The growth of online payments in the last two decades means that a vast amount of financial information, particularly payment card data, is stored on the Internet. Hackers can break into databases, download the payment card information and then sell it to buyers on the dark web. This stolen card data is then often used to buy airline tickets. This causes the airline industry to lose over $1 billion per year, as estimated by International Air Transport Association (IATA).
What makes airline related fraud more difficult to tackle is that it is often not a crime carried out in a single jurisdiction. One transaction can involve several countries, all with different police forces, legal priorities and rules of evidence. For example, a ticket can be bought for an Australian passenger with a US credit card using a Brazilian IP address for a flight from Cyprus to London on an Egyptian airline.
However, law enforcement agencies at the national level have become interested in fighting credit card fraud over the past decade because they increasingly are aware that card fraudsters are often involved in other, even more serious crimes, such as human trafficking, drug trafficking and terrorism. But law enforcement needed partners who could help them gather evidence, and so, in 2013 a pivotal partnership began to take hold.
Fighting crime together
With the transnational nature of these organized crime groups in mind, Europol – the EU law enforcement agency – launched a working group looking for synergies between different players and ways to bring both public and private sector interests together. The activities and behavior of fraudsters were studied until fraud patterns emerged and could be documented. Fraud reporting processes were standardized to ensure information was being shared effectively and legally. As result, a network of trust was created between all involved partners committed to fight against this kind of crime.
As well as the law enforcement agencies and travel companies, the wider fraud prevention community, card schemes and different industry associations played an important role in the first steps of this initiative. All of these groups were supported by FACT from Perseuss, the world’s largest shared fraudulent transactions database.
FACT is a tool created by Perseuss that enables merchants and issuing banks to alert each other in case of suspicious transactions and present confirmed fraud cases to law enforcement. FACT was originally designed specifically to facilitate the communication during Europol’s successful Global Airport Action Days. However, today the tool is now available for regular, everyday use by merchants and issuers.
Global Airport Action Days’s success
The first coordinated Day of Action (today called the Global Airport Action Days) against fraudsters was held in 2013. A command post at Europol’s headquarters in The Hague was jointly staffed by personnel from law enforcement agencies, payment card schemes and the travel industry. Information on live card fraud events was circulated to national police forces at airports around Europe. In the sting operation that followed, more than 100 fraudsters were arrested. During the follow-up investigations it was discovered that a high percentage of these individuals were also involved in other crimes including trafficking of people, drugs smuggling and illegal immigration. In many cases the secondary crimes were far more serious than the primary payment card fraud.
The co-operation didn’t stop there as the Global Airport Action Days have been taking place regularly since then. For example: between 18 and 22 June 2018, 226 airports, 61 countries, 69 airlines and 6 online travel agencies were involved in the 11th Global Airport Action Day. This resulted in over 330 suspicious transactions reported, 141 individual arrests and a number of larger investigations that were subsequently opened.
FACT makes secure communication possible
Both parties benefit when a merchant contacts a card issuer to verify a suspicious transaction.. However, a variety of issues arise in the regular set-up that impedes cooperation. For merchants it can be hard to identify who the issuer of a card is and which person to contact. Issuers can’t verify a merchant’s identity, often don’t receive the information they need to investigate a charge and are not allowed to provide a merchant with investigation information. All these problems make it challenging to build a solid case for law enforcement.
At the beginning of the co-operation between Europol and the different players, Perseuss enhanced its database in order to furnish users with an easy to use fraud reporting mechanism. It was called the “Day of Action Tool” and could be used by all parties involved to pool their knowledge.
This tool was completely redesigned in 2017 and received a new name,Fraudulent Activity Communication Tool or FACT for short. It enables direct, secure and card pre-authorization communication between e-commerce merchants and issuing banks world-wide, solving all the issues of the regular set-up.
How does FACT work?
First, a merchant reports a suspicious transaction and FACT adds information to the case based on statistical information from the Perseuss database. A confirmation request is send to the right bank, based on the BIN range. If the BIN range is not known in the system, the credit card scheme will forward the ?case to the right bank. Of course, it is also possible for an issuer to contact a merchant.
Next the bank will confirms if it’s fraud or not with a one-click in-mail or by logging onto an online platform. In 55% of the cases this will be done in less than 1 hour and 75% of the cases will be handled in less than 12 hours. It is important to note that account numbers are stored outside FACT in a PCI DSS secured environment, for the issuer to retrieve once a request has been received.
Last, the merchant will get the confirmation from the bank and can either block or accept the transaction. In case law enforcement is available in the region, both merchants and banks have the option of reporting confirmed fraud cases.
Today FACT can benefit everyone
False positives, chargebacks and settlement fees can all be prevented by using FACT. This will benefit not only the merchant, but also banks and cardholders.
From a small group of seven European airlines sharing experiences and data, to a huge global cross-sector community of merchants, Perseuss has developed into a platform for fraud intelligence. At the same time, our FACT system has grown from a tool used specifically for Global Airport Action Days to something for everyday use by airlines, issuers and other parties in the fight against payment fraud. At Perseuss, we truly believe in working together to create a united front against fraudsters.