Fraud Prevention

Protecting Online Travel Platforms from Automated Attacks

October 9, 20194 min Read

A long-term remediation approach—rooted in prevention—is needed to prevent attackers from abusing online travel platforms, disrupting services, and causing financial losses to travel businesses

Travel industry is one of the early adopters of technology and leverages it to offer innovative services to their customers. eCommerce platforms—specific to travel-related services—are making it more convenient for travelers to find and book cheap air travel, hotels, and car rentals regardless of their physical location or choice of device. Multiple digital payment options—credit cards, eWallets, online banking, and so forth—are enabling customers to pay using an option most convenient for them. Travel service providers are also leveraging technology to build stronger customer relationships with their global customer base. However, along with this transition to digital, travel industry has also attracted wide-spread fraud and online abuse.

Fraud in Travel is Causing Colossal Losses

Fraud in the travel industry is on an upswing with fraudsters using sophisticated tools and techniques for account takeover, new fraudulent account creation, payment fraud, scraping, spamming, denial of service, and disrupting the customer experience in general.

According to the latest Arkose Labs Q3 Fraud and Abuse Report, payment transactions in the travel industry are at a 10-fold risk of attacks, especially from automated bots looking to block the inventory, leading to denial of inventory attacks or a significant increase in ticket price. Of all the payment transactions in the travel industry, nearly half (46%) are fraudulent while almost 10% of all login attempts are fraudulent. With statistics as disturbing as these, travel service providers are losing millions of dollars to fraud every year.

Multiple Methods of Abuse

A case in point is a low-cost carrier that introduced an online ticket booking platform so its customers could conveniently search and book cheap, last-minute air tickets. But this convenience soon became a headache for the carrier, as attackers began abusing the platform to disrupt the services and cause revenue losses to the carrier.

Fraudsters scripted automated bot attacks to disrupt seat inventory and create an artificial scarcity of low-cost ticketing options. The bots would automatically select multiple, low-cost air tickets and hoard them without actual check-out. The payments would be redirected to an off-site payment choice. Thousands of tickets placed on hold meant genuine customers could not access them and were forced to purchase air tickets from the carrier's competitors at a higher price. All these activities resulted in low ticket sales, plunging revenues for the carrier, and disruption to overall customer experience.

Attacks are Becoming Sophisticated

On investigation, Arkose Labs found that the attacks were complex and sophisticated. Although the booking requests seemed originating from unique users, they were actually made by a headless browser that could execute JavaScript like a human. It masked the fraudster identity by providing dynamic client and network fingerprints that made device and IP identification difficult. The existing bot mitigation solution was sub-par and inadequate to fight the complex attacks that the carrier was dealing with.

The Arkose Labs Solution

Arkose Labs deployed a bespoke solution for the carrier which helped stop these automated attacks within a short span of time and restored online booking service to function normally. Arkose Labs Fraud and Defense Platform helped break the financial viability of the attacks, which forced the attackers to stop. Leveraging continuous intelligence powered by its Telemetry, the Arkose Labs platform used Enforcement Challenges to deliver targeted friction for suspicious users, while allowing genuine users to sail through.

Effective monitoring ensured that fraudsters were stopped right at the entry gates and therefore, could no longer disrupt the seat inventory or other services. Customers could access all of the available ticketing options while the carrier registered an increase in actual ticket sales and revenues.

Need For a Long-term Approach to Fight Fraud

The Arkose Labs multi-tiered, long-term approach helps global travel service providers efficiently fight fraud and online abuse. This approach is rooted in preventing fraud by striking at the root—the financial viability. By forcing the attackers to spend additional time and resources to clear the challenges at scale, Arkose Labs makes the attacks progressively less attractive economically, and ultimately stops them.

In addition, data from user sessions is used to improve future predictions, which provides travel services providers with an ability to adapt to the rapidly evolving attack techniques and deploy appropriate and timely countermeasures. This helps them prevent ATO, streamline new account origination, eliminate payment fraud, protect against fake reviews, scraping, and numerous other complex fraud types while ensuring seamless customer experience for genuine users.

To learn how Arkose Labs Fraud and Defense Platform leverages continuous intelligence to fight fraud and online abuse, schedule a demo now.

To get your copy of the Arkose Labs Q3 Fraud and Abuse Report, click here.