Fraud Alert

Social Engineering

Never give your agency code number, GDS login ID or password to a caller!

A fraudster, posing as a representative from a GDS or ARC, calls or emails an agent stating that there is a problem or error. The caller then asks for the agent's GDS credentials or agency code number in order to help get the issue resolved. This type of fraud is known as social engineering.

There may be a legitimate reason for someone to ask for your information, but never a valid reason to ask for both a login ID and password. If you ever feel uncomfortable about providing information, advise the caller that you will call the valid phone number to answer any appropriate questions.

How to Identify and Prevent Fraudulent Ticketing

  • Review ticketing through your GDS throughout the day... including weekends and holidays. Check with your GDS to determine how to easily list daily ticketing.
  • Review bookings daily... including weekends and holidays.
  • Look for red flags like high-dollar tickets, international cash (sometimes credit) sales, and itineraries including destinations in Africa (commonly ABJ or CMN).
  • If your bookings regularly include high-dollar tickets to and from ABJ or CMN, review for known passenger names.
  • If your GDS has the ability to do so, you may want to consider turning off ticketing after hours or on weekends, and restricting specific carriers, airports, and forms of payment, in order to meet your business and security needs.

Because fraudulent tickets are issued for immediate use, time is critical.

  • If you identify unauthorized ticketing or access, or attempted access, immediately attempt to void such tickets and cancel bookings through the GDS. If a ticket cannot be voided, contact the carrier and advise them of the fraud.
  • Deactivate the compromised GDS login ID and change the password.
  • File a report with local law enforcement.
  • Document your actions.
  • Refer to ARC's instructions at https://www.arccorp.com/support/fraud-prevention.jsp
  • Report any suspicious emails and activity to ARC at fifp@arccorp.com and to your GDS help desk.

Provide contact information for 24/7 emergency notifications.

  • If ARC identifies a possible unauthorized ticket(s), they will attempt to confirm it with the travel agency. Since many of these incidents occur on weekends, overnight or on holidays, it can be difficult and time-consuming to find valid after-hours telephone numbers.
  • Consider putting emergency contact information on your website or voicemail, or forward your work number to a home or mobile number during off-hours.
  • Confirm or update your information with your GDS.

Develop or update your agency's information security policy.

Consider using a layered approach to security:

  • Use and monitor a firewall.
  • Regularly use active and updated malware, spyware and virus protection.
  • Update your operating systems with current security updates.
  • Update applications with all current security patches.
  • Enable anti-phishing ability through your browser.
  • Mandate complex passwords (e.g., upper/lower case letters, symbols and numbers, no proper names, initials, words, etc.).
  • Secure your network to prevent unauthorized access to proprietary and sensitive information including names, addresses, dates of birth, and credit card information. As a starting place, research the following websites:

CIS http://cisecurity.org/
SANS http://www.sans.org/
NIST http://csrc.nist.gov/

Develop or update your agency's policy for GDS access.

  • Disable employee accounts upon termination of employment.
  • Perform an annual audit of active user accounts and make adjustments as necessary.
  • Restrict a GDS user's level of access to only necessary privilege. For example, cruise-only agents may only need access to view or book only.
  • Require complex passwords.
  • Require password changes more frequently than every 90 days.

Take advantage of training and advisories.

  • Fraud alerts are sent by email, posted on websites and on social media sites, and are provided by ARC, the GDSs and other industry experts. https://www.arccorp.com/support/fraud-prevention.jsp
  • Share information with anyone who has access to a GDS.
  • Follow ARC on Facebook and Twitter to receive fraud related messages from ARC.
  • Fraud prevention training is often provided by ARC, the GDSs, and industry groups through webinars and seminars; check individual websites for more information, and urge your employees to take advantage of these offerings. https://www.arccorp.com/support/fraud-prevention.jsp

In Summary

We cannot guarantee that the implementation of these proposed preventive measures will serve to eliminate ticketing fraud. However, it has been our experience that agents who have taken the steps provided have realized the benefits of enhanced security and an educated staff able to recognize attempts to obtain unauthorized access to tickets. ARC and the GDSs remain dedicated to helping you enhance security and protect your agency from those who would commit acts of ticketing fraud.