How Much is Fare Scraping Costing the Travel Industry?

Alex McConnell
Alex McConnell
4 Minute read

Article Contents

    Scraper bots make up the worst of bad bot traffic for the travel industry, with sites witnessing over 90% of traffic attributed to fare scraping. Whilst this activity can be benign or even used for positive means, if uncontrolled it can impact top line revenue, bottom line profits and customer experience.

    Bots and Airline Ticket Sales

    The airline industry is one of the most heavily targeted by bot operators. It’s common for automated traffic to account for over half of all activity on airline websites. In some cases, this can peak at over 90%. The bots that typically target airlines are also typically more advanced that those targeting other industries.

    This is in part because pricing is so competitive in the airline industry, not just from airlines but also from third-party vendors and price aggregators. Airline tickets are also a valuable commodity, much like luxury goods or concert tickets. This drives up scraper bot activity, where bots continually send requests to airline websites to collect up-to-the-minute pricing and availability information.

    Sometimes this is done to undercut a competitor, however scraping is not always malicious in intent and could be part of a commercial partnership with resellers. Whatever the intention of the scraper bot operator, this activity adds expensive overheads to infrastructure.

    Another business logic attack commonly launched against airlines is denial of inventory using spinner bots. Spinning is the act of adding items to an online basket, thus removing it from being available to other customers. When this is done at high volume using bot automation, all the available stock appears to be depleted, disrupting sales and moving customers away to competitors. The spinner bot will then empty its basket without completing the purchase.

    For example, on an airline’s or third-party online travel agent’s website, bad actors use bots to reserve seats on flights. The bot reserves the seats for up to 20 minutes, during which time genuine customers perceive there to be no availability left on the flight, and the perpetrator attempts to sell the seats on for a profit. And repeat.

    This is done by bad actors for several reasons, including:

    • Generating high and fast profit off the back of a fairly low risk opportunity
    • Defeating the competition by sending customers to a rival website
    • Disrupting availability by making an application unusable as part of an application-layer denial of service attack

    What is the look-to-book ratio?

    The look-to-book ratio is the number of requests made per booking on an online travel site.

    Requests can be made by humans or bots, and the lower the look-to-book ratio, the better. A low look-to-book ratio means conversions are high from genuine customers browsing the website. However, scraper activity can cause look-to-book ratios to exceed several thousand. A high look-to-book ratio inflates the number of requests versus the number of conversions.

    When scraper bots pull information from a website, they create excess web requests which, in turn, negatively impacts your look-to-book ratio. Increased competition driven from the pandemic, and the popularity of dynamic pricing, means this is fast becoming a top threat for the travel industry.

    How does fare scraping work on travel booking websites?

    In travel, web scraper bots are mainly used to collect fare and availability information by rival companies and aggregator sites, used for price comparison

    But also targeting travel booking sites are scraper bots, used to discover and publicize the availability of products and services such as flights, hotels or car rentals.

    Attackers advertise the scraped information at lower price points on a secondary site, motivated by the financial reward of charging commission, stealing personal data, or generating advertising revenue.

    Scraping is also often used to gather the data needed for more sophisticated or damaging attacks such as ticket spinning or denial of inventory. Preventing malicious scraper bots can cut out these further attacks early as the attackers do not have the data they need to progress.

    What damage is inflated look-to-book ratios causing to travel companies?

    The cost for an airline of having excess transactions – of having pricing systems being queried – can be very substantial, and also uncontrollable

    Ann Cederhall, Travel Technology Specialist at LeapShift

    Excess traffic caused by aggressive scraping and high look-to-book ratios negatively impact airlines and travel companies both on their bottom line and on their technical performance.

    Business costs

    • Additional costs (up to millions per year) to third-party services like Metasearch engines and GDS booking fees, which charge based on traffic volumes
    • Extra costs for SIEM and anti-fraud solutions, again which charge based on traffic volumes
    • Loss of pricing visibility leading to competitive pricing disadvantage
    • Misleading analytics from inaccurate number of website viewers interested in a certain product
    • Loss of ancillary revenues (or “add-ons”) e.g., hotels, travel insurance and car hire

    Technical costs

    • Excessive infrastructure costs (up to 50%) used to serve bots
    • IT teams stretched to deal with bots away from daily tasks
    • Slowed website performance leading to negative user experience
    • Costly downtime in extreme cases

    How to prevent scraping, excess transactions and high look-to-book ratios

    The travel industry is one of the most severely affected by bad bots and has been since the advent of online travel. As bots grow in sophistication and volume, it is crucial for travel websites to accurately detect and bad bots without affecting good bots necessary for the steady running of your website, and genuine users’ experience.

    Netacea Bot Protection helps brands detect and prevent malicious web scraping. Using defensive AI our bot protection technology ensures brands have a constantly active bot detection and mitigation solution to prevent the most sophisticated forms of scraping attacks.

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.

    Related Blogs

    Knight chess piece
    Alex McConnell

    What is a Sophisticated Bot Attack?

    Learn about the growing sophistication of bot attacks. Find out how to improve defenses and detect these attacks effectively.
    Alex McConnell

    Offensive AI Lowers the Barrier of Entry for Bot Attackers

    Explore the impact of offensive AI and automated attacks. Discover how AI is changing the landscape of cybersecurity.
    Worker helmet
    Alex McConnell

    What is Defensive AI and Why is it Essential in Bot Protection?

    Discover the potential of defensive AI in bot protection. Explore how machine learning can protect against automated attacks.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats
    Book a Demo