The travel industry is one of the earliest adopters of digital technologies. Providers across the travel value chain continue to leverage digitization to offer differentiated experiences. The online travel market continues to grow rapidly and is expected to touch USD 1091 Billion by 2022. But this also makes the industry vulnerable to increased cyberattacks and instances of digital fraud. Given its rich database of customers’ personal, professional and financial data, and the high volume of transactions involved, the industry is an ideal target for hackers.
Here’s a look at some of the ways in which cyber criminals can target travel companies.
Point of Sale (POS) Breaches
POS systems are quite vulnerable to cyberattacks due to their open and less secure connections with the Internet. According to a Verizon report, POS intrusions make up 74 percent of data breaches in the travel industry. A POS breach is usually carried out to mine data for credit card details. Unfortunately, many companies shy away from investing in good anti-malware software to prevent such attacks
Over 66 percent of all attacks by hackers today involve social engineering. Social engineers (hackers) carry out social engineering scams by either phishing, vishing (phishing done over voice calls), impersonation or smishing (through text messages). Social engineers launch attacks to demand hefty ransoms (often in crypto currencies) or steal sensitive financial information among other things.
Denial of Service (DOS) / Distributed Denial of Service Attacks (DDOS)
DOS or DDOS are malicious attacks launched by a single person or group of people to force websites / apps / networks to deny service to their users. A website, for example, is flooded with traffic requests till it eventually crashes. These attacks are carried out by botnets which aim to exhaust the target’s resources such as bandwidth or computing power.
Airline and hotel loyalty point schemes have immense monetary and resale value. In the U.S. alone, loyalty points worth over USD 48 Billion are collected every year. Not surprisingly there is a large black market across the dark web for travel-related loyalty points. Cyber criminals monetize compromised loyalty program accounts by selling login credentials or cash in on the stolen points.
Mirror Site Deception
Scamsters create fake websites that are ‘mirror images’ of existing websites. These mirror websites have no connection to the original websites and are built for the sole purpose of luring and defrauding unsuspecting customers. The hotel industry is more prone to these attacks. Last year, around 55 million hotel bookings were made through such sites that cost customers nearly USD 4 Billion. Besides customers losing money, these deceptions have an adverse effect on the brand image of hotels as well. Hence, it’s vital for both customers and hotels to stay guarded against such fraudulent third-party operators.
The dark web is a playground for underground black marketers who sell vacations, loyalty points, car rentals, accommodation and event tickets at heavily discounted prices. The increasing prevalence of cyberattacks is boosting the market for cyber security and cyber insurance products and services. While the cyber security industry is expected to reach USD 170 Billion by 2020, the cyber insurance market is projected to grow to USD 7.5 Billion in the same year.
So, what measures can the travel industry take to tackle data breaches and cyberattacks? A two-pronged approach can help secure data and prevent cyber frauds. Internal stakeholders should be educated about the various threats posed by cyber criminals. A culture of data security with zero tolerance for breaches should be nurtured across the organization. At the same time, travel companies should also invest in security software to prevent cyberattacks. Continuous monitoring efforts can uncover unusual behavior and alert companies on possible breaches. Since ‘data is the new gold,’ protecting it should be a priority for all organizations.