Detecting loyalty fraud among frequent flyers

19th November, 2014

When fraud is mentioned, our minds usually jump to a few well-known categories: identity fraud, mail fraud, credit card fraud, etc. But new kinds of fraud are emerging all the time. In this post we take a closer look at loyalty fraud.

What is loyalty fraud?

Loyalty fraud is when programs run by organizations to encourage brand loyalty are abused or manipulated for unfair gain.

It can range from friends sharing supermarket reward cards, to insiders manipulating computer systems to reallocate air miles. Loyalty fraud is a real crime that is costing organizations, but it has been largely ignored by technology vendors.

So, how big is the problem?

Some numbers:

  • $48bn of loyalty credit is sitting unclaimed.
  • Fraudsters have exploited 72% of airline frequent flyer programs.
  • It’s estimated 80% of frequent flyer fraud is discovered by accident.

How does it happen?

Broadly, there are three ways loyalty fraud happens:

  • The insider threat – when a member of staff charges their own account with customer credit or manipulates IT systems to collect credit. One IT analyst at a UK supermarket managed to fraudulently collect millions of points before being detected.
  • Organized crime – criminals use well-known phishing methods, or other forms of social engineering, to collect the information required to empty loyalty accounts. Often these are cashed in for goods or tickets that can be sold on to unsuspecting individuals.
  • Customer fraud – when customers share or pool loyalty credits against the terms of their scheme, or simply break the rules to gain more points than they are entitled to – for example, claiming air miles twice for a shared-revenue ticket.

And here’s the real kicker: the customers most likely to be affected by loyalty fraud – either as victims, or mis-identified as offenders – are those with the most credit and the highest levels of account activity: in other words, your best and most loyal customers.

How can we tackle loyalty fraud?

Fraud detection is a complex problem. Most transactions are genuine, so a process to find the small percentage that is fraudulent requires a robust and large-scale approach to data analysis.

That said, with the right technology and approach to data modeling, it becomes much simpler to recognize signs of loyalty fraud.

Loyalty fraud as a graph visualization problem

Fraud almost always involves the fabrication of a link – between an individual, a transaction, an account, etc., so it makes sense to model data in a way that emphasizes those links.

Using graph visualization, we could find indications of fraud, including:

Unrecognized devices
This is especially telling if changing account details are changed or large transactions performed from a new device.

Small transactions followed by larger ones
This can be a sign of testing the waters before trying to cash in a large number of credits.

Account access from multiple locations
A tough criterion to check for a frequent flyer program (you expect customers to move around!) but if a customer is accessing their account from Mumbai and London within an hour of each other, it should raise a flag.

Buying tickets with multiple names
Or changing the name on a ticket purchased with points. Often fraudsters will sell ill-gotten airline tickets using online message boards or auction sites, changing the name afterwards.

Unusual access patterns to the customer loyalty database
If a staff member is manipulating the system, you should be able to find evidence in server logs.

Repeated unsuccessful login attempts to the rewards website
This could be individuals or phishers trying to crack an account.

See the big picture

Using some mock data for a Frequent Flyer program, we built an application for visualizing and detecting cases of loyalty fraud.

There are three entities we’re interested in:

Accounts

  • Account ID

Transactions

  • Transaction time
  • Transaction value
  • Transaction IP

Tickets

  • Ticket ID
  • Ticket departure airport
  • Ticket arrival airport

Which we can map to the following data model:

loyalty fraud - frequent flyer - data model

When we take data from a ‘clean’ account and apply this model, this is the sort of structure we see:

Non-fraud overview

What does this show?

The time bar here is showing two metrics: the grey histogram is the volume of transactions (both credits and debits), the red series link is the value of debits from the account.

The flow of transactions is steady, the value of debits is unsuspicious: two small debits in February and June, a larger one in December.

In the chart, we can see this account always travels from London Heathrow to busy business hub airports – Paris, New York, Frankfurt.

So far, so uneventful.

Frequent Flyer Fraud

Fraud - overview

Just a quick glance shows that this account doesn’t match the norm.

Firstly, take a look at the spike of transactions in October. If we zoom in, the majority of them took place on one day in under 20 minutes, including two small transactions in quick succession followed by 6 much larger ones:

Fraud 4-15 to 4-35

We can also see two IP addresses at play here. The first one associated with four tickets between LAX and PDX, as well as a steady stream of credits:

Fraud - a normal trip

The second IP was used to purchase 8 tickets, mostly for journeys outside of the US:

Fraud overview - foreign IP

Clearly this is just a simple example using a small amount of synthesized data, but it shows the potential.

When looking at large volumes of fraud data, and it’s often the connections that tell the story. Using graph analysis and visualization techniques, hidden details and insight can be uncovered, allowing for security and process loopholes to be detected and individuals to be prosecuted.

Despite the significant potential for financial loss and reputation damage, loyalty fraud remains an area of low priority for fraud technology vendors.

To find out more about how KeyLines can be used to help companies detect fraud and reduce financial losses, get in touch or download our white paper about fraud network visualization:

Download the White Paper

Read more blog posts about Use Cases.