By NHI Mgmt Group Editorial TeamDomain: Cyber SecuritySource: RiskifiedPublished September 22, 2025

TL;DR: Travel booking platforms processing high volumes can no longer rely on CVV and AVS alone, with Tripster saying it blocked $14.4 million in fraud while protecting 100% of transaction volume, according to Riskified. The practitioner takeaway is that fraud prevention now has to preserve checkout speed, not simply raise more alerts.


At a glance

What this is: This is a travel fraud case study showing how automated decisioning helped a booking platform reduce fraud while maintaining checkout flow and approval rates.

Why it matters: It matters because fraud review bottlenecks can become a growth constraint, and identity and risk teams need controls that separate legitimate customer friction from adversary behaviour at transaction time.

By the numbers:

  • Tripster says it has blocked $14.4 million in fraud over five years while protecting 100% of transaction volume.

👉 Read Riskified's case study on Tripster's automated fraud prevention


Context

Travel checkout fraud is a governance problem as much as a detection problem. Once transaction volume reaches six figures a year, manual review and basic card checks stop scaling, and fraud teams have to decide how much friction the business can absorb before conversion suffers. In travel, that tension is amplified by instant fulfilment and reseller economics.

For identity and fraud programmes, the real issue is not whether fraud exists, but whether the control model can distinguish legitimate customer activity from synthetic or evasive behaviour without breaking the purchase journey. That is where automated risk scoring, transaction-level decisioning, and case handling become operationally material rather than optional.


Key questions

Q: How should travel merchants balance fraud prevention with checkout conversion?

A: They should treat fraud prevention and conversion as a single decision problem. Use layered, real-time risk scoring to approve low-risk customers quickly while routing ambiguous transactions to review. The goal is to apply friction only where the loss exposure justifies it, especially for instant-delivery products where delays can damage revenue and user trust.

Q: Why do basic card checks fail in high-volume booking environments?

A: Basic card checks fail because they only validate limited payment data at a single moment. They do not capture device patterns, behavioural anomalies, order velocity, or repeat abuse across accounts. In high-volume travel commerce, that leaves both false negatives and unnecessary false positives, which is why transaction intelligence has to go beyond CVV and AVS.

Q: What do fraud teams get wrong about automated checkout decisions?

A: They often focus only on blocking fraud and ignore the governance needed to explain, tune, and audit decisions. Automation works best when teams can see why a transaction was approved or declined, how thresholds change over time, and where legitimate customers are being over-fricted. Without that, automation becomes opaque rather than controllable.

Q: Who is accountable when fraud controls block legitimate customers in real time?

A: Accountability should sit with the team that owns the end-to-end decision path, not only the fraud model. If checkout, identity, and risk signals are not orchestrated into one control, then the business is responsible for the conversion loss as well as the fraud loss. Governance needs shared ownership across fraud, product, and security leaders.


Technical breakdown

Why CVV and AVS stop being enough at scale

CVV and AVS are point checks, not decision systems. They verify a cardholder detail at a single moment, but they do not assess behavioural patterns, device reputation, order velocity, or abuse campaigns that spread across accounts and merchants. In travel, where legitimate buyers may make urgent, high-value, or one-off purchases, static rules also produce false positives that hurt conversion. Automated fraud platforms try to replace isolated checks with risk scoring that can weigh multiple signals at once and adjust the decision in context.

Practical implication: teams need layered transaction controls, not single-factor card checks, for high-volume booking flows.

How AI-driven fraud decisioning changes the checkout model

AI-driven fraud decisioning is best understood as a triage layer between payment authorisation and fulfilment. It evaluates transaction features, model outputs, and sometimes post-purchase outcomes to decide whether to approve, decline, or send for review. The technical value is not just speed. It is the ability to continuously refine thresholds as fraud patterns shift, while preserving the user experience for low-risk customers. The trade-off is governance. If teams cannot explain why a decision was made, they can reduce fraud but lose control over appeals, tuning, and bias management.

Practical implication: fraud teams should demand decision traceability and tuning controls alongside automation.

Why instant fulfilment increases fraud exposure in travel

Instant electronic tickets compress the attacker’s window. Once a fraudster gets a successful checkout, they can often consume the value immediately, leaving little time for manual intervention or chargeback prevention. That makes pre-authentication signals, real-time review, and post-decision monitoring more important than after-the-fact reconciliation. Travel also creates a reseller loss profile that is harsher than the payment value alone, because the merchant may absorb the full face value while retaining only a fraction of revenue. That asymmetry is what turns modest fraud rates into material business risk.

Practical implication: merchants selling instant-delivery products should prioritise real-time risk decisions before fulfilment.


Threat narrative

Attacker objective: The attacker objective is to complete fraudulent bookings or ticket purchases before the merchant can identify and stop the transaction.

  1. Entry begins with fraudulent purchase attempts that imitate ordinary customer activity across online travel platforms and ticketing flows.
  2. Escalation occurs when fraudsters bypass basic CVV and AVS checks or exploit manual review bottlenecks to push orders through at volume.
  3. Impact is realised through charge losses, wasted review effort, and erosion of conversion confidence when legitimate customers face excessive friction.

