Airlines go on guard against cyber-fraud

Now, some carriers are stepping up their efforts to fight back. They're boosting the staff that tracks crimes and tapping into new technology that can help detect it. But as large airlines tackle the problem, there is growing concern that fraudsters are moving onto smaller carriers whose defenses are not yet in place.

"The fact is that any airline that hasn't upgraded their fraud-protection system in the last couple years is a sitting duck," said Jeff Liesendahl, chief executive of Accertify, which provides fraud-prevention technology and services to airlines and other e-commerce companies.

Throughout the airline industry, online fraud is on the rise. A Deloitte UK survey taken in 2009 found that 48 percent of more than 50 responding U.S. and global carriers said online fraud had increased in the past year, and each airline's losses averaged more than $2.4 million annually.

Other fraud experts say the amount is far greater. An industry poll released last year by CyberSource, an electronic payment security-management company, and aviation conference firm Airline Information estimated total losses at $1.4 billion in 2008.

"The general feedback from everybody ... is that they see it getting worse," said Graham Pickett, partner in charge of aviation services for Deloitte UK, which conducted its survey for the International Association of Airline Internal Auditors. "The main driver has been ... the Internet, and in particular credit card type bookings."

American Airlines and Virgin America have noticed an uptick. "We have seen an increase over the past year that is significant," said Virgin America spokeswoman Abby Lunardini. Virgin officials "assume it's a combination of the overall rise in online purchasing and the growing sophistication of those who engage in credit card fraud."

In July, the U.S. attorney for the Western District of Missouri, Beth Phillips, announced indictments of 38 people allegedly involved in a nationwide ring that used stolen credit and debit card information to buy airline tickets. The tickets were resold and led to estimated losses of more than $20 million for several U.S. airlines, banks, card holders and other businesses.

Airlines have ramped up prevention efforts in the last two years, hiring experts from the financial services industry, expanding anti-fraud teams and incorporating new computer systems that are more skillful at pinpointing suspicious transactions.

It's primarily larger carriers that have taken steps against fraud, Liesendahl said. As a result, smaller airlines, or those that have been online for a shorter time, are drawing the attention of criminals.

"The fraudster is going to go to the places where there's the least amount of fraud protection," Liesendahl said.

Airlines are reluctant to reveal details of their fraud-prevention efforts.

"Common sense on this issue limits a discussion of what we do to track, prevent and seek prosecution of such occurrences," said Tim Smith, a spokesman for American Airlines. "We're just not interested in providing a 'how to' lesson on the subject."

Still, Smith said, "I can tell you, in a very broad sense, that we have seen some increase in fraud and attempted fraud the last couple years."

The airline's corporate security team deals with credit card fraud, he said, and often works with financial services companies and law enforcement when making inquiries.

In the travel sector, companies such as Orbitz were hit first and hardest by fraudsters, resulting in millions of dollars in lost revenue a month.

After those companies took action to plug their holes, criminals took aim at airlines.

"The Web is where businesses go to accelerate growth but also (it's where they) have the most risk," said David Britton, vice president of airline fraud solutions at 41st Parameter, which provides fraud-detection solutions to various industries. "Unfortunately, (airlines) have had to learn along the way."

Credit card abuse, with someone entering a stolen card number on a website, is the primary type of online fraud, experts say. But criminals are also increasingly tapping into fliers' airline loyalty accounts and then using the passengers' miles or points for travel.

Although first-class and business-section seats typically booked by business passengers have been popular -- both for fraudsters wanting to take a trip and those looking to sell a ticket -- criminals are now booking seats throughout the plane, and further in advance, to make their scams harder to detect, some fraud experts say.

AirTran set up a fraud-prevention department in 2003 that began with one staffer. It has since grown to six people that work full time keeping a lookout for such crimes. And in the last several months, the carrier has been upgrading its anti-fraud program with advanced technology that is "much more automated, less dependent on manual work," said spokesman Christopher White.

As a result, he said, the airline's losses to fraud amount to less than 1 percent of revenue. The airline took in $2.3 billion in revenue in 2009.

"We continue to learn," White says. "It's a 24/7 game of cat and mouse. It's just like malware, spyware: You plug one hole (and) a thief is going to try to find another way."

Southwest began using a technology platform from Accertify in August 2008 that takes into account all that is known about a passenger, from where they usually travel, to the phone number being used, to flag suspect purchases. Those can then be referred to an agent who gives it a closer look, and may even call the customer to make sure the transaction is valid.

Southwest's fraud dropped 73 percent in the first year, Liesendahl said.

With airlines generating billions in revenue a year, the loss of a few million dollars to fraud may not seem particularly alarming. But "it's a crime," said AirTran's White. And "this is probably the most competitive industry in America. Every dollar counts, and every passenger counts. So we're going to do all we can to protect both."

(c) 2010, USA Today.
Distributed by McClatchy-Tribune Information Services.