This case study explains the benefits EMV® 3-D Secure (EMV 3DS) brings to the airline and travel industry to support the sector in its fight to reduce transaction fraud, while promoting a frictionless payment experience.
The challenge – Addressing card fraud across the travel industry
Fraud presents a significant challenge to the travel industry. According to data from the International Air Travel Association (IATA), airline fraud losses are estimated to total at least $1 billion per year.[1]
There are several factors that explain why the travel industry and airline payments are particularly vulnerable to fraud.
Firstly, the nature of many airline transactions provide an attractive target for fraudsters, combining a remote sales environment with high-value, cross-border transactions. This makes airlines the vertical most impacted by online fraud, accounting for 46% of fraudulent transactions.[2]
Complexity also contributes to the challenge. As Jean-Christophe Lacour, Head of Merchant Services, Payments at Amadeus explains: “The travel industry is somewhat different from other e-commerce businesses due to the prevalence of distribution channels and the complexity of booking several travel segments from different providers in one purchase.”
Of course, the airline industry has been hit hard by global restrictions on travel over the past year. But bookings are beginning to rebound, and this presents renewed opportunities for fraudsters. Given the huge economic pressures airlines and travel organisations are already facing, it has arguably never been as important that the industry effectively combats fraud and minimises payment friction.
The solution – EMV 3DS Travel Industry Message Extension
The importance of authenticating the individual making the payment continues to be key in the fight against fraud. EMV 3-D Secure (EMV 3DS) is a solution that enables intelligent risk-based decisions using pre-defined information which is automatically exchanged about the transaction, payment method and device being used between the:
1. Merchant / acquirer
2. Directory server operator (such as a payment system)
3. Issuer
For example, many e-commerce transactions involve a consumer checkout process. These details combined with payment transaction and device information can be shared with the bank through 3DS to successfully identify the consumer. This helps prevent unauthorised transactions and ensures that the payment process is seamless. In many payment scenarios, no additional consumer authentication interaction is needed.
Travel industry representatives approached EMVCo to request that additional pre-defined information is shared to provide specific travel-related data to issuers for use in risk-decisioning, such as ticket information, itinerary and traveller data.
This has been detailed and published in the EMV 3DS Travel Industry Messaging Extension document, which is freely available to all interested parties from the EMVCo website.
If travel industry merchants share the supplemental data outlined in the document, issuers can better verify the authenticity of e-commerce transactions using existing systems and without impacting the payment process for the customer.
The approach – Cross-industry collaboration
IATA and travel technology company, Amadeus, worked extensively with EMVCo and other key travel industry experts to provide valuable and extensive input to ensure the data required in the message extension aligned with current systems and best practice. Both contributors engaged as part of EMVCo’s Associate Programme, which facilitates engagement and enables hundreds of organisations from across the world to contribute their knowledge and expertise to the development of EMV Specifications.
What this means for the travel industry
The EMV 3DS Travel Industry Message Extension has been designed to exclusively meet the specific needs of airlines and travel agents to immediately reduce transaction fraud, while minimising additional friction during the purchase experience.
Accordingly, EMVCo expects the document to be used by parties to develop and implement EMV 3DS-compliant products and services that support the travel industry in its efforts to improve e-commerce payment authentication.
EMVCo is now advancing the document to expand the Travel Industry Message Extension to include data that supports hotel and car rental e-commerce payment transactions.
[1] IATA, ‘Fraud in the airline industry’, July 2020
[2] ibid.
by Oliver Manahan
by Arman Aygen