Airline White Paper June25
2015-01-10
: Mc Airline Whitepaper June25 Airline_WhitePaper_June25
Open the PDF directly: View PDF 
.
Page Count: 2
Airline Industry Payment Card
Fraud Prevention Best Practices
PCI Best Practices
MASTER CARD SITE
DATA PROTECTION
PROGRAM
Compiling and storing
payment card
transaction
information must be
performed in
accordance with the
Payment Card Industry
Data Security Standard
(PCI DSS) and
MasterCard
requirements.
To help support
merchant compliance
with the PCI DSS, the
MasterCard Site Data
Protection (SDP)
Program provides
acquirers and their
merchants with the
requirements,
guidelines, and tools
that improve their
overarching security
posture by identifying
vulnerabilities and
highlighting how to
greatly reduce the risk
of having cardholder
data compromised.
Payment card fraud continues to plague the airline
industry as fraudsters perpetuate scams leveraging
counterfeit card and card-not-present (CNP)
vulnerabilities. As non-face-to-face transactions
become more and more common, acquirers and their
merchants need to ensure that procedures are in place
to authenticate both the legitimacy of the payment cards
being used and the cardholder making the purchase.
Get to “Know” Your Customers
The first step in a robust CNP fraud prevention program
is to collect data on both the passengers traveling and
the cardholders making the transactions. This information
can include: Name, Address, Date of birth, E-mail address,
Phone number. Once the information is collected, it can
be cross-referenced with proprietary internal databases
and external sources to establish indicators that denote a
low- or high-risk exposure for each transaction.
Monitor for Suspicious
Transactions
Other indicators that can signal that an airline ticket
purchase may be at risk of fraud may include:
• The cardholder is not the actual traveler
• Phone calls or Internet Protocol (IP) addresses that are
not within close proximity to arrival or destination
airports
• The same card data is used to purchase multiple
tickets during the same time frame but to different
locations
• The ticket is purchased within a few days or hours of
the actual departure time
• The cardholder has been identied as making prior
fraudulent purchases
• The traveler does not appear on an airline’s frequent
flyer list
• Travel is booked for high-risk destinations
• A high-value ticket is purchased, typically rst-class or
business-class seats
In addition to creating a database to gauge
the risk exposure for passenger and third-
party payment card transactions, MasterCard
recommends using the Address Verification
Service (AVS), card validation code 2 (CVC 2),
and MasterCard® SecureCode™. These highly
effective cardholder verification resources
can make transactions more secure and help
reduce fraud.
Collaboration is the Key
One important element to addressing airline
industry payment fraud is the ongoing
collaboration of all members in the payment
value chain. Travel agents, third-party ticket
sellers, airlines, acquirers, and issuers should
establish methods for sharing appropriate
transaction information—in accordance with
the PCI DSS requirements—to help mitigate
fraudulent transactions.
One example of this type of collaboration is
Capital One’s Preferred Merchant Program.
Following up on its popular Merchant/Issuer
Fraud Forum, Capital One developed a
Preferred Merchant Program that allows issuers
and merchants to send each other alerts on
confirmed fraud. Through this program, issuers
and merchants can quickly take appropriate
actions necessary to prevent fraud from
occurring.
Since November 2010, Capital One estimates
that airlines participating in this program
have helped to prevent the sale of thousands
of dollars worth of fraudulent tickets. In
conclusion, safeguarding account data and
preventing fraud is a shared responsibility
across all stakeholders. Often times, merchants
in the airline and travel industries play an
important role as one of the first lines of
defense in that effort. Therefore, it is critical
that they have a solid understanding of
common tactics used by criminals to commit
fraud and leverage existing technologies to
help determine the difference between valid
and invalid payment card transactions.
©2012 MasterCard. Proprietary and Confidential. All rights reserved.
[If applicable, insert appropriate trademark attribution here. Consult your MasterCard Worldwide Law Department representative.]
CONTINUED FROM COVER
