20th September 2024
Airlines and other travel companies are particularly vulnerable to account takeover fraud. Digital assets like loyalty points or miles represent a valuable target for attackers. Given the significant value of frequent flyer programs (FFPs), such as Delta’s SkyMiles (valued at $27.8 billion) and Marriott Bonvoy’s 160 million members, it’s clear why these programs are attractive to fraudsters.
“The points piggy bank is growing, with more points being accumulated and redeemed,” stated Jesse Martin-Alexander from Kasada during a recent LSA webinar. He emphasised that fraud detection is more challenging than ever.
Martin-Alexander highlighted the difficulties of addressing loyalty fraud, citing factors like the lack of insurance coverage, chargebacks, or other protections. Additionally, he pointed to password reuse and low adoption of multi-factor authentication (MFA/2FA) as contributing factors.
He further explained how organised crime syndicates exploit accounts, loyalty points, and rewards for financial gain.
Protection
Martin-Alexander emphasised that travel merchants must proactively monitor for early warning signs of credential stuffing and account takeovers. One effective approach is to analyse the sale of compromised flyer accounts on criminal marketplaces, examining how they are being sold and monetised. Additionally, comparing your organization’s performance to industry benchmarks can provide valuable insights. For example, evaluating a large US airline’s compromised customer accounts against the industry average can reveal areas for improvement.
“Staying updated on emerging trends and tools targeting airlines is crucial,” recommended Martin-Alexander. Monitoring cybercrime forums can provide valuable intelligence on the latest threats.
Another critical aspect is assessing internal processes. “Poor visibility often leads to slow responses,” Martin-Alexander warned. “Signals of a successful account takeover attack may be siloed in disparate systems and teams, such as security, support, and fraud. This can hinder a comprehensive understanding of the attack’s impact.” Breaking down these silos is essential for effective fraud prevention.
Martin-Alexander also highlighted the dynamic nature of fraud, emphasizing that the ecosystem is streamlined to monetize compromised accounts within hours of an attack.
By Ritesh Gupta, Ai Events
