Effective PED 01/24/2021, Air Tanzania (TC/197) no longer accepts Diners Club, Discover, JCB, Visa or Mastercard as forms of payment through ARC.
Agents issuing refunds for Air Tanzania are encouraged to have customers contact their card issuer for resolution, as ARC will not be outputting the refunds to the processor.
ARC has been alerted to the return in January 2021 of a fraud scheme, first identified in 2017, in which a fraudster gained unauthorized access to a GDS which allowed them to remotely bridge/link into a second agency to issue tickets. To help deter or prevent future unauthorized access incidents, ARC recommends that each agency review their GDS access controls to tighten security.
The following tips may help reduce an agency’s exposure to fraudulent activity:
- Obtain references and conduct due diligence or background check on each person;
- Consider requiring that party to sign a hold harmless, indemnification agreement making them liable to you for any transaction issued on their user login credentials;
- Purchase errors and omissions insurance that provides liability coverage for cyber theft, unauthorized ticketing, and stolen tickets and credit cards, etc.;
- Frequently review GDS systems, users and log-in credentials to determine if any such bridges/links exist and whether they are still required;
- When an employee or contractor is terminated, immediately revoke their access to your computer systems and the GDS;
- Disconnect bridges and all other links or connections between accounts no longer in use;
- Restrict each GDS user’s level of access to only necessary privilege. For example, cruise-only agents may only need access to view or book;
- Frequently review the level of access (e.g., “look and book access,” “book and ticket access,” etc.) for each account and adjust or restrict as necessary;
- Ensure strong passwords are used to log into your agency’s workstations/laptops and apply a rule that requires a password change at least every 90 days; and
- Smaller agencies may want to turn off ticketing ability when closed. Contact your GDS provider for more details.
- Review ticketing queues every day, including weekends and holidays. Review bookings on a daily basis and validate they are created for legitimate customers; and
- Look for tickets that are not typically issued by your agency, such as international cash sales with immediate departures.
If you suspect unauthorized ticketing or access,
- If possible, immediately void the ticket(s) through your GDS to obtain an ESAC code;
- Notify affected carrier;
- Cancel the PNR (or return segments if the outbound leg has been used); and
- Contact your GDS to report compromised IDs, PCCs or passwords and ask for immediate assistance to prevent additional unauthorized ticketing or access.
NOTE: Each GDS will have its own security and fraud guidelines. It is recommended you familiarize yourself with those and apply them to safeguard your business.
At ARC we are committed to reducing fraud against agencies. Please report all fraud incidents to StopFraud@arccorp.com or call us toll-free 855-358-0393.
ARC is extending free access to the fraud mitigation tool, ARC Risk Check until March 31, 2021, for new users. For more information about the service and to enroll, click here.
ARC strongly recommends the IAR sales report be reconciled daily. The sales report should have a final reconciliation performed prior to sales report authorization/submission. The following steps will facilitate this process:
- Verify that all documents and voids are correctly listed in the IAR sales report;
- Correct any errors;
- Verify all transactions were legitimately issued by your agency (to guard against unauthorized ticketing);
- Verify all commission amounts;
- Verify all refund and exchange transactions are accurate and their values include any penalty information (if applicable);
- Verify cash and credit totals; and
- Verify the net remit amount.
You can view more information on IAR in Section 5 of the Industry Agents’ Handbook.