The Impact of Bad Bots in Travel

Bots are used to hoard inventory in various areas of the travel industry. For instance, bots are programmed to carry out a flight reservation up until the point of payment. This reserves the seats for up to 20 minutes, during which time real customers perceive there to be no availability and the perpetrator attempts to sell the seats on for a profit.

Once the website has cleared the basket of the held reservation a new bot will pick up that availability and repeat the process until the inventory is successfully sold.

    Travel sites are frequently affected by aggregation services that use scraping bots to discover and publicise the availability of products or services such as flights, hotels or car rentals. Threat actors advertise the scraped information at lower price points on a secondary site.

    The aggregators are motivated by the financial rewards of charging commissions, stealing personal data or generating advertising revenue.

    Our data scientists have observed travel sites with 90% scraper bot traffic, which inevitably impacts top line revenue, bottom line profits and customer experience. The complexity and range of web scrapers hitting every website requires a sophisticated solution that quickly and accurately collects information and identifies patterns for the successful mitigation of automated threats.

    Account takeover (ATO) attacks are carried out using fake account creation and credential stuffing techniques, to give attackers access to customer accounts holding valuable items such as membership points and frequent flyer miles that can be sold-on for a profit.

    As loyalty points in travel are often only checked a handful of times a year there is a huge window of opportunity for the threat actor before the genuine customer realises points have been stolen.

    This has a double-edged impact on the targeted travel company who must refund the points to the legitimate customer and pay for the goods or service that the threat actor has received using the stolen loyalty points.


      Try Netacea

      Empower your business with control over bot traffic and the ability to detect bots and block malicious traffic in real-time.

      • Machine Learning Bot Detection
      • Access Shared Threat Intelligence
      • Rapid Attack Response & Real-Time Insight
      • Quick & Seamless WAF/CDN Integration
      Get a Demo