This is part 2 in a three-part series.
Fraud’s the name, prevention is the game. In Part 1 of our series, we touched on the numerous “red flags” that should immediately trigger your suspicion when dealing with clients. Today, we’ll explore recent schemes and best practices for preventing fraud.
Recent fraud schemes
- Travel in and out of Africa, Bogota, Panama, Ecuador, Dominican Republic, and Dubai.
The above are current hot spots for travel-related fraud across the world. To protect our agents, for example, we disable the ability to book flights to or from Africa on their websites. That certainly doesn’t mean you should reject the next client looking for a safari. But you should always refer back to the red flags for safety’s sake.
- Friendly fraudsters. Clients who establish a warm rapport with you (the agent) and never quibble about price or ask for four-star treatment, but then issue a chargeback as soon as travel is complete.
- GDS login credentials. As we mentioned in our last installment, a common scheme involves fraudsters e-mailing you for additional information regarding your GDS. Their email will contain a link (that you should never, ever click!) to a phony login page or a questionnaire. You enter your GDS credentials, thinking you’re logging into your GDS or updating information—but instead they’ve snagged your credentials and can book products without your knowledge or consent.
- Social engineering call. In this scheme, a caller claiming to represent ARC (Airlines Reporting Corporation) or your GDS asks for your GDS or agency credentials.
- Phony advance reservation. Recently, clever fraudsters have booked a week or two in advance of travel (making their reservation less suspicious). Yet as soon as they receive the confirmation email, they call the airline directly and change the departure date to the next day or within a few days—and then they can check in for the flight. (If it’s international, they can do this if their flight is within two days). Once these kinds of changes are made, they can be very difficult to cancel. Some airlines will help and some will not, so be on your guard.
- Holiday travel scheme. Fraudulent bookings often spike during the holidays. With Memorial Day around the corner and the summer holidays beyond that, be sure to carefully monitor your online bookings and keep a close eye on red flags to avoid entrapment.
Though fraudsters frequently change their tactics to avoid detection, popular schemes have lasting shelf lives. Keep up with the latest schemes by signing up for ARC’s fraud alerts here.
Fraud prevention best practices for your business
Maybe you’ve been there—glancing over your banking statement only to realize someone has been swipe-happy somewhere with your card. Fraud affects us all, but a little well-incorporated paranoia can prevent you from becoming a victim.
- Never, never, never click on links or open attachments in an e-mail. When in doubt, hover your cursor over a link without clicking. This will reveal a pop-up with the real website address associated with the link. Here, try hovering over this link: GDS Login. This seems like common sense, and it is—but you’d be shocked to know how much fraud results from careless clicking.
- Use malware, spyware and/or a firewall on your computer to prevent viruses from stealing information.
- Regularly update your computer’s operating system to keep security tight.
- Use complex passwords to access your GDS account and change then every three months.
- Never store client credit card or passport information directly on your computer. Use a secure CRM option that will encrypt client information.
Best practices when dealing with a client
Dig into who your clients really are. Ask where they learned about you, and how they found your name, e-mail, or website. Don’t be afraid to ask if they’re local to the area and how long they’ve lived here. If something doesn’t feel right, politely decline their business; it’s as easy as saying, “I don’t believe I’m the best fit for your needs.”
- Never skip your full qualifying process, even if you’re dazzled by a potentially fat commission check. Go through the paces each time, every time.
- Always have a client fill out and submit a written credit-card authorization form that clearly outlines the amount to be charged. Do not rely on approval via texts or phone calls.
- Always get copies of the front and back of a client’s credit card and photo ID.
- Always check cards for signs of counterfeit (see below!).
- If you use a GDS, monitor your bookings for suspicious activity every day. If you have a website, do the same with anything booked on your site.
- Do not book any flights departing within seven days or costing more than $1,000 without interviewing the client in depth.
- Immediately void or cancel any suspicious bookings. If you do not have the ability to do this yourself, contact your host agency (if you have one) to handle it for you.
Identifying phony credit cards or personal identification
By now, you’re probably picking up on a theme: the best way to combat fraud victimization is knowledge. It befits any travel professional to know the basics of how to spot fake credit cards or photo IDs. It’s not always easy, but it’s worth the extra trouble (trust us). Here are a few tips:
- Check the BIN Nnumber: Verify that the credit card BIN number (the first six digits of any credit card number) is associated with the correct country and issuer. For example, if a client resides in the United States, the credit card number should not be Canadian. A good resource to check BIN numbers is www.Binlist.net; it will tell you the bank issuer, country, card type (debit/credit), and brand (Visa, MasterCard, etc.) of the card in question.
- Check the raised print: Verify that the raised, printed name on the front of the card corresponds to the name on back of the card. For example, “John Smith” in raised print on the front should not read “Mike Jones” (Or rather, senoJ ekiM) on the back.
- Check for oddities: Make sure photo IDs and copies of credit cards have no visible discrepancies, such as oddly cropped photos or suspicious watermarks. ARC recommends that you enlarge the front and back of any copies you receive and search the small print for awkward phrasing, misspelled words, etc.
- Check the signature box: Make sure the printed name on the front of the card matches the signature on either the front/back of card. ARC also recommends that you not accept unsigned cards or cards that contain erasures (white blotches) in the signature lines.
Need more tools? Here are some suggestions from ARC:
IDcheckingguide.com – compare copies of driver’s licenses to current and past licenses issued by each state
Whitepages.com – reverse phone directory
Googlemaps.com – check out addresses to see if someone’s home address is really a vacant lot, strip mall, etc.
Emailage.com (arccorp.com) to see when an email address was established
Contact ARC’s fraud prevention team at firstname.lastname@example.org or (703) 816-8127 to talk to a fraud prevention analyst
Feeling better equipped? Good! Don’t be intimidated by all these checkpoints. The more vigilant you are in following these steps prior to charging a client’s card, the easier this will become. Stay tuned for our third and final installment in our fraud prevention series: what to do when fraud hits home.