As criminals find increasingly sophisticated ways to commit fraud, here’s a look at how travel agents can adjust their own strategies to detect and prevent fraud.
Fraud is a serious threat in every sector of the business world, and the travel industry is no exception. Travel agencies, in fact, can be especially susceptible, since they may lack a dedicated staff of technology experts with in-depth knowledge about the best ways to avoid falling prey to unscrupulous parties. But with the right approach, travel organizations can avoid the perils of fraudulent activity, and also learn to deal with scam artists when they strike.
The first thing to know, according to Shoeb Ansari, chief information officer at Travel Leaders Group, is that no one is immune to fraud. “We all think it’s never going to happen to us, that we are not going to be fooled by fraudsters or phishing scams, but even IT people can get taken in by a phishing scam that appears to be a legitimate email,” he says. “The scam is not always obvious.”
Indeed, criminals have found increasingly sophisticated ways to dupe even the most experienced travel agent. Stolen credit cards and card numbers, as well as manipulated driver’s licenses and passports, are easily accessible tools for scammers, giving them the ability to book flights for their own use or to sell to others. “By the time the innocent card holder disputes the fraud charge, the ticket was already flown, and the agent is liable for the ticket cost and penalties,” says Ansari. “This can result in costs of hundreds of thousands of dollars.”
The ease with which criminals can make fraudulent charges makes it imperative that travel agencies stay on top of evolving technology and how it’s used. “Phishing emails and online booking portals have affected the way criminals attempt their fraud,” Ansari gives as a prime example. “Phishing emails are a low-effort, high-reward attack vector for cyber thieves. Almost everyone will fall for a phishing scam eventually, and once they do, the cyber thieves are able to sit and wait, monitoring agent’s emails for the best opportunity to get in the middle of a travel transaction.”
Scammers are drawn to some types of businesses in particular, according to Ansari. “Online booking portals, especially those with lax fraud detection/prevention mechanisms, are great targets for thieves,” he says, “as smaller travel companies with inadequate resources tend to be slow to detect and slow to react to fraud.”
Even the supposed reliability of caller ID is now diminished, thanks to technology like Voice over Internet Protocol (VoIP), which can make phone calls appear to come from the same area code as the travel agency that’s answering the call.
With all these areas of potential vulnerability, what’s an agency to do to protect itself?
Prevention and Detection
Regardless of a business’s size, a cybersecurity plan is crucial for detecting and preventing fraudulent activity. This is especially important as agencies continue to deal with ever increasing points of data and constantly evolving forms of technology.
Ansari recommends several steps to make it harder for scammers. “Travel agents and agency owners should invest in end-user training, multi-factor authentication, secure internet gateways, network intrusion prevention systems, expanded information security staff, fraud detection and fraud prevention processes,” he says.
Agency owners and managers should also be diligent about educating their staff, according to Ansari. “Have regular training sessions, send out fraud alerts when someone on your team gets a phishing email and be sure that supervisors are reminding agents to double check with someone if a transaction looks suspicious,” he says.
Managers and owners can also foster a secure work environment by using reference checks and background checks on potential new hires, as well as cyber liability insurance, which can protect agencies from costs related to the liability of a claim.
Red Flag Clients
Travel agents can further prevent scams by honing their ability to identify clients that may pose a risk to the company. There are several telltale signs to watch out for.
“It might start with a first call to establish trust, a simple booking for a few months in the future,” Ansari says. “The next call will be for an urgent request, after hours or just before a holiday weekend. Often the request will be for an international premier booking for next day. The caller might present himself as an authority figure—a doctor, minister or other.”
The “urgent” nature of the booking may be related to any of a variety of occurrences, such as the death of a family member, an accident or medical emergency. The story is often vividly detailed to make it more believable.
Ansari warns to watch out for potential clients who seem to “know too much.” He explains: “The caller might seem too familiar with the inner workings of the industry and terminology—perhaps using airport codes rather than city names, or showing insider-type knowledge about the travel agency.”
Another red flag, according to Ansari: “The phone number where they are calling from might be from a Google, Skype or magicJack number.”
Written communication from scammers might also have certain characteristics that warrant close inspection. “The email might look very similar to a corporate client name, but will be from a free domain—Hotmail, Gmail or other,” Ansari says.
Any of these elements should draw the attention of a vigilant travel agent—and they should make him or her think twice before taking a next step.
“If an agent suspects they are dealing with a fraud attempt, they should not click on links or attachments in emails they did not expect,” Ansari recommends. “And they should never enter a password on any website by clicking a link in an email, unless they requested it.”
A bit of investigative work can also go a long way toward feeling secure about a client, according to Ansari. “Independently try to verify the identity of the person,” he advises. “Google their information, phone number or domain and try to confirm if their request is legit and valid.”
Since common forms of identification like driver’s licenses and passports may be manipulated or falsified, agents should inspect them for errors, such as overlapping text, strange misspellings or altered graphics. Ansari points out that an attentive eye can pick up a lot in a small document.
The mode of communication is also important. “Call the customer to exchange financial information,” Ansari says. “Or use encrypted data forms or approved applications to gather payment data from customers. And only store credit card information in approved, secure and encrypted databases. Do not use email to exchange this sensitive financial information.”
Often, an agent’s own instincts and gut feelings are the most valuable method of determining the legitimacy of a client. If something doesn’t seem right, it probably isn’t. Agents should also keep higher-ups apprised of any questionable situations, according to Ansari, so that managers can review the information with a fresh, experienced eye.
“Reach out to a manager or senior staff to evaluate the booking request and documents,” he says. “If it doesn’t feel right, pass on the booking and advise senior staff.”
After the Fact
Even with the best policies and strategies in place, travel agents may still find themselves falling victim at some point to a scam artist. That’s why a comprehensive cybersecurity plan is important—to not only prevent fraud but also minimize its negative effects in the event that it does occur.
Ansari recommends agents take several steps to minimize damage and resolve the situation, including:
• Advise senior management
• Audit charges on comprised card(s)
• Document the PNR in internal and public fields
• Void/refund, if possible
• Advise airlines, so they can document it on their end and change the ticket status to refund
• Advise the card company so they can alert the card holder
• If the transaction was booked in the GDS, inform the GDS provider as well
In addition, Ansari recommends keeping a list of contacts that can help fight fraudulent activity. Among the organizations that should be on that list: the Airlines Reporting Corporation (ARC), which works with law enforcement to identify and prosecute scammers. “ARC is a trusted source of fraud prevention education and investigative support to the travel industry,” Ansari says. “Our team of fraud analysts works in partnership with travel agents, airlines, law enforcement and global distribution systems to minimize financial losses, ensuring the U.S. travel agency channel remains a safe and secure point of commercial exchange.”
Ansari says it’s also important to report fraudulent activity to local law enforcement officials. “Report the crime to the police immediately,” he advises. “Then provide a copy of your police report or case number to your credit card company, bank or insurance company.”
Agencies can also file a complaint with the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
Even the United States Secret Service plays an important role in combatting fraud, according to Ansari. “In the early 1990s, the Secret Service's investigative mission expanded to include concurrent jurisdiction with the United States Department of Justice regarding Financial Institution Fraud,” he explains. “Also during this time, the Internet and use of personal computers became commonplace and expanded worldwide.”
“The combination of the information revolution and the effects of globalization caused the investigative mission of the Secret Service to expand dramatically. As a result, the Secret Service has evolved into an agency that is recognized worldwide for its investigative expertise and for its aggressive and innovative approach to the detection, investigation and prevention of financial crimes.”
Scammers have lots of tools and techniques to get what they want. But, with a well-devised strategy and security policy, so do travel agents.