[Blog] Machine Learning Fraud Detection for Online Travel

In our previous travel fraud blog post, “Online Travel Fraud: Who is Behind the Top 4 OTA Fraud Threats,” we discussed four types of fraud to which OTAs are especially vulnerable. In this post, we explain how data enrichment, pattern detection, and machine learning unite to detect and prevent a myriad of these travel fraud schemes, e.g., account takeover, payment fraud, phishing, friendly frauds, and many more.

A fraud attack typically begins with fraudsters obtaining consumers’ credit card numbers and identifying information; or a travel agent’s booking system login; or both. The methods vary, from phishing for a travel agent’s login credentials, to a sophisticated bad actor acquiring account information on the Dark Web, to a combination of tactics.

In this escalating arms race, innovative OTAs and multichannel agencies turn to fraud prevention solutions that combine technological advances in Big Data and Machine Learning to detect fraud threats across thousands of transaction variables, in real-time. We’ll trace a transaction’s path through a fraud detection platform to illustrate how it all works together in concert.

Fraud Detection Systems Overview

Step 1: Big Data and Transaction Data Enrichment

Within the 300ms between an online consumer transaction and an automated fraud decision, an enterprise fraud prevention and detection solution, like Fraud.net, appends each transaction record with thousands of data elements. This data is derived from billions of prior transaction experiences from our Collective Intelligence Network, a consortium of enterprise clients sharing the outcomes of all online transactions – good and bad.

The key to fraud detection success is the depth and breadth of raw data feeding the algorithms. More transactions, with more outcomes, from more companies, industries, segments, and geographies, generate more accurate fraud decisions. Fraud.net appends each transaction record with over 4,000 variables, ranging from related IPs, Emails, and addresses, to transaction airport pairings, distance from purchase location to departure location, to a plethora of additional travel-related data fields.

Step 2: Machine Learning Fraud Detection at Scale

Machine Learning models learn to recognize patterns and predict outcomes, and continuously gain new insight via feedback loops that enable algorithms to learn and improve to keep pace with new fraud schemes.

Machine learning systems self-learn as more online and call center transactions and outcomes are logged. Backed by big data, machine learning algorithms identify thousands of risk signals for hundreds of different types of fraud schemes and attack vectors. The learning never stops, with new schemes generating new signals to detect. For example, if fraud rates are anomalous for a specific travel agent, purchase location, destination airport, or any other variable, the system identifies the anomaly in real time.

Let’s review a real-life scheme from our previous blog post to demonstrate how machine learning fraud detection can stop a thief.

To Stop a Thief – Account Takeover

In the first example from our previous post, Adam Griffith infiltrated a brick & mortar travel agency by blending in as a frequent office visitor until he eventually stole a travel agent’s username and password. In many other cases, an employee may be complicit with the fraudster and hand over his or her credentials willingly.

Griffith booked multiple fraudulent trips using the employee’s credentials and stolen credit cards – approximately $50k in fraudulent travel bookings. How could Griffith have been stopped? What data and behavior would have indicated that the transactions were fraudulent?

Let’s review Griffith’s first fraudulent transaction as it moves through the fraud detection process to illustrate the power of machine learning and consortium fraud data.

Initial Transaction – 2 Factor Authentication (2FA), Digital Identity, and Anomaly Detection

2FA. First, he logged into the travel agency’s booking platform from a remote location. With a simple 2-factor authentication screen, the transaction would have died immediately. If 2FA is enabled, the actual employee receives a verification request on their mobile phone, preventing the fraudulent login and account takeover. Note: if the agent is complicit, then the perpetrator will make it past this screen.

Data Enrichment and Fraud Detection. Second, Fraud.net’s Collective Intelligence Network (growing archive of billions of Fraud.net consortium transaction experiences) appends every transaction record with a digital identity – all of the transactions and outcomes associated with all of the transaction’s IPs, email addresses, physical addresses, devices, and more. If past fraud was associated with the device or digital fingerprint, the review agent is alerted and can quickly cancel the order.

Machine Learning Fraud Detection. Third, as described above, algorithms score the transactions based on learnings from other fraudsters. Some combination of signals would have likely flagged the transaction for review. For example, dozens of specific airport pairings (departure/destination) signal fraud. Additional travel-specific variables include buyer location, buyer distance from the departure airport, the number of tickets in a transaction, products purchased, the time between purchase and check-in and departure, time of day, and many more.

After the Purchase – Feedback Loops and the Collective Intelligence Network

What happens if this is the first time this digital identity has perpetrated fraud, and no aspects of the transaction signaled fraud? Will the criminal ever be caught? What happens if he or she tries a second time?

A mechanism for continuous feedback is critical. Fraud cases are detected after the fact via account reconciliations, chargebacks, and empty seats. As an aside, regarding empty seats, when a criminal takes over a credit card to purchase airline tickets, s/he usually buys at least two tickets. The ticket for the purchaser (i.e. the stolen credit card victim) goes unused. This empty seat is an after-the-fact signal for a fraudulent transaction.

Going forward, all associated digital identities (e.g., those of the flight companions) associated with the flight are updated, and fraud models improve with the new insights. Even if a fraudster is traveling under a different name (yet using the same IP address, for example), that name may be flagged for prior fraudulent activity too.

Assuming that account reconciliations identify the first fraudulent transaction after the fact, the fraud prevention platform will automatically ingest the new information and update the extended digital identity with the fraudulent activity.

Safety in Numbers

Or, perhaps a different travel agency or vendor will catch the perpetrator first. This is the true power of a Collective Intelligence Network like Fraud.net’s. Once a single consortium member detects fraud, the criminal’s updated digital identity and fraud experience is available for all other members. All clients benefit when one client identifies a fraudster.

Machine Learning and Sales Growth

Even the travel agency itself, and its employees, are important variables in fraud prevention models. Most local travel agencies, whether brick-and-mortar or online, are typically members of a more extensive network; in essence a franchisee. Models identify anomalies at the agency and the agent level too. E.g., are fraud rates out of alignment for any particular firm or agent?

Successful fraud prevention programs are designed to do more than reduce fraud. A successful program will also approve a higher proportion of good transactions. Machine learning is as important for sales growth as it is for fraud reduction. A high ROI platform correctly scores over 99% of all transactions – good and bad.

In addition to reducing fraud, a fraud prevention platform delivers ROI by minimizing the number of transactions reviewed, and the time required for each review. As mentioned above, more accurate scores will reduce the number of false positives.

Furthermore, it enables faster reviews. Ideally, a case management platform provides access to all of a company’s anti-fraud data sources, including both proprietary and 3rd party data. Our clients tell us that reviews are significantly faster after making all of their information available through a single platform.