Fraudsters are relentless, but implementing best practices is one of the best things agents can do to ensure they don't fall victim to phishing and other fraud attempts.Last week
, I presented some real-life examples of fraud as discussed during a panel at September's ASTA Global Convention in San Diego.
This week, the topics are in-house fraud and credit cards chargeback issues, based on the panel, "Fraud Prevention & Solutions: Learning from Each Other's Pain."
One scenario was perpetrated by an independent contractor (IC) in 2008 at Montecito Village Travel, a host agency and Virtuoso member based in Santa Barbara, Calif.
Panel moderator Robin Sanchez, COO of Montecito, said that the IC in question was running airline tickets for clients through his merchant account, and purchasing tickets in the GDS with his company credit card. He was marking up the tickets and didn't want his clients to see. But he didn't have the money to pay his credit card.
"He denied the charges, and then of course we got the chargebacks, and this was to the tune of $50,000," Sanchez said.
Safeguards were put in place. Montecito now checks if a credit card is being used a lot on a regular basis, something that helps protect the company from similar issues in the future.
Sanchez said other chargeback scenarios included cases where airline tickets are purchased on a client's credit card, and then they deny the charges.
Unfortunately, this scenario is more difficult for agents to protect themselves from.
Sanchez said the ARC rule for an agency to protect itself against chargebacks, a client must come into their physical office where they can make a copy of the credit card, see a photo ID with a matching name, and verify the address - something outdated in today's economy when so much travel is transacted online or on the phone.
"This is definitely a challenge," said Jennifer Watkins, director of payments at ARC. Agents aren't alone in having issues like that, she said, naming airlines, and even companies like Ticketmaster that face similar problems. "The bottom line is, the infrastructure to absolutely protect yourselves doesn't exist, for anyone really."
There are services like 3D-Secure available to help companies protect themselves against fraud, but it often adds a layer of complexity to card acceptance online.
The bottom line, Watkins said, is to know your customer.
"If you know your customer, that's the best way you're going to protect yourself," she said. "But you want to grow you business, so there's managing between knowing every person that you accept a transaction through, and just accepting a transaction from anyone."
While there's no black-and-white way to draw that line, Watkins recommended agents go with their gut. If the transaction is outside of what they would normally sell, question it.
"That's your No. 1 line of defense," she said, encouraging agency owners to get their ICs thinking the same way.
ARC is currently working on a best practices guide for risk management and managing chargebacks, and currently has a best practices resources page
for general fraud prevention.
As for preventing -in-house fraud, Sanchez suggested vetting all prospective employees or ICs.
She requires background checks and credit checks, and charges each IC $125 to cover them: it only costs Montecito about $40-50 per check, but ensures the potential IC has some "meat in the game." They then get that money back when they have earned $2,500 in commissions.
It's a simple thing to do to help protect an agency against in-house fraud, said Peter Lobasso, general counsel for ASTA. It's an expense worth considering.
Legally, an agency owner or manager first has to get an applicant's consent to getting a background check, then contract with a consumer reporting agency that compiles data for the check. Consent is necessary, he said, as is a bona fide business necessity for running the check (in the example of hiring an agent or IC, he said, trusting that person with a client's personal information like social security numbers and credit card information is usually enough).