Written By: Doug Nass, Manager – Risk Management, ARC
Fraud can be disastrous to a travel agency. But there are numerous ways that travel agents can protect their businesses from financial harm by identifying and stopping fraud before it happens.
ARC’s risk management team monitors the latest fraud schemes and educates travel agencies on how to detect and prevent fraud. Here are our recommendations for protecting your agency from insidious fraudsters.
1. Trust, but verify. As a travel agent, you likely enjoy creating a positive experience for a customer, solving problems and planning travel. So, when a fraudster (disguised as a new customer) calls with an urgent request — such as an emergency, work responsibilities, family or medical needs — take a moment and conduct some research before booking any travel. Your customer service instinct may tell you to work as quickly as possible to find a solution, but pause first to verify your customer’s information before booking anything.
2. Determine the customer’s location. Ask yourself whether the customer’s requested flight origin and destination make sense for your agency. If your agency is located in Montana, and the customer requests a flight from New York to Accra, this is a potential red flag, as there are numerous New York travel agencies the customer could have contacted instead.
Agents can also search the customer’s mailing address on Google Maps using Street View. If the address appears to be in an unusual location, such as an empty lot or a warehouse, this can also be cause for concern.
3. Trace the phone number. By using websites such as whocallsme.com and whitepages.com you can conduct a reverse phone lookup to determine the number’s registered location. If a number is designated as VOIP (voice over internet protocol), this could be a red flag. Note that VOIP numbers are becoming increasingly common, so this alone does not necessarily indicate fraud, but keep it in mind if you see this in combination with other red flags.
4. Know your corporate travelers. Fraudsters do their research. Especially when targeting larger agencies or travel management companies (TMCs), fraudsters can research your clients and pose as an employee from that company. It’s important to know your corporate travelers well: To what cities does the corporation typically send its business travelers? What is the company’s official email domain? Who is your go-to contact at the company to verify a request? Knowing each company’s travel booking habits will help you to quickly recognize any unusual behavior.
5. Double-check the email address. Free email domains such as Gmail, Yahoo or Outlook are commonly used by fraudsters, but customized email domains can indicate risk, as well.
For corporate clients, double-check that the email address domain matches the company domain. Fraudsters may create spoof email addresses that resemble the company’s domain name (e.g. a corporate traveler may have the email address [email protected], but a fraudster may create deceptively similar addresses like [email protected] or [email protected]). When in doubt, email a trusted contact at the company to confirm the validity of an email address.
In one recent fraud attempt, a fraudster impersonated a university employee connected to a TMC. The fraudster emailed the travel agent from an outlook.com email address, but included both the outlook.com address and the university (.edu) email address in the signature block. Always reply to the official company email address (in this case, reply to the .edu email address, not the outlook.com address).
6. Take note of personal details. Fraudsters often take on a persona that appears credible in order to gain an agent’s trust. They may claim to be a doctor or have another socially respectable profession, or they may note a religious or philanthropic affiliation. They may claim to be booking travel for missionaries, volunteers or medical outreach.
7. Meet in person whenever possible. Generally, fraudsters are not local; they’re likely working from another country. Therefore, when you suspect fraud, ask the individual to meet you in person to submit payment and travel documents. In many cases, the fraudster will hang up. However, they may ask you to book the ticket, and follow up with “I’ll come by your agency tomorrow.” Do not book the ticket until you have established the customer’s credibility.
8. Examine documentation carefully. Fraudsters may be convincing in many circumstances, but they can make mistakes. If you receive a scanned copy of a passport, driver’s license or credit card, check the details and fine print. You may see things such as poorly manipulated ID photos, misspellings, or dummy text on the back of a credit card that reads something like “This card is issued by (Full User Name).”
9. Check the customer profile. In the “straw purchase” scheme, fraudsters buy an unassuming ticket in order to establish a relationship with a travel agency. They then call back to make fraudulent purchases later — even within hours or days. Because the fraudster already has a customer profile established with the agency, they are more likely to be trusted. Always check the date on a customer’s profile to determine how long they’ve been doing business with your agency.
10. Know when to end the conversation. If you see multiple red flags, or if your gut tells you a customer is attempting to perpetrate fraud, be prepared to end the conversation and walk away. One way to do this is to say, “Our agency’s policy is that new customers have to come into the office before we issue the ticket.” Usually, this will end the conversation. Otherwise, it’s perfectly fine to say something like, “I’m sorry, but our agency will not be able to assist you with this purchase.”
Fraud is widespread, but by being attentive to customer details and conducting some background research, you can protect your agency. To stay in the loop on the latest fraud schemes in the industry, as well as access tips, tools, fraud alerts and more, visit ARC’s fraud prevention resource page.
If you suspect fraud, ARC is here to help. Contact our risk management team at [email protected].