Risk-based verification in travel booking: balancing fraud and friction

At a glance

What this is: This whitepaper examines how fraud enters the travel booking journey and why isolated checks can create revenue loss as well as control gaps.

Why it matters: It matters because trust, safety, fraud, and risk teams need governance that balances conversion with control across human identity, account access, and transaction risk.

👉 Read SumSub's whitepaper on risk-based verification across the travel journey

Context

Travel booking security is a balancing act between fraud prevention and customer friction. When controls are too heavy-handed, genuine travellers abandon the booking path before payment. When controls are too thin or isolated, attackers exploit high-value, prepaid transactions and the business absorbs both fraud loss and avoidable operational cost.

The article’s core point is that single-point checks do not scale well across the travel journey. For identity and risk teams, the issue is not only whether a user can authenticate, but whether verification is calibrated to the step being taken, the amount at stake, and the level of trust already established.

Key questions

Q: How should travel platforms balance fraud prevention with booking conversion?

A: Travel platforms should calibrate verification to the risk of each action rather than applying the same controls everywhere. Low-risk browsing should stay friction-light, while payment changes, unusual bookings, and high-value purchases should trigger stronger checks. The goal is to reduce fraud without creating avoidable abandonment that damages revenue.

Q: Why do isolated fraud checks fail in travel booking journeys?

A: Isolated checks fail because they do not connect the full sequence of user actions. A booking journey includes account creation, identity proofing, payment setup, and final purchase, and risk can change at each step. Without linked decisioning, attackers can pass one weak gate even when the overall session is suspicious.

Q: How do teams know if risk-based verification is working?

A: Teams should measure fraud loss, chargebacks, completion rate, and abandonment after verification changes. If fraud falls but legitimate bookings also drop sharply, the control is too aggressive. If conversion holds but abuse rises, the challenge thresholds are too weak. The right balance protects revenue on both sides.

Q: What should trust and safety teams review before adding more booking friction?

A: They should review whether the added friction is tied to a specific risk event, such as a payment change or abnormal booking pattern. If the control is not linked to a higher-risk action, it is more likely to hurt genuine customers than stop fraud. Proportionate controls perform better than blanket challenge logic.

Technical breakdown

Why isolated checks create gaps in travel booking flows

Travel booking journeys are multi-step and multi-risk. A user may search anonymously, create an account, add payment details, and then book expensive inventory long before travel occurs. If each step is assessed in isolation, fraud signals do not accumulate into a usable picture, and high-risk behaviour can pass through low-friction controls. Isolated checks also create a blind spot where one weak step can undermine stronger checks elsewhere. In practice, the control problem is not a single missing rule, but the absence of linked decisioning across the booking lifecycle.

Practical implication: connect identity, payment, and behavioural signals so one weak check cannot define the whole journey.

How risk-based verification calibrates control to action

Risk-based verification adjusts challenge intensity to the specific action rather than applying the same friction everywhere. In a travel context, that can mean lighter checks for low-value browsing or known users, and stronger verification when the user adds payment instruments, changes traveller details, or books unusually expensive inventory. This approach does not remove fraud risk. It narrows it by matching verification effort to the loss potential and the confidence level associated with the session. The design goal is proportionate control, not maximum control.

Practical implication: define higher-verification triggers around payments, account changes, and abnormal booking patterns.

Why revenue protection depends on more than stopping fraud

Travel operators lose money in two directions. Fraud drains revenue directly, while excessive challenge creates abandonment and reduces legitimate conversion. That makes booking security a revenue governance problem as much as a fraud problem. The best control model therefore measures false positives, abandonment rate, and confirmed fraud together, rather than treating fraud reduction as the only success metric. This is especially important where customers book on behalf of others, use shared devices, or complete transactions under time pressure. Good governance protects the transaction without turning the journey into a barrier.

Practical implication: track fraud loss and abandonment together when tuning verification thresholds.

Threat narrative

Attacker objective: The attacker seeks to complete fraudulent travel purchases while blending into normal customer behaviour and avoiding controls that would interrupt payment.

1. Entry occurs when fraudsters exploit the booking journey through high-value travel transactions, weak account checks, or low-friction steps that do not reveal risk early enough.
2. Escalation happens when isolated controls fail to correlate identity, payment, and behavioural signals, allowing suspicious users to move deeper into the purchase flow.
3. Impact is revenue loss through fraudulent bookings, chargebacks, and abandoned legitimate transactions caused by poorly calibrated verification.

