Bad bot activities harm the travel industry in several ways

 

As more countries lift their travel bans, airlines and tourism sector operators, who have been severely hurt by Covid restrictions, are beginning to restart operations. They were continuously being assaulted by bots that were being utilised to carry out a variety of damaging acts to the damage of their businesses and customers even before the pandemic began. Bot assaults on travel operators’ websites and applications, in general, and airlines in particular, are increasing as they restart full-fledged operations.

Bots scrape their prices and schedules on a regular basis (OWASP Automated Threat OAT-011 Scraping), block seat inventory, preventing legitimate travellers from purchasing tickets (OAT-021 Denial of Inventory), and make pricing queries without purchasing a ticket, driving up GDS (Global Distribution System) query costs significantly. Unchecked bot traffic also skews visitor numbers (OAT-016 Skewing), making it difficult for these businesses to obtain reliable data that will enable their operations, planning, and marketing teams do their jobs more effectively.

 

 

An overview of how bots impacted an APAC airline

One of our customers is a low-cost airline that services the Asia-Pacific region with domestic and international flights from a number of regional hubs. Based on the number of people flown, it is presently one of the largest regional carriers. With its rapid growth came an increase in bot assaults on its website, mobile app, and APIs, which scraped ticket prices, made unwanted GDS price inquiries, and hijacked seat inventory, preventing genuine travellers from purchasing tickets. Apart from bot attacks, the increasing levels of bot traffic skewed the airline’s Web analytics, making it difficult for its marketing and operations departments to develop campaigns and strategy based on actual visitor volumes.

Look-to-book ratio: a key performance indicator for the travel industry

The “look-to-book ratio,” which is the ratio of visitors to an airline’s website to the number of tickets actually sold, is one of the most important performance measures in the airline and travel industry. The look-to-book ratio has risen from a low of roughly 10:1 in previous years to frequently over 1000:1 presently. This is due to the overall increase in the number of travellers, as well as consumers’ increasingly aggressive price searches, as well as competitors’ bots and price checking services. Many tourists currently conduct several searches using multiple price-comparison websites, and many more searches are conducted today before making a reservation. The fact that an airline’s competitors and price comparison sites can deploy bots at regular intervals to conduct ticket price requests, both to keep ahead of their competition and to offer pricing data sought by legitimate travellers, adds to the consumer desire for cheaper costs.

 

 

Bot-initiated GDS queries significantly drive up costs

The increased volumes and expenses of GDS enquiries are another source of concern for the sector. GDS networks provide ticket availability and pricing, as well as transactions between travel agents and airlines, hotels, car rental companies, and other travel service providers. With a typical GDS query costing an airline around $0.20, it’s easy to see how bot-initiated queries that never result in a ticket purchase can quickly add up to millions of dollars in wasted expenses every year. The graph below depicts the number of bots that were blocked from making price queries over the course of a 20-day period in March 2021.

Account Takeover (ATO) attacks on travel operators greatly hurt their brands

Account Takeover (ATO) attacks were another type of bot activity on the airline’s website. The airline’s APIs were systematically attacked by cybercriminals looking to cash out or redeem airline miles and discount coupons (OAT-012 Cashing Out), using bots to enter breached user log-in credentials obtained from data leaks or sold by a variety of shady Dark Web operators (OAT-008 Credential Stuffing), as well as trying to guess various combinations of usernames and passwords (OAT-007 Credential Cracking).

Apart from price scraping, GDS queries, and ATO attacks, the airline’s in-flight retail section of its website was regularly bombarded with bot traffic, which was used to scrape the airline’s valuable content, such as images, descriptions, and prices, as well as to make purchases using stolen payment card data via the previously mentioned credential stuffing and cracking techniques.

 

 

The benefits of a bot mitigation solution for the airline and travel sector

Bot masters, hackers, and competitors will be ratcheting up their attacks against airlines and other travel industry firms as the travel sector prepares to resume regular operations in order to service large numbers of travellers ready to fly to various places. Adopting a dedicated bot management system is the only method to detect and block the latest bots that may replicate human activity on a website or mobile application. Our business was able to save GDS expenses, prevent ATO assaults on its customers, halt ticket scalping and denial of inventory attacks, and acquire clean website and mobile app analytics to improve its routes, flight schedules, and overall marketing strategy after adopting Radware Bot Manager.

To know more about how vafion can help your organization contact info@vafion.com

Similar Posts:

No similar blogs