Fighting Fraud in the Airline & Travel Industry Requires Stronger Authentication

Fighting Fraud in the Airline & Travel Industry Requires Stronger Authentication

The number is staggering—$858 million.

According to The International Air Transport Association (IATA), that is the amount fraud costs the travel industry annually. And of that figure, $639 million falls on the airlines.

Why? With airline tickets digitized for convenience and movement, they function more like free-flowing currency. Just as banks now rarely store reams of dollar bills in their vaults, tickets rarely exist as individual slips of paper for distribution, making them vulnerable to attack.

Existing in digital form allows for faster transaction speed, increased revenue for businesses, and added convenience for customers. But this high rate of speed also has the potential to create insecure conditions for fraudsters to exploit.

For example, many people don’t realize the amount of information contained on the tickets themselves. The barcode on a printed ticket actually functions as a form of password, easily read by any standard barcode reader. Consider the case of the woman who posted a picture of a winning horse race ticket on Facebook, only to have the $825 payout swiped when a thief copied the exposed barcode and redeemed the ticket at an automated machine.

Likewise, airline tickets also contain a wealth of information on the bar code. The schemes fraudsters use in this sector range from purchasing tickets using stolen credit cards and abruptly cancelling them to get flight credit, to producing fake online travel vouchers in order to gather personal information from unsuspecting victims through phishing attacks.

Card-not-present fraud—when items are purchased without a physical card—is another serious problem in the airline industry. According to a study conducted by Visa, 54% of CNP airline fraud occurred via insecure e-commerce channels in 2013.

These and other evolving types of fraud are keeping travel industry security professionals up at night trying to ensure their digital transactions are legitimate. As with other sectors, tighter security protocols are introduced into the process, slowing down transactions unnecessarily and negatively affecting revenue. Considering that the shopping cart abandonment rate in the travel industry is already high at 81% (in contrast to 68% for online retail), adding more friction could catapult that number even higher.

Instead, the best solution to provide the frictionless service is to distinguish real, trusted customers from fraudsters in real-time.

Interestingly, the concept of the TSA Pre-Check program conveys the concepts of “trust” well. After undergoing a background check and paying an $85 application fee, customers can go into an “express lane” at airport security checkpoints. They can keep their shoes on and carry liquids and computers in their carry-on luggage. In other words, less friction.

As the head of the TSA John Pistole said, “We can look at these [passengers] in a different light because we know more about them. This is the way to expand the number of people who are trusted.”

That same concept can be applied through device authentication technologies for mobile and browser that grant travelers “trusted user” status when purchasing their tickets, doing so invisibly in the background of every transaction.

Mobile in particular is uniquely positioned to deliver on this security concept. Because of their internal architecture, mobile devices contain within them thousands of identifying attributes. InAuth software combines these attributes into a permanent device ID that survives app uninstall/reinstall and operating system upgrades, and cannot be spoofed. The software also flags devices that might be considered “suspicious,” such as if the device has signs of being compromised with malware, rooted or jailbroken, and other high-risk indicators.

With InAuth software in place, airlines—as well as hotels, cruise lines and other travel-related businesses—can perform device recognition and advanced fraud detection in real-time to more accurately associate customers to devices distinguishing trusted purchasers from potential fraudsters. This real-time risk assessment allows airlines to make more confident transaction decisions.

It’s not just the airlines however. Hotels, cruise lines, car rental agencies, and other travel-related businesses must also constantly combat suspicious bookings to prevent fraud in today’s digital world while continuing to provide a frictionless experience for their trusted customers. They can benefit from these same next-generation solutions. At InAuth, we believe organizations can have heightened digital security and a seamless, smooth customer experience.



376 Boylston Street, Suite 501
Boston, MA 02116

West Coast Office

227 Broadway, Suite 200
Santa Monica, CA 904011


Belgrave House
76 Buckingham Palace Road
London, SW1W 9AX


Eje 5 Norte 990, Building C, 1st Floor
Santa Barbara, Mexico City 02230
+52 (55) 52097037



Level 9, 12 Shelley Street
Sydney, NSW, Australia, 2000
+61 2 9152 2851

Level 14, 360 Collins Street
Melbourne, VIC, Australia 3000
+61 3 9152 2851


Level 15, Marina Bay Financial Centre
Tower 1, Singapore 018940
+65 6317 6414