Best Practices - Fraud Prevention | Airlines Reporting Corporation

Fraud Prevention

Best Practices

A good way to reduce an agency’s exposure to credit card fraud is to establish best practices when dealing with new or existing customers. Fraudsters are very creative when it comes to thinking up new ways to deceive agents and having established procedures in place can help both new agents and veteran agents identify fraud schemes. Researching new customer information (refer to our Free Internet Tools and Digitally Altered Images) may help quickly spot a potential fraudster before tickets are issued.

Below you’ll find best practices recommended for leisure and corporate agencies.

Credit Card Red Flags

When accepting a credit card from a new customer it is recommended that agents look beyond the fact that they received a credit card authorization from their GDS. Fraudsters typically use compromised credit cards (they have the credit card information, not the credit card itself) when ordering tickets for themselves and other travelers. Because the true cardholder does not know a fraudster is using their card information, the card is not listed as “stolen” by the card issuer; therefore, the authorization will go through if there is available credit on the account.

Use the Credit Card Red Flags document to think beyond just the authorization code and more about who is ordering tickets for other people, why they’re ordering tickets from your agency, and what kind of itineraries are requested. Asking yourself these types of questions before you issue tickets for new customers may reduce your exposure to possible credit card fraud.

Risk Level

Corporate Travel Agencies

Corporate agents are targeted just like leisure agents and many of the same red flags and fraudster characteristics are shared.

The following best practices are recommended to help reduce exposure to fraud:

  • Recognize where your corporate clients travel to/from and flag tickets with characteristics outside that pattern.
  • Verify referrals claiming to be from your corporate client when expected travel patterns change.
  • Verify the telephone number used by the caller with a trusted contact at the corporate client.
  • Communicate using a confirmed business email address not any of the free services (Yahoo, Outlook, Gmail, Yandex, etc.).
  • Ensure that the corporate email address is 100% like the normal email address. Make sure there are no extra letters or numbers in the requestor’s email address.
    • True corporate email: abxyzcorp.com
    • Fraudster’s email: abxyz1corp.com
  • Is the corporate customer ordering tickets for children or infants? Does your corporate client typically do that? If not, there might be a problem.
  • Is someone calling your agency often to order tickets when they really should be using their corporate booking tool? This may be a sign that something is amiss.

Incorporating some or all of the best practices above may help identify if a fraudster is impersonating an employee at your corporate client and reduce your exposure to fraud.

Corporate Booking Tools

Many of the best practices identified in the Corporate Travel Agencies section apply to Corporate Booking Tools, as well.

The following best practices are additionally recommended:

  • Turn off the “Guest Booking” feature.
  • Do not display high-risk airports at all.
  • Remove auto-ticketing for high-risk airports so that those bookings are reviewed by agency staff.
  • Ensure that ticket confirmations are emailed to the existing corporate email address.

After-Hours Services

Many of the best practices identified in the Corporate Travel Agencies section apply to After-Hours Services as well.

  • Do not issue tickets for non-profiled customers.
  • Ensure that staff has the ability to contact someone at the corporate agency or corporate client that can verify suspicious ticket requests.

If agents believe they have had interactions with this fraudster fitting this profile, please contact ARC Fraud Prevention at 855-358-0393 (toll-free) or via email at fifp@arccorp.com.