The travel industry is a big business. Websites like Airbnb, Kayak, and Expedia make booking and buying travel easier than ever. Unfortunately, the growing popularity of online travel also makes it a prime target for cybercriminals.
Travel data is rich and typically not very well protected against phishing emails, fake booking sites, and malware that put customers’ personal and financial information at risk. While travel companies spend large amounts of money to attract customers, they aren’t doing enough to protect them. Let’s take a closer look at the top three security problems facing the travel industry today.
1. Rich personal data
Travel websites collect a variety of personal information, including customer names, birth dates, addresses, telephone numbers, emails, and payment methods. This data can fetch about the same price in the criminal underground as data from dating and employment websites.
Hal Pomeranz, founder of computer forensic firm Deer Run Associates says, “In some sense, reward program websites are a ‘one-stop shop’ for criminals… All of this information has value and can be converted to cash in the underground economy.”
2. Relaxed authentication
Many online travel and loyalty websites do not have strict security measures implemented. CreditCards.com reviewed 10 frequent flier and 17 hotel loyalty websites and found that half relied on a four-digit PIN or a password with six characters or less. Only a third provided two-factor authentication such as challenge questions or verification codes sent to the account holder’s smartphone—a service that is becoming more common with financial accounts.
To make matters worse, many consumers re-use the same username/password combination. Fraudsters hacking one account can then try those login credentials on all travel accounts belonging to the member. Aite Group’s July 2014 report Merchants and Cybercriminals Duke It Out: No Signs of Slowing estimates that Americans maintain on average from 15 to 20 usernames and passwords, and that 55 percent of users apply the same login credential combination on all accounts.
3. Anonymity of reward points
Loyalty programs that award reward points are valued by customers. They build trust over time and accumulate points that become the equivalent of currency. Fraudsters are keen to cash in on that brand loyalty. They steal valuable points that can be redeemed for gift cards at points.com and at other locations that convert points to cash—which can make it very difficult to trace digitally.
Security expert Brian Krebs found plenty of malicious sellers on the black market selling hijacked Hilton points for a fraction of their value. Many other programs have been compromised, including American, United, and Lufthansa airlines.
Being proactive when it comes to email security will help protect your customers, your brand, and your bottom line. There’s no silver bullet solution that will work for all businesses. A tailored, comprehensive approach is the best way to arm yourself against cybercriminals hungry to do harm. A necessary pillar of that solution is working with a partner that can help you identify attacks on your brand in real time.
Want to learn more about how travel companies can protect their brand and their customers from cybercriminals? Check out The Travel Guide to Email Fraud.