by Clare Murphy
The travel industry is facing a growing fraud threat, particularly from card not present (CNP) transactions. Both consumers and businesses are at risk, but virtual card numbers can present a solution.
CNP transactions – those that are processed without a card physically presented to a merchant, such as by phone or online – have become a top target for fraudsters. How bad is it? A recent study estimated that CNP fraud will cost retailers $71 billion worldwide in the period from 2017 to 2021. And while all industries are affected by this type of fraud, the travel industry has been hit particularly hard with reports of fraud rising 4% last year, much higher than industries such as fashion and electronics that are seeing only a 1% increase.
Hotels: A Fraudster’s Dream Come True
The past few years have seen a number of high-profile data breaches affecting hotels, even large multinational chains. According to Verizon, the hotel industry had 338 data breaches in the last year, and 90% involved point of sale (POS) intrusions. This stolen card data is often used by fraudsters to commit CNP fraud, as the physical card itself is not needed for the transaction.
The model that travel companies use to work with hotels can make a difference in how consumers, and the companies themselves, are exposed to risk. In the agency model, the booking is made with the travel company and the consumer’s card details are passed through to the hotel. This model is most prevalent in Europe and Asia, according to research by FirstPartner, conducted on behalf of WEX.
In this scenario, if the hotel’s data is hacked or otherwise subjected to a data breach, the traveler’s card data is at risk of being used for CNP fraud. This, of course, affects the traveler but also harms the reputation of both the hotel and the travel company responsible for booking the travel. Although the agency model may provide some cash flow benefits to hotels, the fraud risk and consequential reputation damage may not be worth it.
A different model, the merchant model, is another option and is the most prevalent model used in US. In this model, the travel company accepts the traveler’s payment and does not pass this data along to the hotel. The hotel is later paid directly by the travel company without putting the traveler’s data at risk. And if the travel company uses virtual card numbers (VCNs) instead of a traditional corporate card to pay the hotel, their data is then also protected from CNP fraud should a data breach at the hotel occur.
VCNs offer an attractive alternative to traditional cards and have features to protect against CNP fraud, including:
- One-time use – VCNs are set up to be used only once, so even if the data is subject to a breach, the card cannot be used if the hotel has already processed the payment.
- Controls can be set to limit how the card is used – With VCNs, parameters can be set that control the types of purchases that can be made, the maximum purchase amount and when the purchases can be made. This prevents any charge other than that which is specified.
Protecting Travelers Against Payment Scams
The merchant model combined with payment by VCN protects travelers from more than just CNP fraud. It can also help protect against accommodation scams that target travelers booking hotels and other accommodation online. These scams work by fraudsters hacking into travel booking websites and fraudulently collecting payment on behalf of the hotels/accommodations or collecting payment for hotels/accommodations that don’t actually exist.
Such scams have hit British travelers particularly hard, with data from City of London Police showing a 25% rise in these scams last year for a total of 4,700 reported victims. These scams happen across the globe. When travelers expect to pay the travel company, as in the merchant model, they’re less likely to fall victim to scams that ask for direct payment for hotels.
When travel companies use the merchant model and, in turn, use VCNs to make payment to hotels, both travelers and the travel company are protected. In addition to protection against CNP fraud, travel companies can also benefit from other features of using virtual payments, including earning money on payments made, savings on international payments, and automation of accounts payable tasks.