A return to normality for travellers will make them targets for hackers

by Andy Still, CTO, Netacea


When are we returning to normal again? It’s hard to predict—and perhaps not advisable, given how many premature predictions of normality we’ve seen in the last year. At the time of writing the efficacy of vaccines is cause for hope, but the exact timeline for the reopening of borders and airlines flying again is unknown. One prediction, made by Tim Harford in the Financial Times, is that things will get better gradually, then suddenly. That is, we will get gradual good news for a long time, but the exact day, week, or month that we can say things are approaching normality will be incredibly difficult to predict.

One thing is for sure, once people are able to go on holiday, demand will be high. People will want the holidays that have been denied to them for so long. A struggling travel industry knows that it just needs to hold out until such time as restrictions are lifted—when the demand for vacations will be immense. But this also means that hackers, who have turned their attention away from the travel industry while it’s been quiet, will also be making plans.


Loyalty points as a dark web currency

Stealing from banks is not simple. Whether you’re going in through the front door to rob the safe, or trying to steal from customers’ accounts, security is tight. Financial services providers are heavily regulated and have a great deal of experience in keeping their customers’ money safe. Plus, they have the advantage of customer expectations. We want our bank accounts to be safe and so extra authentication methods that make any transaction slightly more difficult are acceptable—in fact, they’re often welcome.

A cybercriminal looking to steal money from bank accounts has their work cut out. It’s difficult to do and dangerous—any successful theft is likely to be followed by a forensic investigation. No bank wants to get a reputation as being a “soft touch”.

But what if there was something easier to hack? What if there were accounts that most people didn’t check every day, containing something just as valuable as money, that can be traded and exchanged for goods, but without the danger of stealing from a bank account? Loyalty points, especially travel points, have become a dark web currency. Accounts can be stolen, traded, and used to buy flights and hotel stays long before the original owner knows anything about it.

The problem is that we simply don’t treat loyalty points as being as valuable as money. We don’t demand the same level of security and therefore will not put up with the same level of inconvenience when accessing these accounts. Travel businesses have a choice. They can make these accounts as secure as possible, or risk business going elsewhere when a customer finds the login process too arduous.


The risks of a return to normal business

Hackers, like anyone else, take the route of least resistance. When certain sectors start to push back against their activity, they will look elsewhere for easy pickings. The travel industry, having been in the doldrums for most of the pandemic, has not been a prime target for hackers—there’s little value in a currency that cannot be used. But a return to normal trading will also mean a return to being a target for hackers.

A year can be a long time in hacking. That’s a whole year of leaked combo lists that are now available—lists of stolen usernames and passwords that can be checked for validity on other sites. The tendency for people to reuse passwords means that a criminal can buy a combo list and check these passwords for validity on other sites. This is an impossible task to do manually, but bots can make it simple. Hundreds of passwords can be checked every minute, making it possible to take over accounts and either drain them of loyalty points or sell them on.

The amounts held in these accounts are often much higher than many realise. Air Miles and similar accounts can be worth thousands or even tens of thousands of dollars, and it’s all up for grabs for those who know how. This often results in the travel business paying for the stolen points twice—the points are stolen and used by someone in exchange for expensive services, and the customer will often demand the points are refunded, or it may be prudent to do so in order to keep the customer’s loyalty.

How serious is this threat? On average, at least 50% of web traffic is generated by bots, and 9 out of 10 login attempts are made by malicious bots. Around 80% of travel businesses are worried that attacks on their business will harm their reputation and lead to losing customers. They could be right, but they may be looking for threats in the wrong place. Travel businesses need to take this threat as seriously as a bank would treat the theft of funds—protecting their loyalty schemes, their customers, and ultimately their profitability.

Andy Still

Andy is a pioneer of digital performance for online systems. As Chief Technology Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients. Andy has authored several books on computing and web performance, application development and non-human web traffic.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...