Since most travel agents accept and process credit card payments for their clients while paying for a holiday or tickets, it is easy for fraud to take place, thus they must adhere to the specific level of PCI compliance. The level is calculated by how many credit card transactions they process within each year.
Figures from ABTA (which stands for the Association of British Travel Agents) show that over £10 million is stolen each year by frauds that occur in the travel industry. Since the implementation of Chip and PIN methods of secure payment, fraudsters have changed their approach to stealing money causing a meteoric rise in the number of card/cardholder not present fraud, this is where the fraudster has acquired the card details and uses them to purchase items (or in this case holidays) using the stolen details without even having the card in his or her hands.
There are a number of different schemes that fraudsters will use to defraud travel agencies, such as cardholder not present fraud, tumbling and swapping where a brute force method of gaining credit card details is applied. Other techniques, can be cancellation fraud where fraudsters will book a holiday then cancel, agent fraud and cardholder present fraud which is essentially when a fraudster has either stolen a credit card and uses it to pay for the holiday, or they have managed to forge a credit card and use that as a replacement.
There are many ways to help reduce the risk of fraud within a company and here are just 4 that you can practice in your business to decrease the chance that you or any of your customers get defrauded.
1. Ensure that big-ticket bookings are flagged and reviewed by a fraud team: big ticket items are the most likely to be abused by fraudsters as they want to turn their stolen money into cash as quickly as possible so they will often opt for larger sums of money in order to reap the highest benefits.
2. Take note of the characteristics of big-ticket bookings: to help keep track of potential frauds, make sure that all big ticket sales have some of the customers details listed on a database, details such as name address and phone number, cardholder name address and phone number, email addresses, IP address of where the ticket was purchased and ISP details, and finally transaction times and amounts.
3. Pay extra attention to high risk bookings: such as if the passenger name isn’t the same as the name of the cardholder, if it is a first class or business class ticket, if it is an electronic ticket or if it wasn’t delivered to the correct billing address and finally, if the date of travel is less than 6 days after the date of purchase (holidays are usually planned a long time in advance, particularly where large costs are incurred).
4. Check the address on the card: using a software tool that allows you to keep track of the important details in each transaction will make it easier to see whether the payment is legitimate or not. When checking the address, for example, the Payment Service Provider will show whether the address entered is valid. However, it will not control that the address is linked to the credit card entered as this information is only available to the bank, not to the service provider. By using a CRM or travel ticketing system you can compare the address given in the payment against that stored in your database to provide a better understanding of the legitimacy of the credit card payment.