TL;DR: Recovered travel demand is exposing gaps in rules-based fraud management, manual review, and 3DS as airlines try to balance approval rates, loyalty, and margin protection, according to Riskified’s November 2024 airline fraud report. The governance challenge is no longer just stopping fraud, but controlling the trade-off between friction and resilience.
NHIMG editorial — based on content published by Riskified: Air travel is back: With growth headwinds (but less turbulence) What airline payments executives need to know about fraud
Questions worth separating out
Q: What breaks when airlines rely on rules-based fraud controls alone?
A: Rules-based fraud controls break down when attackers learn the thresholds and legitimate customer behaviour becomes too variable for fixed logic.
Q: Why do manual review queues create fraud governance risk in travel?
A: Manual review queues create governance risk because they introduce delay, inconsistency, and scale limits.
Q: How should airlines decide when to use 3DS in payment flows?
A: Airlines should use 3DS selectively, based on transaction risk, customer confidence, and the likelihood of abandonment.
Practitioner guidance
- Re-tune rules against current booking behaviour Reassess existing fraud rules against present-day airline booking patterns, device diversity, and route mix so the policy set reflects current threat behaviour rather than pre-recovery assumptions.
- Reduce reliance on manual review as a primary control Use analyst review only for cases with genuinely ambiguous risk signals, and track queue age, reversal rates, and reviewer consistency to identify when the review layer is masking poor upstream logic.
- Segment 3DS by risk and customer context Apply 3DS selectively for riskier transactions, new accounts, and higher-value itineraries, while preserving lower-friction paths for trusted repeat customers and lower-risk booking scenarios.
What's in the full report
Riskified's full report covers the operational detail this post intentionally leaves for the source:
- Industry-facing fraud trends for airlines as demand returns to pre-pandemic levels and fraud pressure changes.
- Examples of where rules-based fraud management, manual review, and 3DS create control gaps in airline flows.
- The report's own framing for how airlines can balance customer experience, revenue predictability, and fraud resilience.
- A broader view of how global expansion and policy tuning interact in travel commerce.
👉 Read Riskified's report on airline fraud management and growth headwinds →
Airline payments fraud: are rules-based controls keeping up?
Explore further
Rules-based fraud management creates policy debt when travel demand rebounds. Airlines often preserve legacy fraud thresholds long after booking patterns and attacker behaviour have changed. That leaves teams governing yesterday’s risk model while the business operates in a very different channel environment. Practitioners should treat static rules as a liability that accumulates until it is actively re-tuned.
A question worth separating out:
Q: Who is accountable when fraud policy lowers approvals and still misses abuse?
A: Accountability sits with the payments and fraud governance function, because policy design is a business control decision, not just a tooling decision. Teams should review which thresholds, exceptions, and review rules were chosen, how they affect approval rates, and whether they still match current fraud patterns. If the policy creates predictable loss or friction, the governance model needs recalibration.
👉 Read our full editorial: Airline fraud management is straining rules-based controls