Travel businesses cannot afford to bury their heads in the sand about cyber fraud, amid fears that complacency will lead firms to fall foul of attacks and of new data protection rules.
Advantage Travel Partnership managing director Julia Lo Bue-Said told a Travel Weekly Cyber Security Summit in London last week: “We have to do a lot more to manage our businesses in a secure manner. There is real complacency in our industry.”
Barry Gooch, chairman of Prevention of Fraud in Travel, said: “Fraud and cybercrime are absolutely rife. There are a lot of bad practices in the industry.” He insisted: “You could probably stop 70% of attacks.”
ATD Travel Services chief executive Oliver Brendon recounted how his company was hit by a £1.5 million scam in 2015, while Simon Beeching, director of telecoms service provider Syntec, warned of “a gaping black hole” in fraud prevention at call centres.
Worldpay risk management product director Helen Holmes highlighted “tension between fraud protection and friction-free payments”, warning: “Travel is a particularly high-risk sector.”
Europe’s General Data Protection Regulation (GDPR), which comes into force next May, will make regulators “more powerful and aggressive”, Deloitte partner Peter Gooch warned.
He said: “The impact of getting it wrong will increase significantly.” Regulators will be able to impose fines of up to €20 million on small companies if they breach data rules.
The Travel Network Group membership services director Lisa Henning said: “We’re pulling together a meeting about the GDPR for members following the summit. There is huge confusion. Marketing is a big proportion of what businesses do – they market through data. We have to comply.” She added: “The summit was invaluable.”