The Key Considerations Underpinning the Future of Cyber Security in Air Travel
Security issues are rampant throughout the travel and transportation industry, and are especially troubling for airports and airlines. As passengers and cargo move within and between countries, there are seemingly endless opportunities for identity theft, bankcard fraud, data privacy breaches, cyberattacks and other threats.
Today’s consumer is highly aware of and concerned about all these risks. The Unisys Security Index, the only recurring snapshot of security concerns conducted globally, gauges the attitudes of consumers on a wide range of security-related issues. The 2018 results showed that security concerns globally among individuals continue to hold at the highest level ever since 2007, the first time the global Unisys Security Index was fielded.
To provide the customer experience that consumers expect and demand, airports and airlines must understand where and why security concerns exist and take steps to proactively address and alleviate risk.
Identity Theft and Bankcard Fraud Top the List of Consumer Fears
Among consumers, the highest security concerns are those where people feel they may have the least amount of personal control: Identity Theft and Bankcard Fraud. Globally, people surveyed are more concerned about Identity Theft (68 percent seriously concerned) or Bankcard Fraud (66 percent seriously concerned) than they are about possible physical harm related to Disasters/Epidemics (53 percent seriously concerned) or Personal Safety (50 percent seriously concerned).
Airlines retain such personal information and more in their own loyalty databases and use it daily to market to consumers, promote ancillary sales, facilitate online transactions and record passenger preferences. The data is constantly being shared between airports, partners, vendors and government agencies to optimize the passenger experience. Consumers interact with and add to this data with every tap on their mobile devices and with each purchase.
The risk of identity theft and fraud exists in large part within airlines and airports because point solutions have been deployed over the years to provide new functions and services to keep pace with customer demands and expectations. These solutions have resulted in an eclectic mix of systems that cannot be easily integrated with each other or with emerging solutions and software.
The lack of integration makes it difficult to guard against intrusions. For example, hackers can gain access to the loyalty database through passenger applications, smart devices used by employees or customers, and unsecured connections. This places airlines and airports in an unenviable position. They cannot limit data access because that would negatively impact their own revenue and operations as well as the consumer experience, but unlimited data access brings with it unacceptable levels of risk.
Privacy Concerns Cause Tension
Data privacy is another area of concern for consumers. In the report “Future of the Airline Industry 2035” put out by the International Air Transport Association (IATA) and the School of International Futures (SOIF), one of the major drivers of change identified was the tension between data privacy and surveillance. The report states:
“Advances in connectivity and sensor networks are likely to empower citizens by providing real-time accountability and transparency. At the same time, privacy and surveillance are likely to be high on the list of military and government concerns over the next two decades. How much privacy will people be willing to give up in return for convenience, economic benefit, and security? For corporations, data breaches and cybercrime may require new measures to protect data; privacy itself could become a valuable commodity.”
Airports and airlines need to confront this tension head on. For instance, consider biometrics. On the one hand, consumers appreciate the fact that biometric solutions have the potential to streamline the passenger experience and facilitate seamless travel. Such technologies also provide protection against terrorist attacks by identifying potential bad actors through biometric analysis.
On the other hand, biometric technologies record personal data which must be stored securely, and many consumers are unconvinced that airlines and airports are equipped to protect their networks from being hacked. The fact that such biometric data may become a requirement for travel – particularly for international travel – simply adds to the tension since a consumer would not, in that case, be able to “opt out” of providing this data.
Connected Devices Create Opportunity and Risk
Connected devices are multiplying exponentially within airlines and airports, bringing both opportunity and risk. The Unisys Security Index noted that consumers largely support the use of connected devices globally. However, data security has become a rising concern, forcing many to rethink the wisdom of sharing information among these devices.
Relevant to airlines and airports, almost three-quarters (74 percent) of survey participants indicated that they would support a sensor in their luggage and a mobile application to tell them if their luggage has been unloaded and what carousel it will be on.
To maximize the opportunities that connected devices provide – such as the ability to track luggage or to facilitate pet travel by allowing owners to monitor their pets before, during, and after a flight – airports and airlines must demonstrate that they can protect the data that these devices draw on, generate, and transmit.
With anxieties growing about national, financial, Internet, and personal security, airlines and airports need to lead with security. Those airlines and airports that are best prepared to protect their customers’ data without adding any inconvenience will be well-positioned for the digital future of air travel.
Dheeraj Kohli is Vice President and the Global Head of Travel and Transportation for Blue Bell-based Unisys Corporation. He can be reached at [email protected].