"Travelers and fraudsters both use AI agents now, creating a challenge for fraud detection teams: How do they tell the difference between a real customer booking their own travel, an automated agent acting on behalf of a user, and an automated malicious agent that is engaging in legitimate user workflows? The problem becomes more complex as fraudsters have already tested these tactics during summer travel and are ready to exploit the busiest travel season of the year: the holidays."
"Guest checkout systems reduce friction but create anonymity that makes linking suspicious activity across transactions nearly impossible. Seasonal offers, loyalty programs, and flexible cancellation policies provide additional attack vectors that allow fraudsters to harvest points from hacked accounts, create fake accounts to reuse promotional codes, and systematically abuse refund policies. These conditions, combined with spikes in travel demand, create an environment where AI-driven attacks can scale quickly."
AI agents are now used by both legitimate travelers and fraudsters, making it difficult to distinguish between real customers, user-directed automated agents, and malicious automated actors. Fraudsters tested these tactics during summer travel and plan to exploit holiday demand. Travel platforms have vulnerabilities: guest checkout anonymity, seasonal offers, loyalty programs, and flexible cancellation policies provide attack vectors for points harvesting, promotional code reuse, account takeover, and refund abuse. Automated traffic exceeds half of web activity while 84% of consumers tighten budgets, reducing legitimate transactions. AI-driven bot attacks adapt from blocked transactions and successful attacks, enabling rapid scaling and mastering of customer booking workflows.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]