How do adversaries defraud airlines?
Airlines are prime targets for cybercriminals due to the vast amount of sensitive and valuable data they contain such as customer details, payment information, and rewards points. The resulting automated attacks (bots) disrupt operations, lead to data breaches, and damage brand reputation.
Common threats:
- Credential stuffing takes over customer accounts, accessing customer details and payment info. Low MFA adoption and password reuse make these attacks effective.
- Attackers steal loyalty and rewards points, purchasing travel for themselves, selling accounts on the black market, or booking discounted itineraries on behalf of travelers.
- Bots reserve bookings and lock out real customers — known as denial of inventory. These reservations are often canceled, making it difficult for you to maximize occupancy rates.
- Ongoing scraping of flight data raises Global Distribution System (GDS) costs, gives valuable data to competitors, and enables unauthorized online travel agencies to thrive.
1.2%
Annual revenue an airline loses to website and mobile sales fraud, costing industry $1+ billion each year (Source: International Air Transport Association).
Where will you see the effects of automated threats in the airline industry?
You will notice the effects across your business - customer experience, IT operations, and site performance. Specifically:
- Frustrated customers will call into Customer Support and Fraud teams to report compromised accounts and stolen loyalty points
- Site performance will suffer and customers will book elsewhere
- Excessive automated queries for price and flight info inflate customer acquisition costs
- Infrastructure costs will rise to support bot traffic, as IT devotes more resources to mitigating attack
- Artificial traffic data will skew analytics, compromising pricing strategies and accurate demand forecasting
The biggest damage? Loss of trust from your loyal customers.
How does Kasada defeat these travel and hospitality threats?
Even sophisticated bot management solutions can be tricked by bots that uncover what the defense is "listening for" and feed it fake data to appear human.
Kasada, meanwhile, verifies data authenticity and secures data collection integrity to prevent tampering. It forces bots to execute their requests in real time on a real device in Kasada's trusted environment. Plus, Kasada remains effective over time with dynamic detection and strong obfuscation that protect against retooling attempts. The results speak for themselves:
- One airline saw 30% improvement in site speed and stability. The improved UX encouraged more direct bookings
- 75% of an airline's traffic wrongly classified as "human" by its CDN was revealed as bots
- Ongoing scraping by an OTA (500K requests/day) inflated GDS and infrastructure costs before Kasada shut it down
"Thanks very much guys. You're solving a nightmare we've been dealing with for over a year now."
Director of Cybersecurity, major North American airline