It is being feared that fraudsters are going to target “Covid-19 Passports”, as they contain valuable personal data for committing additional cyber fraud.
13th April, 2021
Account Takeovers (ATOs) have increased dramatically during the Covid-19 Pandemic according to data provided to the Loyalty Security Association (LSA) by its members. “Covid-19 Passports” are accounts, and like any other, electronic, account prone to being taken over due to the large amount of personal data that can be monetized by fraudsters.
Christopher Staab, President of the Loyalty Security Association says: “The pandemic didn’t allow fraudsters to hide transactions within the greatly reduced volume of travel sales. Fraudulent travel transactions currently stick out like a sore thumb. So, travel fraudsters have been taking over accounts and maturing them this past year, honing their Account Takeover skills. I fear fraudsters will now turn these improved skills towards taking over “Covid-19 Passports” in earnest, as they contain valuable personal data for committing additional cyber fraud.”
ATOs typically occur with one criminal group or actor taking over accounts – credit card, loyalty, health accounts, etc., which are then sold, particularly on Social Media sites and the Dark Web. Different criminal actors purchase these accounts, which they then use for both the account’s intended purpose, which is to provide proof of vaccination, though obviously not for the actual person attached to the account, in the case of “Covid-19 Passports,” or to commit further criminal activities.
It is common that people use the same usernames and passwords across multiple accounts, allowing cyber criminals to takeover additional accounts of the same account holder of the compromised one. Plus, the data within a compromised account may sometimes be used to open additional new accounts in the account holders name or even to create a “Synthetic ID” using the account holder’s personal details.
This is where “Covid-19 Passports” are particularly attractive to cyber criminals since health care data is extraordinarily rich with personal details. “Covid-19 Passports” are already for sale on the Dark Web, as reported by the BBC on 23rd March 2021.
“Covid-19 Passports” are attractive to fraudsters and already for sale on the Dark Web. With them being rolled out so quickly and with so many parties involved, including governments, additional data security concerns are likely to emerge. The massive fines, which can arise from running afoul of Data Privacy Laws, such as the European Union’s GDPR, can easily wipe out any additional revenues that travel businesses gain from implementing electronic “Covid-19 Passports.” I urge airlines and travel businesses considering implementing “Covid-19 Passports” to proceed with due diligence and with the utmost caution,” mentioned Staab.
About the Loyalty Security Association (LSA)
The Loyalty Security Association was founded in 2016, with a simple mission: to support the industry in its fight to reduce and eliminate Loyalty Fraud. Members consist of airlines, hotels, IT providers, financial services companies and others who operate loyalty programs from around the world.
Please join us for our Spring Conference 2021 (a virtual event), on Wednesday, April 21st and Thursday, April 22nd.
For more information, visit www.LoyaltySecurityAssociation.com
