Fraud more likely to occur with travel purchases

By Marianne Curphey

As you start making your December holiday travel plans, be sure to squeeze in time to consider your credit card's safety. According to FICO, travel purchases are the most likely to lead to fraud because hotels and travel agencies hold so many customers' details and are a boon for fraudsters. That, plus a lowered guard because you're in the "holiday mind set" could lead you straight into criminals' hands.

According to November 2014 research by FICO, the fraud analyst and technology specialist, card-not-present (CNP) fraud accounted for three-quarters of card fraud cases and fraud losses in the UK from 2012-2014. Criminals carry out these types of transactions online or via phone after obtaining card details.

The most likely places for CNP fraud to happen are hotels, motels, resorts, travel agencies and tour operators, according to the FICO data. fraud-on-holiday

Why it's more likely to happen on holiday
Hotel systems hold a lot of data about you, but their security systems are relatively insecure, especially when compared to banks.

"When you check into a hotel, you give all your details, address, credit card numbers and even the CVC (security) number on the back of the card," says Martin Warwick, FICO's fraud chief in Europe, Middle East and Africa. "Hotels file this in their database. However, if a criminal was working at the hotel they would regard this information as a ‘gold mine' in terms of identity theft and card fraud."

Even if the employees are honest, hotels and travel agencies are still huge targets for criminals because they hold so much personal information on customers.

"Hackers are interested in obtaining large numbers of credit card details for as little effort as possible, and high volume hotels and motels near airports present them with a huge opportunity," says. Russ Spitler, VP of Product Strategy at AlienVault, which provides IT security solutions worldwide.

"If a criminal can hack into that information, they can start using it," says Warwick. "That is why you see a lot of retailers trying to disguise and encrypt."

In addition to handing over a lot of personal information, other factors contribute to the higher level of fraud while you're on holiday. For instance, at home you likely have a predictable spending pattern, and you probably use trusted vendors, but on holiday you might be using your credit card at less reputable outlets.

"When you are on holiday, you are using your credit card more frequently and making purchases in unfamiliar stores, plus you let your guard down a little more than normal," says Spitler.

Why data isn't always safe
Problems arise when merchants try to keep data safe within their own systems, says Noam Grinberg, head of risk management at SafeCharge, which provides payments services, risk management and IT solutions for online businesses.

All online merchants who process, transmit or store customer credit cards must comply with the Payment Card Industry Data Security Standard (more commonly known as PCI standards), a complex and demanding set of requirements for the protection of payment data.

For online merchants, managing their own PCI compliance is a very time-consuming, costly and risky business, Grinberg says.

"If a merchant is holding customers' credit card details on file, it makes that merchant far more vulnerable to malicious hackers, whereas if the merchant has outsourced PCI compliance and there are no credit card details on the merchant's system for a hacker to attempt to steal then risks are greatly reduced," Grinberg explains.

Warwick says retailers' systems tend to be less secure than banks'. And, Spitler says, a lot of hotels have not invested as much in IT security as other companies have done.

Preventive measures you can take on holiday
Never give any PINs, passwords or your CVV code (on the back of your card) over the phone when reserving hotels or car services, Grinberg says.

"There is no need for the merchant to ask for it, because if they have flagged the transaction up as MOTO [mail or telephone order] the transaction will go through without CVV."

Also be wary of merchants who won't let you use a Visa or MasterCard, Grinberg says, as these two providers have been doing a lot of work to regulate and monitor suspicious merchants, and fraudsters know it.

Spitler suggests not losing sight of your card. If you're at a restaurant or hiring a car and hand over your card to a staff member who takes it away, they could easily take a photo of your card.

When travelling, especially to foreign places, it may be best to use cash or a prepaid card instead.

See also: Using plastic to get cash abroad, Consider prepaid card for your World Cup travels

Published: 26 November 2014