Breaches seen in the wild

• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Travel booking fraud is a control-calibration problem, not just a detection problem. The article points to a familiar pattern in consumer identity systems: strong checks reduce abuse, but coarse checks damage conversion. In travel, that trade-off becomes visible faster because the transaction value is high and the abandonment cost is immediate. The field should treat fraud prevention as part of identity governance, not as a separate bolt-on risk function. Practitioners need controls that are measured by both loss reduction and customer retention.

Isolated checks fail because they do not understand the booking journey as a sequence of trust decisions. A search, a sign-up, a payment method change, and a final purchase are not equivalent events. Each should carry different verification weight, because the underlying risk changes as the journey progresses. When teams evaluate controls step by step, they can see where fraud enters and where genuine travellers are being over-challenged. The practitioner conclusion is that journey-aware policy beats static screening.

Journey-stage verification: the useful design pattern here is not one universal fraud rule but action-specific assurance. That concept matters because the same user can be low-risk at browsing time and high-risk at checkout. A mature programme should classify actions by value, reversibility, and abuse potential, then apply proportionate friction. This is a governance model for reducing both direct fraud and avoidable abandonment. Practitioners should map controls to journey stages, not just to users.

For travel platforms, the real security metric is balanced loss avoidance. If fraud goes down but legitimate bookings collapse, the control strategy is failing the business. Conversely, if conversion remains high but abuse rises, the trust layer is too permissive. The discipline required here is cross-functional: fraud, IAM, trust and safety, and revenue teams need a shared view of what acceptable friction looks like. Practitioners should define success as protected revenue, not just fewer alerts.

From our research:

• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• That persistence gap is why teams should pair journey-aware risk controls with Guide to NHI Rotation Challenges when sensitive credentials are in scope.

What this signals

Journey-stage verification: travel platforms should treat each booking action as a separate trust decision, because a single static policy cannot reflect the changing risk between browsing, payment setup, and purchase completion. Teams that model friction at the action level are better positioned to protect revenue without forcing legitimate travellers out of the funnel.

The broader signal is that fraud control is becoming a governance exercise, not a point-solution problem. Identity, payment, and behaviour need to be evaluated together, and teams should expect more pressure to justify why a control exists, where it applies, and what business loss it actually prevents.

For practitioners managing wider identity programmes, the lesson extends beyond travel. A risk-based model works only when the organisation can explain why some sessions stay low-friction and others do not. That discipline maps well to the NIST Cybersecurity Framework 2.0 because governance and protection must be tuned to observed risk.

For practitioners

• Map controls to journey stages Separate browsing, account creation, payment instrument changes, and final booking into distinct risk points so controls can be tuned to the loss potential at each step.
• Correlate identity and transaction signals Combine behavioural, payment, and account-risk indicators before deciding on step-up verification, rather than treating each signal as an isolated gate.
• Measure fraud and abandonment together Track confirmed fraud, chargebacks, completion rate, and drop-off after verification so control changes can be judged against both security and revenue outcomes.
• Use step-up checks only where risk justifies friction Reserve stronger verification for high-value, high-change, or unusual bookings, and keep low-risk paths as friction-light as possible.

Key takeaways

• Travel fraud control works best when verification is matched to journey stage, not applied uniformly across the booking flow.
• Isolated checks leave gaps because they fail to correlate identity, payment, and behavioural signals across the full transaction.
• The right governance target is protected revenue, which means reducing fraud without driving legitimate travellers away.

Key terms

• Risk-based verification: A verification model that adjusts identity checks to the risk of the action being taken. In practice, it reduces friction for low-risk activity and increases assurance when value, change, or abuse potential rises. This is especially useful in consumer journeys where blanket controls damage conversion.
• Journey-aware control: A control designed around the sequence of user actions rather than a single event. It recognises that the same user may present different risk at browsing, account creation, payment, and completion stages. This approach helps teams apply proportionate friction and avoid relying on isolated checks.
• Conversion friction: The amount of effort, delay, or challenge a legitimate user experiences before completing a transaction. In identity-led security programmes, it is a real business cost, not just a user-experience issue, because excessive friction can suppress revenue while trying to reduce fraud.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by SumSub: Risk-based verification in travel booking. Read the original.