Account takeover is becoming one of the most disruptive threats facing airlines and online travel agents, driven by the growing value stored within customer accounts. This article explores how attackers are exploiting loyalty programmes, why many fraud controls are failing to detect this activity early enough and what travel businesses need to do differently.
TL;DR
- Customer accounts have become one of the most valuable part of the travel journey, driving repeat bookings, and higher customer lifetime value for travel agents and airlines.
- Signifyd’s network has identified around 46% account takeover attempts globally, and more than 80% within EMEA.
- Existing approach to prevent and block account takeover attempts efficiently are being applied too late.
- Improving takeover detection, without increasing checkout friction across the customer journey, can quickly escalate to lost revenue.
- An intelligent approach that marries transaction-level decisions, and signals across the buyer journey can lead to fewer friction whilst improving operational strain.
The scale of account takeover in travel
Customer accounts have become one of the most valuable parts of the travel journey, with loyalty programmes driving repeat bookings, higher customer lifetime value and deeper engagement across airlines and online travel agents, but as more value sits behind a single login the account itself has increasingly become the target.
That shift is already clear in the data, with Signifyd’s network showing account takeover attempts up around 46% globally and more than 80% across EMEA, reflecting how quickly attackers are moving towards account-led fraud and away from isolated payment attacks.
Account takeover attempts:
The challenge of existing account takeover prevention methods
The challenge for many travel businesses is that fraud controls are still heavily weighted towards checkout, even though account takeover usually starts much earlier in the journey through automated activity targeting login, password reset and loyalty redemption flows, where bots are used to test credentials at scale and identify accounts that can be accessed without raising immediate suspicion.
Once access has been established, the speed at which fraudsters can extract value becomes a major problem, particularly in travel where accounts often contain loyalty balances, stored payment details, vouchers and personal information that can be monetised quickly through flight bookings, upgrades or resale activity, often within minutes and often in ways that still resemble genuine customer behaviour.
By the time a transaction reaches checkout, the most important decision has often already been missed, because the issue is no longer whether the booking itself looks suspicious but whether the person behind it should have had access to the account in the first place, and when that access is not challenged early enough the transaction can appear familiar enough to move through traditional controls without attracting meaningful attention.
This is why many existing approaches struggle to deal with account takeover effectively, not because the controls themselves are necessarily weak but because they are being applied too late, relying heavily on transaction-level signals without enough visibility into how the account was accessed, whether behaviour leading up to the booking aligns with the customer’s history or whether automated activity has already compromised the integrity of the session.
The real challenge is spotting suspicious behaviour before the account is fully compromised, whether that shows up through repeated login attempts, unusual access patterns, changes in device behaviour or activity that simply does not match how the genuine customer typically interacts with their account, because once a fraudster is inside the environment the signals available at checkout become significantly less reliable.
At the same time, travel businesses cannot afford to solve this problem by introducing heavy friction across the customer journey, particularly when high-value travellers expect immediate access to accounts, bookings and loyalty benefits, and where unnecessary login challenges or verification steps can quickly damage the experience and push customers towards alternative providers.
How to solve for account takeover in travel without adding friction
What matters is being far more precise about when intervention is actually needed, identifying bots and suspicious account activity early enough to prevent fraudsters gaining access in the first place while still allowing genuine customers to move through the journey without interruption.
For airlines and online travel agents, this is becoming far more than an account security issue, because the ability to identify suspicious behaviour before an account is fully compromised now has a direct impact on revenue, customer trust and overall performance. Approaches that rely solely on transaction-level decisions are increasingly struggling to keep pace with automated attacks that begin much earlier in the journey, which is why more travel businesses are starting to look beyond checkout signals and build a broader view of risk across account activity, behavioural patterns and transaction insight before value is extracted.
This is where a more intelligent approach starts to make a measurable difference, allowing suspicious activity to be identified earlier, bots and credential testing to be detected before accounts are compromised and genuine travellers to move through the journey with less friction, which ultimately helps airlines and online travel agents protect loyalty value, reduce operational strain and convert more of the demand they are already generating.
