Tony Sales, fraud expert at We Fight Fraud Live, believes fraudsters will be looking to hitch a ride when people are allowed to travel again. He offers his advice on staying safe online and protecting data
The travel industry was one of the first to collect and store customer data. How well it protects this precious cargo when we are back in business after the Covid lockdowns could have a big impact on who will survive and who won’t.
In many ways, the industry has been hit by a triple whammy – the ever-present threat of terrorist attacks; an increasing number of data breaches; and the recent pandemic that has practically brought it to a standstill.
But now’s not the time to cut corners to save money, however tempting it might be to minimise cyber or physical security measures to help the bottom line. The industry needs to invest in raising awareness and implementing effective security measures, to protect operations and data like never before.
That’s because their customer database is a company’s most valuable asset – not only in terms of residual income but also to build brand loyalty. If hackers get hold of this data, companies not only lose trust within the market but also with their customer base. Look at BA after its 2018 attack, which is still having an impact.
Of course, the problem of Covid is going to be put firmly at the travel industry’s door – particularly if countries go down the vaccination passport route. Airports and customs are going to be under increasing pressure. And the dark web will be thriving – selling fake documentation from whatever country – whether that’s test results or Covid passports. That’s not being talked about but we believe it will become a huge problem.
Criminal behaviour has adapted, innovated and evolved during the current crisis, and as such poses a serious risk to the travel industry. Criminals have had time to look at new opportunities to commit crime and ways to exploit the new normal, from targeting people who are working from home through impersonation fraud to phishing and cyber attacks.
Criminals specifically target people working remotely and target onboarding and authentication processes. They use sophisticated social engineering techniques to bypass due diligence measures and undermine Know Your Customer (KYC) processes.
In fact, onboarding is the “single point of failure” for many businesses. Staff must be trained how to identify the potential threats and risks through onboarding criminals posing as new customers. They need to learn how to identify different social engineering techniques and spot fraudulent documentation. And this applies whether they are still working at home or are back at the office.
Criminals will also be looking at creating fake travel websites. Once things open up again, many people will be looking for a deal and looking online. They’ll look for Abta and Atol accreditation on websites, thinking that will protect them. But it’s so easy for fraudsters to add those logos to their fake booking sites – just copy and paste. These bodies need to be more brand aware, looking at ways to police fake sites and developing stricter guidelines for use of their brand so legitimate companies as well as consumers will be protected.
Another key problem for the travel industry is the necessity of delivering excellent customer service, which can inherently reduce many security factors.
The stakes are high for the travel industry, and there’s lots of work to do. A good starting point is to look at what the financial industry is doing, to value marketing and customer service as much as cyber and data safety, and start to understand what security looks like.
There’s a critical need for awareness training, for both consumers and staff. When you hold on to so much information on so many people, and you can get hit in so many ways, it’s vital to put security front and centre and invest to stay safe.
We Fight Fraud Live takes place on 28 April. Book a seat at the free conference here