How One Airline Stopped Ticketing Fraud

Large-scale scripted bot attacks, account takeover, and loyalty program fraud were costing one airline dearly — both financially and reputationally. Then they made a decision that would change everything.

There are few industries with a more acute understanding of the tensions between risk management and customer experience than the travel industry. It’s no overstatement to say that emotions run high when people are making travel plans, and the ticketing process can be a uniquely frustrating experience when it doesn’t go well. So travel sites of all stripes have a deeply vested interest in providing the most seamless experiences possible. Unfortunately, this often means exposing vulnerabilities that leave their businesses and platforms open to damaging fraud attacks. With technologically adept fraudsters now regularly unleashing vast armies of bots to do their illicit bidding, the travel industry is under unprecedented levels of attack pressure.

One of DataVisor’s clients is a leading airline in Asia with more than 160 routes globally. When we began our work with them, they were being challenged across a number of different threat vectors, including bot-scripted ticketing fraud, account takeovers, and loyalty program fraud. The negative impacts were serious, and included both financial and reputational damage.

Revenue loss and poor customer experiences were just two of the critical problems our client was experiencing as a result of scripted bot attacks. These bots were being used to purchase large numbers of tickets in bulk for subsequent resell or cancellation. By fraudulently claiming seats with no intention of using them, these bad actors were artificially manipulating prices and negatively impacting demand. Good customers were losing out on pricing and availability both.

Working on our client’s behalf, we were able to flag and block fraudulent purchases in real time, before any damage could occur. By removing fraudulently-held tickets, the client was able to avoid enormous financial loss.

Few attack types are as potentially dangerous as are account takeover attacks. Once a fraudster gains access to a legitimate user’s account, it is extremely difficult to spot their malicious activities, as, at surface level, the account behavior is likely to appear normal. A fraudster can gain access to an account, use a credit card on file to buy tickets, resell those tickets elsewhere, and make off with the money from the sale. From the airline’s perspective, this will seem like a perfectly normal ticket purchase, and at that point, the airline is not suffering any damage — they’re just making a sale. But once the user becomes aware of the attack, the airline pays will likely pay two prices — one from a lost sale, and one from a lost customer.

At the point we started working with our client, fraudsters were deploying a range of sophisticated techniques to compromise legitimate user accounts to redeem loyalty points on loyalty program marketplaces. This kind of attack has become increasingly common in our digital economy, as businesses seek new ways to both incentivize new users and retain existing ones. Failure to prevent fraud in these realms means businesses end up spending a great deal of budget and effort without reaching the legitimate customers who are their real targets. And when these promotions inadvertently serve to encourage fraudsters to permeate their platforms, the result can be what we described above — fake purchases, artificially manipulated demand and pricing, and poor customer experiences.

Bot-scripted attacks happen fast, and at massive scale. Legacy solutions — particularly those that rely on rules, labels, and supervised machine learning — are no match for the speed and scope of today’s automated threat attacks. Neither are solutions that address threats at the transaction level, or that look at user accounts individually. These approaches will not only be too late to prevent damage, they won’t be able to spot the coordination behind the attacks, and nor will they be able to effectively differentiate between legitimate and malicious users and actions.

The DataVisor approach involves taking a holistic view; assessing high volumes of raw data and using advanced graphing and clustering techniques to surface correlated patterns and connections that indicate coordinated activity. To expose where and how our client’s attackers were operating, our solutions analyzed web session logs, cross-account linkages, digital fingerprints, profile info, behaviors, and more, to surface even the most stealthy fraud patterns. We collected real-time intelligence from mobile apps and web browsers to uncover malicious activities, and generated accurate risk signals, device IDs, and device scores for enhanced fraud prevention.

Most importantly, our solutions delivered outstanding results without being hampered by a need for historical data or labels. Detection was early, proactive, and happened in real time. Today, no matter how complex or sophisticated the threat, and no matter how large or how fast the attack, our client has the ability to see attacks forming, and block them before they can launch. Not only do these actions prevent financial loss, they serve to ensure great experiences for loyal customers.

~

Related posts:

All things K-Beauty are my ultimate weakness as a skincare blogger. Whether it’s adorable packaging or mysterious snail goop, nothing brings a smile to my face like K-Beauty makeup. So I’m stoked…

With the possibility to publish any sort of information (true or false) in everyone’s hand, there come many consequences. As a public, we can easily bring awareness to many situations that could be…

Apparently we both decided to break our long silence at the same time. And as your letter arrived Tues. guess I’d better be for answering it. I can’t say that I’m exactly thrilled at the results of…