Fraud in the Travel Industry: Q&A with Israel Mazin, CEO at Memcyco
The travel industry has experienced a sharp increase in fraud in recent years. According to the TransUnion 2024 State of Omnichannel Fraud Report, travel and leisure became the second highest industry for fraud globally in 2023, with around one in seven newly-created accounts being fraudulent, with a 13.5 percent rate of fraudulent account transactions. The rapid development of technology and the widespread availability of ready-to-use phishing tools has empowered bad actors to easily and frequently commit fraud, especially in the travel industry, which heavily relies on online transactions, loyalty programs, and the use of third-party websites.
Breaking Travel News spoke with Israel Mazin, Chairman and CEO at Memcyco, a real-time digital risk protection solution that protects companies from brand impersonation attacks and mitigates fraud attempts against their customers. Mazin shed light on the impact of fraud in the travel industry.
BTN: Online payment fraud is rising across all industries. How significantly is it impacting the travel sector?
IM: Online payment fraud is causing major disruptions in the travel sector. When you think about the nature of the industry, we’re talking about transactions that often involve substantial sums — whether it’s flights, hotel bookings, or package vacations. The high-value nature of these transactions makes travel platforms a lucrative target for fraudsters. At Memcyco, we’ve encountered numerous instances where fraudsters prey on the urgency and complexity of travel bookings. Customers are often booking last-minute flights or trying to secure the best deal, and this sense of urgency makes them more vulnerable to scams.
For example, I’ve seen cases where fraudsters used stolen credit cards to make large bookings on legitimate travel platforms. Once these fraudulent transactions are flagged, the companies are hit with chargebacks and fines, leading to significant revenue losses. And it’s not just about the money. There’s also the loss of consumer trust. If a customer gets scammed while booking a vacation, they’re not likely to come back. Travel platforms have to work twice as hard to regain that trust, which makes the real cost of fraud go far beyond the financial hit.
The travel industry, with its reliance on digital transactions, is in a delicate position. As fraud rates continue to climb, companies that don’t implement proactive security measures will find themselves increasingly vulnerable.
BTN: What makes the travel industry particularly vulnerable to fraud?
IM: The travel industry is uniquely exposed to fraud because of its inherent structure. First, it’s global. Transactions are made across different countries, currencies, and time zones, which naturally adds complexity. With multiple intermediaries involved — booking platforms, payment processors, airlines, hotels — the opportunities for fraud multiply. Fraudsters take advantage of these weak points, targeting third-party systems that might not be as secure as the primary platforms. In one instance, I worked with a company that experienced significant fraud losses because a third-party vendor they relied on for customer bookings wasn’t adequately protected.
Another key factor is the urgency that comes with travel bookings. Consumers often feel pressured to make quick decisions to secure a deal, and fraudsters exploit that urgency. They create fake booking websites or launch phishing attacks, impersonating well-known travel brands, and catching customers off-guard. With customers rushing to book a trip before prices rise or deals expire, many don’t take the time to verify the authenticity of the website they’re using. This makes them easy targets for phishing schemes or fraudulent bookings.
Additionally, the seasonality of travel makes it particularly attractive to fraudsters. During peak times like holidays, when transaction volumes surge, it becomes harder for companies to identify fraudulent activity in the flood of legitimate transactions. Fraudsters know this and take full advantage of the chaos.
BTN: What are the different types of fraud affecting the travel industry?
IM: The types of fraud that affect the travel industry are as diverse as they are damaging. One of the most prevalent forms is payment fraud, where fraudsters use stolen credit card details to make bookings. This often leads to chargebacks and revenue losses for travel platforms, and in some cases, companies can even face penalties from payment processors for repeated incidents. I remember a case where a travel agency faced hundreds of thousands of dollars in chargebacks due to fraudulent bookings made with stolen credit cards.
Another common type of fraud is based on phishing. Fraudsters create fake travel booking websites or send phishing emails that closely resemble legitimate brands. Customers unknowingly enter their credentials or payment information, believing they are on a trusted site, only to have their data stolen. The level of sophistication in these phishing attacks is astonishing. At Memcyco, we’ve seen cloned sites that look almost identical to the real thing, tricking even the most cautious users.
We’re also seeing an increase in account takeover (ATO) fraud. Fraudsters gain access to user accounts, often through stolen credentials, and use them to make fraudulent bookings or redeem loyalty points. These accounts often store payment details or valuable rewards, making them a prime target for attackers. Finally, there’s the issue of fake travel agencies. These scammers set up fraudulent websites that lure customers in with promises of incredibly low prices. Once the payment is made, the customer discovers the travel service doesn’t exist, but by then, it’s too late.
