Understanding fraud and security in the travel industry
The dawn of the internet has seen many industries grow at a rapid rate, with travel being no exception. Digital travel sales were predicted to grow 15.4% between 2014 and 2020, bringing a projected US$564.87bn in global sales. Indeed, according to Phocuswright, in 2019 more than half of all European bookings were made online - a first - and that market is anticipated to grow 4-5% in the coming years, driven predominantly by mobile.
As the industry has grown, so too have potential threats. The internet has facilitated global reach on an unprecedented scale, but increased accessibility for consumers also brings increased accessibility for criminals. In May last year, IBM reported that since January 2018 there had been 566 million records from the travel and transportation industry leaked or compromised in publically reported breaches.
Travellers are increasingly cautious. A recent survey by Booking.com found that the risk of personal details being stolen was among the top three concerns for global travellers when booking online. Hospitality professionals share concerns around trust, with the introduction of new technologies bringing a challenging dynamic between the opportunity and apprehension around security.
Getting ahead of the risks
Being prepared for potential threats and knowing how to tackle associated issues is of critical importance. Security and fraud operations are an integral part of Booking.com’s business, particularly when it comes to protecting our partners and their guests. Travel is a complex and fragmented industry between accommodation providers, OTAs and service providers, and from keeping passport and credit card details safe to security over wifi connections - there are risks in many areas that impact operators of all sizes.
Our security and fraud teams manage the risks that Booking.com faces as an organisation, meaning that all areas are assessed and prioritised using industry standards. Our approach has three pillars: prevention, detection and response. The security and privacy of partner and customer data is something we take extremely seriously. The protection of such data was put front and centre in our business long before the likes of GDPR, and that will not change irrespective of further regulation. All of our efforts are executed by multiple specialist security and fraud teams focusing on the operations. The dedicated security teams are also supported by round-the-clock customer service agents, who are trained in dealing with security and fraud escalations.
At the same time, we are constantly innovating across all pillars, working closely with the business to make sure that support is being delivered to the partner in the right way. Booking.com attracts security and fraud talent from across the globe to be part of the team. Everyone has a critical mindset, thinking two steps ahead in terms of what could go wrong and then working on the right solutions with that in mind. That responsibility is shared across the entire organisation and we develop solutions for partners that are secure by design.
We operate in an environment that changes rapidly and the teams within security and fraud are robustly equipped to deal with that. While we might be focusing on a longer-term strategy to create more visibility around a certain topic, the team is primed to pivot and make sure that we deal with any immediate threat at the same time. It's a very challenging concept, to anticipate and prepare for the next thing you might have to tackle, but it’s key to what we do.
Understanding the landscape
We do see certain trends in fraud and, with the use of artificial intelligence, we try to respond to these more and more quickly. For example, we are actively working on increasing the quality of reservations so the impact on a partner’s availability is reduced. We innovate a lot in that area and have dedicated teams from both an operations and a product perspective.
Different trends dominate in different markets. There can be instances of supply fraud in destinations that typically see large numbers of visitors as criminals look to capitalise on this demand or spikes around major cultural and sporting events. In some markets, phishing might be the most common threat, while in others, typical purchasing habits may be the trigger. We always look to stay ahead of both global and regional trends, anticipating the risks before anything escalates.
Awareness in the sector can be a double-edged sword; while new knowledge or global regulation helps build defences, often that attention can also put the topic higher on the agenda for fraud. We have observed that as soon as you put something in place to stop a certain type of breach, fraudsters and attackers also innovate to find new ways of doing things. Often these are very well-funded organisations with means, and the increased exposure that media coverage, for example, can bring is not always helpful. Hackers read the news too. As the organisation has matured this has naturally brought more interest from fraudsters, so we place huge importance on diversifying our security operations accordingly to make sure we have all the right strategies in place - however our operations or the industry may evolve.
- In 2019 more than half of all European bookings were made online and that market is anticipated to grow 4-5% in the coming years
- A survey by Booking.com found the risk of personal details being stolen was among the top three concerns for global travellers when booking online
- Booking.com security and fraud teams assess and prioritise risks using industry standards, with a three-pillar approach: prevention, detection and response
- Security and fraud talent from around the globe work on developing solutions for partners that are secure by design, whether foundational or innovation-based
- Dedicated security teams are supported by customer service agents who are trained in dealing with security and fraud escalations