01
High average values draw attention
A £6,000 booking is worth far more to a fraudster than a £60 retail purchase. The fraud-prevention investment per transaction has to scale to the value at stake.
Knowledge Base
Card-not-present fraud prevention in travel.
A practical guide to CNP fraud prevention in travel — why travel is heavier exposed than other industries, authentication as the primary defence, velocity and behavioural signals, BIN screening, AVS and CVC, the trade-off between fraud control and conversion, and the patterns to watch.
Authenticatewhere it matters
Scoreagainst booking signal
Convertreal customers cleanly
Why CNP fraud is heavier in travel.
Card-not-present fraud in travel runs above the industry baseline for structural reasons. Bookings are high-value and made months before delivery, the merchandise (a flight, a tour, a cabin) is liquid and resellable, and the chargeback window is the longest in mainstream retail. Fraud organisations target travel because the economics work for them - which means the economics have to work for the operator's prevention discipline too.
02
Long delivery window means long discovery
A fraudulent booking made today and travelled in eight months has six-plus months in which the legitimate cardholder may notice. The chargeback often lands long after the merchandise has been delivered.
03
Liquid merchandise resells
A flight or tour booking can be resold by a fraudster relatively easily. That increases attempts and changes the patterns of fraud - bookings for travel two-to-six weeks out are higher risk than far-future bookings.
04
Refund mechanics matter
Cancelled fraudulent bookings often get refunded to a different card or account than the original payment - "refund laundering" patterns. Refund rail discipline is part of fraud prevention.
How authentication prevents most CNP fraud.
The single biggest fraud-prevention lever any travel business has is routing eligible transactions through cardholder authentication. 3DS does not eliminate fraud, but it moves the liability for fraud-related chargebacks to the issuer and forces the fraudster to either authenticate or abandon.
01
3DS as the default for cards
A 3DS-authenticated transaction shifts fraud-chargeback liability to the issuer for most reason codes and prevents the simplest fraud patterns - stolen card details used without account access. The friction is materially lower than it was a decade ago because most authenticated flows now complete silently for low-risk transactions.
Authentication 3DS by default
Liability Issuer (fraud)
Friction Mostly silent
02
SCA exemptions used carefully
Low-value exemptions, trusted-beneficiary exemptions and merchant-initiated transactions can route around SCA for the right transactions. Using exemptions broadly to "reduce friction" forfeits the liability shift on those transactions and concentrates fraud into the unauthenticated cohort - usually a bad trade.
LVE Under £30
Trusted beneficiary Issuer-set
MIT Scheduled only
03
Bank-app authentication via open banking
Open-banking authentication happens inside the customer's banking app under SCA. Fraudsters cannot complete it without account access, so an A2A payment that authenticates is materially harder to fraud than even an authenticated card payment. Offering A2A as an option moves the highest-risk transactions onto the rail with the strongest authentication.
Auth surface Bank app
Fraud risk Materially lower
Chargeback path None
Section 02
Velocity and behavioural signals — the second layer.
Authentication catches the obvious fraud. Behavioural signals catch the cases where the fraudster has compromised both card details and account access. The signals are mostly statistical: this transaction does not look like a normal booking from this customer.
01
Velocity per card, per device, per booking
Multiple attempts from the same card, device or IP in a short window are a strong fraud signal. So is the same email or phone number across bookings on different cards.
02
Booking-shape anomalies
A solo traveller booking a premium-cabin one-way fare a week before departure for travel to a high-risk destination has different fraud probability than a family booking a package six months out. The booking shape itself is signal.
03
Customer trajectory
Returning customers paying balances rarely fraud. First-time customers buying high-value tickets with new card details, novel destinations and same-day delivery are the higher-risk cohort.
04
Refund destination drift
A cancellation request that asks for the refund to go to a different card or account is one of the strongest fraud signals. Refund laundering relies on this drift; preventing it stops the pattern.
Section 03
How BIN, AVS and CVC screening actually work.
These three checks are part of every CNP transaction. They each add a layer, none of them is sufficient on its own, and using them together intelligently is what produces a clean fraud picture.
01
BIN screening
The Bank Identification Number identifies the issuing bank and card product. BIN-level fraud rates can be material - some issuing BINs in some countries carry far higher fraud rates than the global baseline. Tracking by BIN reveals patterns the per-transaction view hides.
02
AVS - billing address verification
AVS matches the cardholder's billing address against issuer records. A full match (street + zip) is strong evidence; a partial match is suggestive; no match warrants scrutiny. Use AVS as a signal alongside others, not as a hard decision rule.
