Indian online travel agencies confident about customer security4 min read . Updated: 10 Jul 2012, 10:23 PM IST
Indian online travel agencies confident about customer security
New Delhi: Online travel company Cleartrip Travel Services Pvt. Ltd’s ad server was infected last month with a malicious code that could have allowed criminals access to personal information from the customer’s computer. The code was removed immediately after the company was informed about the breach by Web security company Websense Inc. No harm was done as the code was removed before it could become fully active, according to Cleartrip.
In a separate incident, Wyndham Worldwide hotels was charged by the Federal Trade Commission of the US on 26 June for lax corporate security, which allowed hackers to steal credit card and other personal information of more than 500,000 customers, Bloomberg reported a week back. Wyndham Worldwide Corp. didn’t respond to emailed queries on the issue.
The group, which manages 16 hotels in India on a franchise model, has been expanding its presence in the country since last year.
With online travel agencies and hotel booking websites contending to become interactive by collecting personal information about their customers to provide better services and retain clients, online security remains an issue though the Indian travel and hospitality industry doesn’t regard it as a problem, saying transaction norms in India are much safer and consumers’ habits have been evolving, according to travel industry experts.
The Reserve Bank of India (RBI) mandated an extra layer of authentication for online payment by credit and debit cards, 3D secure authentication, which requires a password provided by banks for online transactions, in August 2009.
Cleartrip remains confident about security even after the recent attack on its ad server.
“We have physical storage and network security in place along with encryption techniques to keep the sensitive information safe," said Hrush Bhatt, founder and director (product and strategy) at Cleartrip. “We have two servers, which are not on the same network, to keep the data safe. We keep our keys and value (card information) separately. Even if somebody gets access to values, he cannot do anything without the keys."
Encryption is a technique by which data and information can be converted into an unreadable format.
Online travel agencies, including Cleartrip and MakeMyTrip, say security is not a challenge as they are compliant with the payment card industry data security standard, an international information security benchmark for handling cardholder information for the major debit, credit and other payment cards.
Indian online consumers have shown a positive response, according to the travel agencies, towards the feature to store personal information, including account details, which spare them the effort of entering the whole information every time they book.
“Almost 15% of our daily bookings are now done this way," said Bhatt. “We have seen 60% growth in customer acquisition and 75% growth in weekly bookings due to increased number of transactions per customer since we launched Expressway."
Cleartrip did not disclose further details. “This is more than we expected," Bhatt said. “We started with this feature for domestic flights in March-end, but seeing the positive response from the customers, launched the feature for international flights and hotels a month later."
Bhatt said RBI’s move to add an extra layer of authentication is “probably the reason why we were more confident in launching this feature. We are surer of the fact that it will be a fraud- proof procedure".
Amit Somani, chief product officer at MakeMyTrip Pvt. Ltd, which started the same feature two years back for its rail ticketing, said: “Over a period of time, our customers have started using it. At present, 70-80% of our customers who use train ticketing facility have opted for this."
Industry experts say that this measure is primarily targeted at retaining customers.
“It is a way forward to retain customers. It is also a strong way to get customers to buy more. If you can buy things with just one click, you will not think twice," said Chetan Kapoor, research associate at PhoCusWright Inc., a travel research firm. “Customers are also getting matured in India. They are familiar with this concept through Amazon and Apple iTunes, which also store credit card details."
Meanwhile, Yatra Online Pvt. Ltd is in the process of conducting a survey on whether online consumers are comfortable with sharing sensitive account information. “The response has been positive so far," said Dhruv Shringi, co-founder and chief executive at Yatra. “We would also launch a feature where our users would be able to store their credit card information with us in order to be able to use it later for booking, if the survey turns out positive."
“After RBI mandated 3D secure authentication for online transaction, the customers have become much more relaxed," he said.
Mahesh Murthy, founder of digital marketing firm Pinstorm, said two factors need to be considered when it comes to security of information— malicious hackers and malicious insiders.
“I believe there will be concern areas on both fronts. If the world’s most ‘security-hardened’ sites in the US can get hacked and their credit card data made available in the black market, I believe ours will soon become juicy targets, too. I don’t believe our sites are security-hardened as much as some other sites globally are," said Murthy.
“The second issue is human—we have had a long history in India of our call centre people stealing and misusing credit card information from their employers’ customers overseas. As Indian credit card business volume grows, this will become more of a threat," he added.