hotels and air tickets on the go. To avoid falsely declining these orders, it’s critical to understand that fraud patterns for mobile orders are often quite different than those placed on desktop. For instance: in desktop orders, a quick browsing session preceding checkout can be a red flag, since legit desktop shoppers like to browse. But mobile shoppers are often more rushed, and a quick checkout shouldn’t raise any eyebrows.
Have a safe and lucrative 2018!