Of all the technology aspects I see working with airline websites and call centres, payments would have to be the least appreciated. Everyone almost always underestimates the complexities, and then discovers closer to implementation how much work needs to be done. Combine this with some very scary things I have seen on customer site visits, such a plain text storing of CVV (3 digit security code on the back of the credit card) within a customer’s profile in a frequent flyer database, and you have an issue that demands much more respect than it curently receives.
Mark Prince, Head of Consulting for Security, Voice and Convergence at Sita, said: “The level of importance given to compliance by these airline IT Security professionals is encouraging but more can be done. Key compliance initiatives such as PCI DSS and ISO27001 are both relevant and time-sensitive. The major payment brands have all issued compliance deadlines for PCI DSS regarding data storage and validation procedures. Visa, for example, has set these at September 2009 and 2010, respectively, dates to which the global airline industry must pay attention.”
Apart from PCI compliance, online fraud is another aspect many airlines struggle to keep on top of.
Another similar technology is used by the top five banks in the US as well as 120 e-commerce companies, US Airways and Continental Airline. This fraud prevention suite does not effectively tag users’ computers, however it stores information (such as time zone, language, browser type, flash ID, cookie ID and IP address) regarding individual users’ computers. It does this in order to query a degree of probability which tells it whether the computer accessing the bank’s online portal belongs to the person whose online account is being accessed.
Fraud scoring is obviously a big area; I’ve known of Retail Decisions for a number of years, and I’m aware that Bibit have a fraud scoring module, but recently I’ve heard that Merchant Connect and Pagos Online are claiming to offer airlines some functionality to help reduce fraud. I was also talking recently to a couple of guys from Accertify who operate in this area, and I’ve see another company called 41st Parameter getting into this space and making a surprising claim:
Additional protection is also provided to an airline’s most valuable customers, frequent flier program members by securing passenger’s accrued miles from unfamiliar device access and account takeover.
I’d never even thought of that as being a problem, and I’m not sure why you would need an external company to help you in this area. Unfortunately I didn’t get a chance to talk to David Britton, Senior Vice President of Product Management for 41st Parameter when we were at the same conference recently, but if anyone has any particular insight into this particular claim (and the extent of the problem) then feel free to leave a comment.
But no doubt about it, payments is only getting more important in the airline direct sales channel. From this story you can see Bill Me Later making inroads into the airline payments business. Both Bill Me Later and Paypal have been working with UATP to become more accepted by airlines. I’ve been asked more than once about POLi, and I’ve also set up a system to facilitate offline payment via a major department store chain for online created PNRs at one LATAM carrier. And then I can’t remember the amount of times I’ve been asked about dynamic currency conversion or 3D Secure. I’ve looked at many different internet banking models used by various airlines to reduce card acceptance costs, I’ve sat through countless workshops with airlines where payments has been the main or the only item on the agenda, and despite all of this experience, payments is the one area where no matter how involved I get, I always find there is still so much more I am yet to learn. Once I do start feeling a little more comfortable, either standards change, a new regulation or industry mandate is introduced, or some new technology comes along to try and claim previous methods are now obsolete. I made reference recently to the quote saying anyone working in airlines with distribution in their job title found their job similar to drinking from a fire hydrant, but I’d say this applies equally to anyone whose job it is in the airline to keep abreast of credit card acceptance, online fraud and related issues.
All in all, payments is not really the business I go chasing, but more and more it seems to come chasing after me.