NHI Mgmt Group analysis

Checkout fraud at travel scale is a decision-quality problem, not a manual review problem. Once volume rises into six figures of annual transactions, human review becomes a bottleneck that attackers can route around and legitimate customers can feel. The control question is whether the business can make reliable, low-friction decisions in real time. Practitioners should treat risk scoring, approval logic, and dispute handling as one operating model, not separate functions.

Travel merchants face a fraud asymmetry that turns small failure rates into large losses. Instant fulfilment means the value can be consumed before the merchant fully understands the transaction risk. In reseller models, the merchant may absorb the full face value of fraud while keeping only a portion of the sale, which makes approval-rate optimisation inseparable from loss prevention. The governance takeaway is that conversion metrics alone cannot define success.

Automated fraud controls create a governance requirement for explainability and tuning. When a system is responsible for blocking fraud and preserving bookings at the same time, teams need to understand why transactions were approved, declined, or reviewed. That means traceable decision criteria, thresholds that can be tuned, and feedback loops that reflect real customer outcomes. Without that control layer, automation shifts risk rather than reducing it.

Fraud prevention in travel overlaps with identity verification even when the article does not use IAM language. The platform is effectively deciding whether a customer interaction is trustworthy enough to complete value transfer. That is a trust and identity problem as much as a payment problem, especially when fraudsters try to blend into normal customer behaviour. Security and fraud teams should therefore align transaction intelligence with broader identity assurance and account-risk signals.

What this signals

Fraud automation is becoming a trust orchestration problem. As payment flows get faster and fulfilment becomes more immediate, teams need to align risk scoring, customer trust, and dispute operations around the same decision record. The practical signal is that fraud programmes are moving closer to identity assurance, even when the ticket is not framed as IAM.

Decision explainability will matter more as models take on more checkout authority. If teams cannot show why a transaction was blocked or approved, they will struggle to defend tuning choices, handle customer complaints, or spot drift. That is why transaction intelligence should be measured not only by loss reduction, but by review quality and explainable override rates.

High-volume commerce exposes the same control gap that NHI programmes face: unmanaged automation without lifecycle governance. When a system can act quickly and at scale, the governance burden shifts from manual review to control design. In identity terms, that means knowing which automated actors are trusted, how they are monitored, and when their decisions are revisited.


For practitioners

  • Map fraud controls to fulfilment timing Place the strongest risk decision before instant ticket issuance or other irreversible fulfilment steps, because post-purchase review cannot recover value once the buyer has consumed the product.
  • Build a layered decision model Combine CVV and AVS with behavioural signals, velocity checks, device intelligence, and prior transaction outcomes so the review process can distinguish low-risk customers from coordinated abuse.
  • Track approval rate and loss together Set operating targets that balance conversion and fraud loss instead of treating them as competing dashboards, because one-sided optimisation usually hides risk transfer.
  • Preserve decision traceability Require capture and decline reasons that analysts can audit later, including the inputs that drove the outcome and the thresholds that triggered intervention.

Key takeaways

  • Travel fraud at scale is a governance and decision-quality problem, not just a payment security problem.
  • Tripster’s case shows how automated review can reduce loss without sacrificing checkout flow when basic controls no longer scale.
  • Practitioners should align approval logic, traceability, and fulfilment timing so fraud controls work before value leaves the merchant.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

MITRE ATT&CK address the attack surface, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, and GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-4Transaction access and approval logic map to least-privilege decisioning at checkout.
NIST SP 800-53 Rev 5SI-4Fraud detection relies on monitoring signals and alerting at transaction time.
MITRE ATT&CKTA0009 , Collection; TA0010 , Exfiltration; TA0040 , ImpactFraud campaigns harvest value through trusted purchase workflows and produce direct financial impact.
GDPRArt.32Customer risk scoring and identity signals can involve personal data in regulated environments.

Use PR.AC-4 to limit transaction approval authority and tie overrides to documented risk thresholds.


Key terms

  • Transaction Decisioning: Transaction decisioning is the process of approving, declining, or reviewing a purchase using multiple risk signals in real time. It goes beyond card verification to combine behavioural, device, and historical context so merchants can reduce fraud without blocking too many legitimate customers.
  • Approval Rate: Approval rate is the percentage of payment attempts that are successfully authorised and allowed to complete. It is a core performance metric in commerce operations because it reflects both risk decisions and operational reliability. Low approval rates often indicate friction, poor context, or excessive conservatism in controls.
  • False Positive: A false positive is a legitimate transaction incorrectly flagged as fraudulent or risky. In high-volume commerce, false positives matter because they create customer friction, manual workload, and conversion loss, even when the fraud model is otherwise effective at blocking abusive activity.

What's in the full article

Riskified's full blog covers the operational detail this post intentionally leaves for the source:

  • How Tripster operationalised automated fraud checks while keeping checkout friction low for legitimate buyers.
  • The specific backend decision details available to analysts after a capture or decline, which matter for tuning and dispute handling.
  • How Riskified and Tripster approached approval-rate fluctuations and model re-analysis over time.
  • The business-facing framing of why the guarantee mattered in a reseller model where fraud losses exceed net revenue.

👉 Riskified's full post covers the checkout workflow, decision tooling, and five-year fraud outcomes at Tripster.

Deepen your knowledge

NHI Mgmt Group covers identity security, NHI governance, and agentic AI through independent research, practitioner guides, and the NHI Foundation Level course, the industry's only accredited NHI security programme. It is suitable for practitioners building governance across identity, access, and automation boundaries.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org