Account takeovers in the airline industry are escalating.

30-40% increase in airline ATOs1

new img-06

Why is this happening?

Some key factors:

The rise of cybercrime-as-a-service has enlarged the pool of bad actors.

38% annual growth in cybercrime, driven mainly by CaaS2

anually growth in cybercrime

These malicious actors have greater access to login credentials and often-reused passwords.

72% increase in data breaches from 2021 to 20233

increase in data breaches

Why are cybercriminals focusing on airlines?

1 Airlines have historically prioritized allocating much of their budget to maintaining aircraft operations. Only a small fraction – 7% of overall IT budget – is spent on cybersecurity, compared to airport investment of 10%.4
2 There has been a massive increase in branded credit cards, which are tied to loyalty programs with enormous value. Airlines have a strong track record in preventing credit card fraud, so ATOs are an easier target. US airlines alone now generate ancillary revenue of approximately $25B from co-branded credit cards,5 with hundreds of billions of dollars sitting in loyalty programs.6

How do the cybercriminals illicitly access these accounts?

Bad actors use bots to credential stuff their way into legitimate customer accounts.

166% rise in bot attacks on airlines7

rise in bot attacks in airlines

Cybercriminals then sell access to these accounts – and the buyers of the accounts cash out.

  1. Total losses amount to roughly 3% due to fraudulent redemptions and associated costs.8
  2. Cases of loyalty fraud surged by 30%.9

The impact is enormous, with the total volume of payment fraud shifting from credit card fraud to ATOs.

$1B in losses per year to payment fraud for the airline industry10

losses per year as payment fraud

Download the full infographic

Download PDF Version Download Report
  1. Chris Staab in www.forbes.com/sites/jeremybogaisky/2024/06/28/airline-miles-hotel-points-hacking/
  2. www.securitymagazine.com/articles/98810-global-cyberattacks-increased-38-in-2022
  3. www.forbes.com/advisor/education/it-and-tech/cybersecurity-statistics/
  4. www.icao.int/NACC/Documents/Meetings/2018/CSEC/D12b-AirTransportCybersecurityInsights2018-SITA.pdf
  5. www.ideaworkscompany.com/wp-content/uploads/2024/04/Airline-Loyalty-and-Co-Branding.pdf
  6. www.thepaypers.com/expert-opinion/loyalty-fraud-in-the-airline-industry-key-insights-and-specificities--1267027
  7. Arkose Labs data, as found in www.forbes.com/sites/jeremybogaisky/2024/06/28/airline-miles-hotel-points-hacking/
  8. Chris Staab as quoted in www.forbes.com/sites/jeremybogaisky/2024/06/28/airline-miles-hotel-points-hacking/
  9. www.infosecurity-magazine.com/news/airlines-battle-loyalty-program/
  10. Chris Staab as quoted in www.forbes.com/sites/jeremybogaisky/2024/06/28/airline-miles-hotel-points-hacking/