[ad_1]
Q: I know you’ve written several legal briefs over the weekend against scammers who hack GDSs and issue cash tickets. I also know that there are agencies responsible for paying for tickets issued by ARC. Has this hack stopped? If not, can you please do what we can at our agency to prevent this from happening?
A: The problem did not stop.
Every Monday or Tuesday, I get a phone call or email from the agency owner if the weekend is hacked. Some of these hacks have resulted in more than $100,000 in liability for the agency.
In my experience, the scams have these common features:
- Only Saber agencies are called. My guess is that the Travelport and Amadeus agencies weren’t hacked because the hackers didn’t know those systems, or maybe those systems had better defenses.
- The scammers use the Saber login as a travel agency employee or independent contractor. While any employee admits to disclosing their logins, ARC appears to have obtained the login information from Saber records.
- The logins were obtained because the employee or IC was required to change their username and password after clicking a link to a legitimate-looking email claiming to be from Saber, a Saber update or similar.
- Tickets will be issued on Saturday night or early Sunday.
- Travel is from West Africa to European point. Some tickets are one-way, some are round trip.
- Tickets are issued by one or more airlines.
- Most of the outbound travel is completed before the agency’s office opens on Monday, so the system no longer allows you to cancel the tickets.
Related Legal Briefs Columns:
Here are steps you can take to make sure it doesn’t happen to you.
First, ask your employees and ICs to refrain from giving out their GDS logins in response to any email or phone call.
Second, change your agency’s local Saber settings to deny weekend tickets or to deny cash tickets or both. If you do not know how to take these steps, ask your Saber representative.
Third, make it a habit to review ticket records early on Sunday so you can try to reject any suspicious tickets.
ARC has an article on its website offering similar advice, though it generally applies to all types of unauthorized tickets.
By the way, blaming Saber for not having better security like two-factor authentication or IP address verification doesn’t help. Saber does not accept any mistakes.
ARC will set up a bank account for the full amount of the tickets and if you don’t pay in full (or you don’t have a long-term payment agreement with ARC or directly with each service provider) within 30 days, ARC may cancel your appointment. .
Several agencies have gone out of business. Others have arranged for another agency to book tickets for them.
[ad_2]
Source link