CREDIT card fraud is
on the rise and with
syndicates targeting
travel companies, agents
must ensure they are ready to
detect irregularities.
According to Kroll’s Global
Fraud Report for 2015/16,
84% of companies in Africa
have been hit by fraud, a
substantial number of which
are travel companies, says
Christo Snyman, national
director of forensic services
at Mazars.
There are a number of
different ways that fraudsters
steal credit card details.
There seems to be an
increase in “card not present”
fraud, comments Tshipi
Alexander, head of Nedbank
corporate card sales.
“Fraud has never been more
prevalent,” says Rachael
Penaluna, business manager
of Sure Maritime Travel. As
such, agents are stuck in a
Catch 22, she says. To avoid
having clients on 30-day
accounts, agents need to
encourage them to use credit
cards.
She says her agency’s policy
is not to use its clients’ or
its own credit card details
on websites, even highly
reputable ones like Booking.
com. Rachael describes
an incident in which Sure
Maritime was hit by fraud
on one of its lodge cards,
saying that the agency had
effectively used the new card
for one booking when a week
later multiple transactions
were processed on the card.
A forensics expert traced the
point at which the credit card
details were compromised
back to Booking.com.
In response, Booking.com
says it handles credit card
details and all private
customer data in accordance
with the highest international
standards. It says it is 100%
compliant with Payment
Card Industry Data Security
Standard and undergoes an
annual recertification via a
reputable third-party industry
regulator.
Rachael says in every
fraud case her agency has
experienced, it has not been
liable. Once the transaction
has been reported as fraud,
the case is left with the
issuing bank, which will credit
the client’s account with the
disputed amount.
She believes that, ultimately,
credit card details are
not safe beyond the GDS
because when bookings
are made via websites, the
supplier involved will need to
see the card details as the
same card must be produced
at the time of checking in. As
such, there’s no telling who
will see those credit card
details.
Remaining vigilant
Vigilance in detecting
transactions that are not
above board is key. Christo
says if the credit card
transaction takes place in an
unsecure online environment,
the merchant (supplier) is at
risk because it must follow
proper card acceptance
procedures. He says if the
transaction took place in a
“3-D secure environment”
where the cardholder has
registered with the issuing
bank and the merchant with
its acquiring bank, then the
transaction is considered
secure by the bank, which
will absorb the risk. However,
failing this, the merchant
must provide proof that the
card was present at the time
of transaction, evidence of
which would include the card
having been swiped and
authenticated by signature.
“If any of these things are
missing it is the merchant
who takes the risk,” says
Christo. He advises agents to
contact their bank for advice
on how to ensure they are
protected.
Rachael says agents must
monitor their clients’ lodge
card statements so they can
detect “dodgy” transactions
quickly and have them
reported to the issuing bank.
Christo says agents should
ask the bank in question
to ensure that only travel
purchases are permitted
on the card. “If cards are
compromised, this generally
reflects through purchases at
places like Edgars,” he says.
When it comes to clients
who use their own cards,
Rachael says agents must
protect themselves by asking
their clients not to use their
lodge cards for anything other
than travel. She says agents
need to educate their clients
that agents cannot be held
responsible for incidents of
fraud where the card has
been used for transactions
outside travel.
Though it is not the agent
or client who absorbs the
risk, Jacqui Abrahams, travel
manager of Accenture, says
in cases where individual
cards are used, it will fall to
the traveller to change their
credit card details if they are
hit by fraud. “The problem for
the corporate comes when
travellers start saying they
will no longer use individual
cards because they’ve been
burdened with the admin
involved.”
Ultimately, Rachael believes
that virtual credit cards are
the only true way to avoid
credit card fraud.
Tshipi says while virtual card
payment cannot eliminate
fraud entirely, it can restrict
the amount that is defrauded
to the amount of a once-off
transaction, after which the
card number expires.
“Where we also see this
going is by making sure that
data is securely passed
between the TMC and the
bank,” says Tshipi. From
the moment that card is
produced, the details go into
the TMC’s back office without
any human intervention.”