Each of these fraud types presents a unique challenge to travel companies, and addressing them requires a comprehensive, multi-layered security approach.
BTN: What are the techniques fraudsters use to evade cyber protections and access their victims’ online accounts?
IM: Fraudsters are always finding new ways to outsmart cybersecurity measures, and the travel sector is no exception. One of the most widespread techniques is phishing. These attacks have become incredibly sophisticated, with fraudsters creating emails or fake booking sites that are virtually indistinguishable from legitimate platforms. In fact, I’ve seen phishing attacks that use perfect clones of popular travel booking websites, tricking users into handing over their login details or credit card information. It’s no wonder phishing remains such an effective tactic — fraudsters know how to mimic trust.
Another method we’re seeing more of is credential stuffing. This technique involves using stolen usernames and passwords, often acquired on the darknet from unrelated data breaches, to try and log into user accounts on travel platforms. Many consumers still use the same password across multiple sites, which means once fraudsters get hold of credentials from one breach, they can use them to access accounts on other platforms. At Memcyco, we’ve helped companies detect and mitigate this type of attack by recognizing suspicious login attempts before they can cause real damage.
Man-in-the-middle attacks are also a growing threat. In these attacks, fraudsters intercept communications between users and travel platforms, stealing sensitive information like login credentials or payment data in real-time. With the rise in mobile bookings, we’ve also seen an increase in mobile malware, where attackers embed malicious code in fake apps or downloads, siphoning off customer data without them realizing it. The techniques are varied, but the goal is always the same: bypass security measures and exploit any weakness they can find.
BTN: From your experience, what is the travel sector’s attitude towards cybersecurity issues? And where do regulations come into play?
IM: In my experience, the travel sector seems overwhelmed by the sheer scale of fraud, particularly when it comes to impersonation and online payment scams. It often feels like many companies are almost giving up on the fight against fraud, especially when you see the high volume of Booking.com and Airbnb impersonation scams. The truth is, fraudsters have become incredibly sophisticated, and unfortunately, consumers are the ones left to deal with the consequences. Travel companies are not adequately equipped with the solutions necessary to fully protect their customers.
The regulatory environment hasn’t been strong enough to push the industry to implement real solutions. Regulations like PCI DSS and GDPR have helped improve data protection standards, but enforcement is often weak, and companies aren’t consistently held liable when their customers fall victim to fraud. This lack of accountability has led to a situation where the industry is reactive rather than proactive. Customers rarely receive compensation, and companies aren’t feeling the pressure to step up.
That said, I think this situation presents a significant opportunity for disruption. The rise in travel-related fraud is creating a demand for stronger, more effective cybersecurity solutions — particularly those that offer real-time detection, protection and response. Companies like Memcyco, which provide real-time visibility into impersonation attempts and immediate action when attacks happen, can make a big difference in turning the tide on travel fraud. We’re at a tipping point where both technological innovation and stronger regulation will be crucial in protecting both companies and consumers from fraud.
BTN: What can vendors in the travel sector do to prevent fraud and keep their customers safe online?
IM: One of the biggest threats to the travel industry today is digital impersonation — fraudsters setting up cloned booking platforms or spoofing customer service sites to deceive travelers. At Memcyco, we’ve seen how damaging these attacks can be, and that’s why real-time action is essential. Our technology offers real-time visibility, which means travel companies can see these impersonation attempts as they happen and act immediately to stop them. This level of protection isn’t just about detecting fraud; it’s about preventing it from escalating into a problem that impacts customers.
Of course, digital impersonation is just one part of the puzzle. Vendors also need to focus on enhancing authentication methods, such as implementing multi-factor authentication (MFA) to prevent account takeovers. I’ve also seen companies successfully use AI-driven fraud detection systems to monitor for suspicious activity, like unusual login locations or repeated booking attempts, which can help flag potential fraud early on. Securing payment transactions through encryption and tokenization is also a good way to prevent sensitive customer data from being intercepted or stolen.
But the key here is combining these broader strategies with real-time detection and response capabilities. Without visibility into threats as they happen, vendors are always playing catch-up. With Memcyco, for example, we’ve been able to help vendors shut down impersonation attacks before they cause harm, giving both the companies and their customers peace of mind. The bottom line is that the industry needs to be proactive, not reactive, in its approach to fighting fraud.