Top 3 Security Problems Facing the Travel Industry

Posted by Nadya Sustache on

The travel industry is a big business. Websites like Airbnb, Kayak, and Expedia make booking and buying travel easier than ever. Unfortunately, the growing popularity of online travel also makes it a prime target for cybercriminals.


Travel data is rich and typically not very well protected against phishing emails, fake booking sites, and malware that put customers’ personal and financial information at risk. While travel companies spend large amounts of money to attract customers, they aren’t doing enough to protect them. Let’s take a closer look at the top three security problems facing the travel industry today.

1. Rich personal data
Travel websites collect a variety of personal information, including customer names, birth dates, addresses, telephone numbers, emails, and payment methods. This data can fetch about the same price in the criminal underground as data from dating and employment websites.

Hal Pomeranz, founder of computer forensic firm Deer Run Associates says, “In some sense, reward program websites are a ‘one-stop shop’ for criminals… All of this information has value and can be converted to cash in the underground economy.”

2. Relaxed authentication
Many online travel and loyalty websites do not have strict security measures implemented. reviewed 10 frequent flier and 17 hotel loyalty websites and found that half relied on a four-digit PIN or a password with six characters or less. Only a third provided two-factor authentication such as challenge questions or verification codes sent to the account holder’s smartphone—a service that is becoming more common with financial accounts.

To make matters worse, many consumers re-use the same username/password combination. Fraudsters hacking one account can then try those login credentials on all travel accounts belonging to the member. Aite Group’s July 2014 report Merchants and Cybercriminals Duke It Out: No Signs of Slowing estimates that Americans maintain on average from 15 to 20 usernames and passwords, and that 55 percent of users apply the same login credential combination on all accounts.

3. Anonymity of reward points
Loyalty programs that award reward points are valued by customers. They build trust over time and accumulate points that become the equivalent of currency. Fraudsters are keen to cash in on that brand loyalty. They steal valuable points that can be redeemed for gift cards at and at other locations that convert points to cash—which can  make it very difficult to trace digitally.

Security expert Brian Krebs found plenty of malicious sellers on the black market selling hijacked Hilton points for a fraction of their value. Many other programs have been compromised, including American, United, and Lufthansa airlines.

Being proactive when it comes to email security will help protect your customers, your brand, and your bottom line. There’s no silver bullet solution that will work for all businesses. A tailored, comprehensive approach is the best way to arm yourself against cybercriminals hungry to do harm. A necessary pillar of that solution is working with a partner that can help you identify attacks on your brand in real time.

Want to learn more about how travel companies can protect their brand and their customers from cybercriminals? Check out The Travel Guide to Email Fraud.

Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About Nadya Sustache

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.