Fingerprint, a leader in device intelligence, has released new insights indicating that travel and hospitality platforms incur an average of $11 million in annual fraud losses, advocating for a shift to session-level trust to combat sophisticated attacks leveraging interconnected identity, loyalty, and payment systems.

The analysis from Fingerprint argues that the interconnected nature of these systems creates a “domino effect” where a single compromise, such as stolen loyalty credentials, can lead to fraudulent bookings. To counter this, session-level trust is presented as a method to identify and continuously evaluate risk early in the customer journey, preventing attacks before value extraction.

Key findings from the report detail the specific vulnerabilities. Rewards fraud, or loyalty exploitation, accounts for an estimated $1 billion to $3 billion in annual global losses, with platforms unifying identity making loyalty balances easier targets. Account takeover (ATO) is cited as the starting point for 52% of loyalty fraud incidents, enabling attackers to drain balances or alter account details. Furthermore, hospitality chargebacks are noted to be increasing by 30% year-over-year, which Fingerprint identifies as a lagging indicator, revealing where fraud lands rather than where it originates.

By adopting session-level trust, fraud teams can continuously assess risk throughout a user session. This approach allows platforms to intervene immediately upon detecting suspicious activity, thereby protecting revenue without compromising the user experience. Fraud in travel and hospitality is escalating due to expanded attack surfaces from seamless booking, unified identity, and automation. Loyalty points, functioning as “soft currency,” are particularly vulnerable due to a lack of real-time monitoring.

Fingerprint’s device intelligence platform is designed to detect the intent of both human and automated visitors. It processes hundreds of signals to identify over 1 billion unique devices monthly, assisting fraud teams in distinguishing legitimate users from malicious actors at scale. The company states that more than 6,000 organizations, including Dropbox, checkout.com, and NeuroID, utilize its platform to recognize high-risk activities in real time, prevent fraud, and deliver frictionless user experiences.