Loyalty programmes are a fantastic way to drive customer engagement, particularly in the travel industry. The irony is that loyalty schemes can also be reputationally risky and drive customers away from a brand if their account does not appear secure. Imagine a consumers reaction to finding out that a stranger was enjoying their hard-earned free hotel stays.
In recent years we’ve seen well known travel operators and hotel companies suffer data breaches that targeted awards programmes. These cases were widely reported and are likely to have dented consumer confidence in the brands and had a negative impact on commercial performance.
It’s estimated that by 2020, travel fraud is expected to cost travel intermediaries $25 billion a year worldwide ($21 billion in 2017) as the volume and sophistication of fraudsters is on the rise. Fraudsters will be aware of the opportunity that thousands of loyalty points, including air miles, held in accounts present for account takeovers. Estimates put global unredeemed points at 48 trillion, which equates to $160 billion in the US market alone.
Online security in the travel industry
In our experience, travel retailers are unlikely to have online security that is comparable to financial services organisations who set the benchmark in areas such as identity and verification. This means travel retailers are more vulnerable to activities such as Account takeover (ATO) fraud, where accounts are accessed and travel points transferred and spent. Instances of ATO fraud often go unnoticed as most consumers don’t check or use their accounts on a regular basis. Indeed, for successful ATO, a fraudster need only gain access to a customer’s online account via either information garnered from one of many data breaches over recent years (email login details perhaps) or the bolder ones will opt to call the contact centre to reset the account or amend details to transfer points.
According to TransUnion’s Managing Director of Fraud & ID, John Cannon, opportunistic fraudsters have become particularly interested in loyalty programmes: “In the hugely competitive travel sector, driving customer loyalty and frequency, without impacting customer experience, is paramount for our clients.
“Fraudsters know this and will take advantage of poor online security to rob from loyalty schemes – there’s been a noticeable uptick in attempted fraud, such as ATO, that we’re identifying and blocking for our clients.”
While discussing ATO fraud, it’s important not to forget the issue of promotional abuse. This occurs when a benefit is offered to new sign-ups. Companies we work with have seen and blocked individual fraudsters using bot technology to attempt to sign-up to offers and new customer benefits thousands of times.
Protect your brand and your customers
The good news is that there are some relatively simple measures that you can take to protect your brand and, most importantly, your customers.
- Know who (or what) is attempting to access your customers’ accounts
You ought to know the risk associated with every device that attempts to access your customer accounts from anywhere in the world. A device risk platform will tell you who (or what in the case of bots), is attempting to access your online customer accounts and the risk associated with each device. You should be able to define specific rules per risk profile at a granular level and the authentication process will need to be seamless, fast and invisible – you don’t want your customers to notice a difference at login or elsewhere in the journey. You should look for a partner who can automate this process and the associated decisioning for you.
- Customer communication and education is key
Your customers will no doubt hear this message very regularly, but it is important that they change their passwords periodically, and not just for your website, but for their email account too. Ensure you’re educating your customers on the importance of keeping their accounts safe.
- Are new customers, new customers?
Travel retailers continue to face challenges with establishing and building a single customer view. Maintaining this view across the many permutations of identity data (names and addresses) a person may present at sign-up is vital. One of the latest and most predictive ways to capture promotional fraud is to simultaneously assess the customer’s email and mobile phone data. Combining email and mobile phone data with a device risk platform, as covered in 1., offers an even greater level of coverage.
Loyalty and promotional abuse challenges in other sectors
Travel companies aren’t the only ones to be hit by loyalty and promotional abuse – there are consistent pain points across sectors. Those in the online gaming and food and beverage (coffee shop) sectors tell us that they are frequently targeted for ATO fraud such as the attempted theft of points or cash.
In gaming, despite the regulation-driven crack down on free spins and offers, many operators still attract new customers by advertising promotions. A leading European game tech company was manually checking new customer details to ensure that the same customer wasn’t signing up multiple times – this meant that honest customers were waiting minutes before being approved and fraudsters were slipping through the net; in many cases individuals were setting up dozens of new accounts to reap the rewards. The tech company implemented an automated device risk platform to recognise users’ devices instantly, and persistently, and can now uncover otherwise invisible connections.
How TransUnion works with the travel industry
The TransUnion Fraud & ID team works with leading travel retailers to stop account takeover fraud and promotional fraud through solutions such as device, email and mobile risk. The device risk platform, for example, covers over 6 billion devices globally and can rapidly detect and direct the customer journey accordingly, through a combination of machine learning and human interaction.
Contact us to find out more regarding TransUnion’s Fraud & ID solutions and how we can help you with your business challenges.