When it comes to protecting their revenue from fraud, airlines and online travel agencies (OTAs) find themselves in a catch-22. Strict rules and fraud filters reduce chargebacks, but given that clear-cut fraud only occurs in approximately 2% of card-not-present flight orders, these measures also inevitably lead to costly false declines and disgruntled [ex]customers.

In this post I discuss how airlines and OTAs can manage this conflict by using data from a range of sources to evaluate orders containing mismatches, rather than relying on discrete data points to identify and block ‘suspicious’ customers. By investigating online shopping behaviour through less formal fraud detection techniques, online sellers can leverage their data to get ahead of the game and boost online revenue.

Rejecting orders over a single mismatch can be risky too

When it comes to online travel bookings, mismatches between geographical data points are almost always a given. For example, in more than half of online flight orders, a passenger makes a purchase outside their flight departure country. A whopping 97% of these orders, where there is a mismatch between the IP country and departure country, are valid.

With many travelers booking their tickets while abroad, it’s common to see purchases made with a credit card issued in a different country. Nearly 1 in 3 online travel orders have a mismatch between the card issuing country and the device IP country. Close to 95% of these transactions are valid.

Rejecting orders over a single mismatch can be risky too

It is clear that airlines and OTAs should not reject orders simply based on data mismatches.  But the question remains – how can we know which orders with data mismatches are valid?

We use all available information, including data across Riskified’s ecosystem, the customer’s cyber footprints, and third-party databases, to reveal the story behind the order. This includes taking advantage of social media, which can often provide the missing pieces of the puzzle – yes, we can finally put our Facebook stalking skills to good use. Given the extra information customers are required to provide when completing a travel booking, airlines and OTAs have the added advantage of multiple data points from which to identify correlations.

Getting to know the traveler behind the data

The best way to illustrate the benefits of such an approach, is by looking at a typical online flight ticket order.

Getting to know the traveler behind the data

The first obvious discrepancy in the above order is that the passenger and credit card holder have no clear connection. Furthermore, the purchase has been made for a French citizen, using a US-issued credit card.

Many airlines and OTA fraud review systems would have already flagged these mismatches as signs of a high-risk order that should be declined or at the very least routed to manual review. But despite the multiple data mismatches, this order is absolutely legitimate and was safely approved by Riskified.

So how did Riskified identify that this order is valid? Based on the email address used, and previous orders with similar details, we deduced that it was likely a business related purchase. A  LinkedIn search confirmed that the domain listed in the email belongs to a US owned company headed by Patricia Williams. It has offices in Europe, and the traveler shared their surname with a company manager. A Facebook scan then revealed that the traveler was the manager’s husband, and according to her status they were both looking forward to relocating to the US following her promotion.

Based on the information already obtained it would be quite safe to conclude that this was a legitimate order. But Riskified’s elastic order linking system – which links every new order to those previously reviewed – provided even more insight, and revealed that the same email address, connecting from the same IP, had been used to make another travel-related booking four months prior. That transaction had been approved and did not return as a chargeback.

In short: the office administrator of the company’s Italian branch, used the American CEO’s credit card to purchase a ticket for a relocating employee’s French spouse.

Hold on to your revenue

This is only one example of how drawing on additional sources can assist fraud teams to familiarise themselves with the patterns of genuine travelers. Without the ability to incorporate this data, the transaction would probably have been hard declined.

In some cases, merchants may have opted to use an alternative, more conspicuous measure to verify the order (such as contacting the customer by phone). However, such an approach is inconvenient, time consuming, and will generally impact negatively on a customer’s experience.

By enforcing high-friction verification measures, or by falsely declining such orders, merchant’s stand to not only lose the revenue from that specific purchase, but also jeopardize their relationship with highly profitable clients. And sending rejected, annoyed, legitimate customers to competing sites – where they are able to reserve the exact same tickets – is a highly frightening prospect in such a competitive market.