In our first case study we identified that organised fraudsters target several companies at the same time, with identical booking details. It is not surprising that the results of this case study show that fraudsters continue to use this successful technique to target several companies at the same time with the matching booking details.
One possible explanation for this activity is that the fraudster is testing out counter fraud systems to understand what if any fraud prevention processes are in place in an effort to highlight any loop holes that will enable them to get a fraudulent booking through. A further possibility could be the use of a web robot or ‘bot’ which systematically sifts through the internet looking for a soft target. A bot is a piece of automated software that runs simple tasks over the internet. One such task could be going onto different company’s website and trying to book travel arrangements time and time again.
It is clear from our survey and case study data that a fraudster will do the bare minimum to complete a booking. Whilst a credit card may be used several times before it is cancelled by the legitimate owner it appears fraudsters are happy to continue to reuse the same IP address, email address and telephone phone number for years on end. In some circumstances we have found that one fraudster was using the same email address to commit fraud during a 5 years period over a 100 times, this fraudster is not alone.
It’s difficult to stop fraudsters using the same data on multiple websites whether manually going from site to site or with the use of ‘bots’, but by sharing such data through the FIN tool travel companies can be proactive in reducing the threat to their website.