Fraudulent online travel bookings have hit $1.3 billion a year, and more than 50% of that fraud occurs through phony companies that appear to be real travel agents.
Online security company Forter cautions that travelers should think twice before booking a flight on an unfamiliar site. Fraudulent online travel agents have gotten better at making their websites and operations look like they have scale and local knowledge.
Fraudsters prey on consumers, especially those who have their guard down because they are trying to book at the last minute, Forter said. Consumers are especially at risk with big-ticket items like vacation packages, which combine air and hotel.
“Stick with the retailers you know,” Forter advises. “A website with a deal too good to be true, probably is.” The company also suggests that travelers “check the history of the travel site you’re using: Ensure that you’re not buying from a fly-by-night retailer by checking on the website’s history and traffic.”
Consumers booking through a live travel agent with whom they have worked with in the past know that their reservations and credit card information are safe.
The statistics and warnings come from a report Forter recently published with the Merchant Risk Council. Forter CEO and co-founder Michael Reitblat noted that it is very easy for fraudsters to buy a travel package and then resell it online, effectively setting themselves up as a “fake travel agent.”
Fraud hits agents hard
Travel agents need to be careful as well, as more fraud is being booked through big and small travel agents by the same fraudsters, after they have captured critical credit card information from unsuspecting consumers. (See TMR’s story “Travel Agency Loses 420,000 To Fraud” for a first-person account.)
“We’re trying to make consumers more aware about buying online, and for agents, not everyone with a credit card has good intentions,” said Reitblat. “Fraud needs two parts. You need to steal a flight ticket or reservation, with a stolen credit card, and then sell it to someone else. So you have two different aspects.”
Agents need to be very careful about when they accept payments, Reitblat emphasized. And "if you are the unsuspecting consumer, and you see a good deal that requires a credit card to pay for it, you might be getting something that was previously stolen.”
Forter and other similar companies use sophisticated software to try to identify fraud based on common markers, and then approve transactions real time so that consumers don’t grow frustrated with wait times and book elsewhere, costing agents business.
“We may appear like a fraud prevention company, but we are actually a revenue generation company because we take away the ‘friction.’ When you purchase on Amazon, you are used to clicking on your cart, paying for it. Travel needs to have the same kind of lack of friction,” Reitblat said.
PhocusWright estimates that about 7% of travel agency bookings are flagged for possible fraud and manually reviewed by an employee, creating productivity issues. The most common methods used to validate a credit card are verifying the card number and address.
“Manually reviewing transactions causes delays for good customers and is often not enough for these complex cases. Fraudulent agents often use the details of legitimate individuals making legitimate purchases. Those legitimate people don’t know the ‘agent’ is using stolen details. This kind of fraud is very hard for a manual reviewer to spot,” Forter said in its report. “Moreover, they have to work with particularly challenging norms: travelers are globally diverse, frequently in situations where billing, shipping (if any) and IP addresses will not match, and often want tickets for flights taking place in the near future.”
When a reservation is made on a fraudulent card, agencies experience chargebacks from their credit card providers that typically end up hitting the bottom line. According to PhocusWright data, agencies with more than $10 million in gross sales challenge 21.4% of chargebacks, but win a reversal only 14% of the time.