Jamie Biesiada is on leave. This insight originally appeared in the Home-based Agent eNewsletter June 25, 2018.
Fraud is, unfortunately, a common occurrence in the travel industry, and agents are not immune to fraudsters' attempts to access their — or their customers' — data. But taking certain steps can help lessen the chances of data theft, according to Shoeb Ansari, chief information officer at Travel Leaders Group.
Ansari spoke to agents about fraud prevention during the recent Travel Leaders Network EDGE conference at Caesars Palace in Las Vegas.
"We need to make it harder for criminals to steal money from you and your customers," he said.
Data theft can be the result of a number of different scenarios: equipment and property theft (like losing a laptop loaded with information), technical deficiencies and malicious hackers. But the biggest perpetuator of online fraud, causing over 60% of it, is human error, Ansari said.
In the agent world, that might come as a result of an agent exchanging payment information with a client via email, combined with a phishing attack from a hacker. Phishing, Ansari said, is sending unsuspecting parties "trick emails," opening a pathway for hackers to steal information from a computer if the recipient opens a link or attachment.
Some phishing attacks even link users to a false webpage, he said, prompting them to enter a username and password.
Common scenarios in travel often play out like this, Ansari said: A hacker intercepts an email exchange between an agent and client with payment information and has access to that data. Or, an agent asks a traveler to deposit money into a bank account, but a hacker intercepts the email and replaces the account number with one he controls.
"We are noticing this happen in our industry. We have to watch out for it," he said.
Luckily, the steps to avoid human error that causes fraud are simple, according to Ansari.
He encouraged agents to avoid clicking links or attachments in emails they aren't expecting or from senders they don't know. Even if you know the sender, Ansari said, if the email wasn't expected, call the sender first to make sure any links or attachments are legitimate.
Never click on a link asking you to log in, Ansari said. Banks rarely send emails with links to log-in pages, but hackers do.
Finally, don't download files, attachments or images from unknown websites or emails.
Ansari also offered several best practices.
First, he said, call customers to get payment and financial information. He also encouraged agents to use secure, third-party applications to gather payment information. Credit card information should be secured in encrypted databases only.
Business owners should protect their usernames and passwords. Sensitive information should never be left unattended, whether it's on paper or on a computer. Papers with credit card information should be shredded.
Ansari also encouraged agents to have a cybersecurity plan — detailing things like how long files and emails are kept before being destroyed — and train their employees to follow security best practices.
"The fight against hacking is not absolute," Ansari said. "You can never eliminate [fraud, but] you can put barriers on the way."