03
CVC - the printed code
CVC capture proves possession of the physical card at the moment of authorisation. Never store CVC after authorisation - that is a PCI DSS violation - but capturing and transmitting it is part of every well-formed CNP authorisation flow.
The fraud-conversion tradeoff.
Every fraud control has a conversion cost. Block too aggressively and you turn away real customers and damage the merchant's relationship with its acquirer; block too softly and the chargeback ratio creeps up and the acquirer reprices the merchant. The art is calibration.
01
Watch the chargeback ratio
Visa's VAMP programme and Mastercard's Excessive Chargeback monitoring sit at chargeback ratios that change periodically. Operators want to sit comfortably below the threshold - typically below 0.5% chargeback ratio - and any control changes that move the ratio matter immediately for acquirer pricing.
Acquirer floor ~0.9% (Visa VAMP)
Operator target Below 0.5%
Review cycle Quarterly
02
Track the false-positive rate
A fraud rule that blocks one fraud transaction in ten genuine ones is rarely worth running. False-positive rate - the proportion of blocked transactions that were genuine - is the operational counterweight to the chargeback ratio. Operators that do not measure it tend to over-block over time as new rules accumulate.
Measure Per rule
Threshold Below 5:1
Review Monthly
03
Calibrate by value band
A £200 deposit transaction can carry more permissive thresholds than a £8,000 balance. Splitting the rule set by value band lets the operator be tight where the loss is large and permissive where the loss is small. This single calibration usually moves both the chargeback ratio and the false-positive rate the right way at once.
Low value Permissive
Mid value Targeted
High value Tight
Section 05
How to build fraud monitoring that actually improves.
Fraud rules go stale. The fraudster reshapes around the controls; the legitimate customer base shifts; the acquirer changes thresholds. A fraud system that is not reviewed monthly is a fraud system that is degrading.
01
Review by reason code, not in aggregate
An overall chargeback ratio hides what is actually changing. Reviewing by reason code - fraud, dispute, authorisation - shows which control is the bottleneck.
02
Test rule changes against history
Before deploying a new fraud rule, run it against the last 90 days of transactions to see how many genuine bookings would have been blocked. The historical false-positive picture is the only honest test.
03
Watch the customer cohort
A new customer cohort - a new marketing channel, a new geography, a new product type - usually carries a different fraud profile. Reviewing the cohort separately for the first 90 days catches problems before they show up in aggregate.
04
Close the feedback loop with chargebacks
Every confirmed fraud chargeback should be reviewed against the fraud signals at point of authorisation. The fraud system that does not learn from its own chargebacks is making the same mistake every month.
Section 06
Travel-specific patterns worth watching.
Some fraud patterns are more or less travel-specific. Recognising them early and tightening the right controls in the right places is what keeps the chargeback ratio honest without throwing away conversion.
01
Last-minute high-value bookings
Travel within two weeks at high value is a higher-risk band. Tighter controls here, more permissive controls on far-future bookings, usually moves both ratios.
02
New-customer, new-card, new-destination
The three-novelty pattern - new customer, novel card, novel destination - sits at the top of the risk profile. Authentication + a soft additional check (sometimes a quick manual review for the highest-value transactions in this band) catches most of it.
03
Refund-destination changes
A cancellation request that asks for the refund to be paid to a different rail than the original payment is one of the strongest signals available. Refund discipline that keeps the refund on the original rail by default prevents most refund-laundering patterns.
04
Repeat first-name email patterns
Multiple bookings from different cards but the same first-name pattern of email addresses (e.g. john1@..., john2@...) is a recurring travel fraud pattern. Easy to catch with a review of recent bookings against the email pattern.
What CNP fraud handling looks like in felloh.
felloh keeps every authentication outcome, decline pattern, fraud signal and chargeback result against the booking it relates to - so the prevention work is grounded in real pattern review and the dispute response is already in place when a chargeback lands.
01
Authentication and signal trail attached
Every transaction carries its authentication outcome, BIN/AVS/CVC results and any custom signals against the booking. Representment evidence is assembled when the dispute lands.
See booking-level visibility02
Decline and chargeback analytics
Patterns by reason code, BIN, channel, segment and value band are visible against the booking record - so prevention work targets real causes.
See payment optimisation03
Connects to refund and chargeback handling
Fraud prevention sits inside the same booking-level ledger as refund management and chargeback handling - one trail, one source of truth, one place to learn from the outcomes.
See chargebacks in travelSee this guide running on your booking data.
Bring the workflow or rail you want to improve and we will show how felloh keeps the booking-level evidence connected end to end.