Read time: 02'48''
1 September 2021
Fraud at 30,000ft: Cybercrime in the airline industry
Unsplash © Hanson Lu

Fraud at 30,000ft: cybercrime in the airline industry

Given all the security around air travel, you would think that they would be one of the industries least at risk from fraud, but you would be wrong. The International Air Transport Association (IATA) estimates fraud costs the industry $1B per year, which only adds to the $84B that the industry lost in 2020.

Considering that 2021 is not likely to be much better and even on good years, the industry operates on razor-thin margins with bankruptcy a running theme of the history of airlines, any kind of losses are unacceptable.

Airlines are going to get back to where they were prior to the pandemic soon, but as we have seen in other industries, the huge upswing in fraud in 2020 is unlikely to abate as quickly: fraudsters aren’t going to go back to their day jobs. As SEON has shown through our ongoing partnership with Air France, fraud in the airline industry can be significantly reduced by modern technology, with time-consuming manual reviews sped up 70% using our technology.

With this in mind, let’s take a look at some common fraud types before we look at solutions to combat it.

Air Miles fraud

Unlike currency, air miles lack a lot of the security measures and oversight that keeps other kinds of fungible assets safe. There is a thriving dark web market for stolen air miles: all hackers have to do is gain access to a person’s account, then either transfer them to a buyer or sell access to an account for buyers to use to purchase goods or even book entire flights. 

A study by Experian found that buyers can get 100,000 points at several major airlines for as little as $884: enough to buy flights, hotel stays, car rentals and, with some airlines, luxury goods that can be resold.

Employee account hijacking

Access to an airline employee’s account would be a very valuable thing: the ability to book flights, issue false refunds and upgrade tickets could net a fraudster thousands. One hacker was able to obtain $2M in plane tickets through a phishing campaign before he was caught.

Some airline employees even misuse their knowledge and access to book free or discounted tickets for friends or sell tickets online, so airlines themselves have to be cautious.

In-flight scams

When you buy goods during a flight, your details are taken and processed after the plane lands. If your payment card is declined, then they will get in touch with you to ask for new payment details. If you have given them intentionally incorrect payment details and purposefully used an expired card, then you could get away with luxury goods worth thousands. This will tend to be one-off scams from unscrupulous people rather than organised and sophisticated gangs, but it is still of concern.

PoS hacks

In most airports, tickets can be bought or activated at Point of Sale (PoS) systems, and these terminals can be hacked using specially-made USB keys or other sophisticated attack vectors. Even though it requires hackers to be in public, surrounded by cameras and security, these are surprisingly common means of hacking airlines to get free or discounted tickets.

What can be done?

Although fraudsters are increasingly sophisticated when it comes to exploiting vulnerabilities, they have vulnerabilities of their own. Fraud fighting tools on the market use one of the key vulnerabilities shared by nearly every fraudster: they rarely, if ever, use their real names. This means that they will either use identities of their own creation, which will naturally be full of holes, or stolen identities, which can often be matched to those that have been compromised in large-scale hacks. 

The artificial intelligence (AI) and supervised machine learning (ML) underpinning these systems allows them to move much faster than human reviewers, permitting them to keep up with the huge number of legitimate and illegitimate transactions.

The number of flights is hopefully going to pick up very soon, and hopefully the airline industry can regain some of the revenue lost to the recent pandemic. But to really start rebuilding, they need to be able to reduce common losses like fraud. With modern fraud prevention technology, this becomes a possibility.

Tamas Kadar is the founder and CEO of SEON.