Do privacy laws encourage travel fraud?

Travel fraud is a lucrative global hustle: Criminals use stolen credit card data to book airline trips, then resell the tickets to consumers at enticing discounts via fake travel agencies or duplicitous listings on sites like Craigslist. Travel agencies say concerns about privacy rules here make Canada an easy target.airline-fraud

"Globally, fraudsters are continuously on the lookout for the latest weakest link," says Jan-Jaap Kramer, president of Travel FraudGuard, an anti-fraud consulting firm.

The problem creates expense and hassles for consumers and the travel industry. After identifying ticket transactions made with stolen card data, credit card companies levy chargebacks against the airline or travel agency that processed the fraudulent airline ticket purchases. Airlines and travel agencies then have to raise ticket prices so they can recoup their financial losses from those chargebacks.

At the airport check-in counter, consumers found with illegitimate tickets usually have to repay their airfares. This applies even if ticketholders knew nothing about the criminal credit card purchases.

Wariness opens loophole
Criminals rely on a system of trial and error to perpetrate travel fraud. When they try to book a ticket using stolen card details, the targeted online system may recognize the scammer's email address from a prior bad transaction. Alerted, the ticket order site then blocks the purchase. But after a few failed attempts, criminals simply move on and try other websites until they find one that allows the illegal ticket sale -- often from the same travel agency or airline that rejected the original order.

Kramer says travel agencies and airlines around the world are reluctant to question suspicious ticket orders for flights to and from Canada, fearing rigid consumer protections embedded in Canadian privacy legislation.

"This would not happen if travel industry players freely shared negative data for the purpose of preventing crime," says Kramer. "Airlines and travel agents are all hit by fraud and most of them interpret Canadian privacy laws protecting customer data profiles such that they don't dare to share fraud data with each other."

Kramer also maintains that, in jurisdictions outside Canada, it's much easier for businesses to collaborate.

"Because [foreign] airlines and travel agencies are ahead of their Canadian counterparts, they are better protected, making Canada the weak spot," says Kramer. "If fraudsters cannot book on European or American airlines, they'll happily attack Canadian airlines flying the same routes."

Legal solution halted
The privacy law in question is the Personal Information Protection and Electronic Documents Act (PIPEDA).

"PIPEDA sets out the ground rules for how personal information may be collected, used and disclosed in the course of commercial activities," says Valerie Lawton, senior communications adviser with the Office of the Privacy Commissioner of Canada (OPC).

She says the office is aware of the fraud problems linked to the law and the government proposed a PIPEDA legislative amendment to allow disclosure of personal information to organizations when necessary to prevent, detect or suppress fraud.

"That proposal was included in Bill C-12, which died on the Order Paper when Parliament was prorogued last fall," explains Lawton. "That bill has not been reintroduced."

Lawton emphasizes that the scope of the Privacy Commissioner's role is to provide advice and views on privacy issues. Canadian Parliament is responsible for enacting the actual privacy laws.

Industry continues battle
The travel industry is working on ways to mitigate the fraud danger on its own. Air travel represents the majority of illegitimate credit card purchases that travel retailer Flight Centre Canada processes, according to Allison Wallace, the company's media and communications manager. Wallace notes that most airline ticket crimes arise from foreign bookings, although there has been some criminal activity within Canada.

She says Flight Centre's risk department has actually seen a decrease in chargebacks due to stringent steps it's taken to verify cardholder credentials before accepting a booking.

An industry working group met in January to address the issue. It's drawing up a list of questions for the OPC seeking to clarify how Canada's privacy laws should be interpreted in light of growing airline ticket crimes.

See related: How to stop cyber crooks in their tracks; Expert Q&A: Are mobile payments safe for consumers? 
Published January 17, 2014

Most recent All credit card news Stories