
On June 24, 2026, Virgin Atlantic joined Level Five Group for a webinar on the growing sophistication of fraud across the airline industry.
The conversation drew experts from multiple regions and covered AI-driven threats, loyalty program exploitation, and emerging attack patterns. The insights apply well beyond airlines: any organisation managing digital customer journeys and transaction flows will find them relevant.
Fraud is no longer a specialist trade. Generative AI has made mass phishing campaigns, synthetic identity creation, and deepfake social engineering accessible to anyone willing to pay for the tools.
Frankenstein identities, stitched together from real and fabricated data, used to take hours to construct. Now they scale automatically. Voice cloning scams have already duped thousands. A single deepfake incident in 2024 cost one organisation US$25 million.
The attacks are becoming more personalised, more scalable, and harder to detect. The barrier to entry has collapsed.
Consumers are increasingly delegating travel decisions to AI agents. Destination research, price comparison, flight booking, loyalty redemption — all of it is being handed off to tools like Claude and ChatGPT.
This creates a detection problem that the industry has not solved. How do you distinguish a legitimate customer interacting through an AI agent from a threat actor using the same mechanism to exploit business logic?
Flagging all non-human activity as suspicious is no longer viable. The question is how systems can be built to understand intent, context and behaviour before taking action.
Loyalty programs began as marketing retention tools. They are now digital currencies with real-world financial value, redeemable across hotels, retailers, banks and travel partners.
Fraudsters figured this out before most airlines did. Points can be stolen, transferred, sold through secondary markets, and laundered through partner ecosystems with far fewer controls than traditional financial channels.
The governance gap is the vulnerability. Loyalty fraud is no longer a customer service issue. It carries financial, regulatory and reputational exposure that belongs at the executive level.
OTPs, 2FA and MFA were adequate defences a decade ago. Social engineering, credential theft and AI-assisted malware have eroded that.
Device intelligence, behavioural analytics and continuous risk assessment across every customer touchpoint are now baseline requirements for any organisation running digital transaction journeys. Detecting spoofed devices, remote access tools, virtual machines and IP tampering are not advanced capabilities. They are the minimum standard for stopping account takeover, bot activity and mule chain operations.
Fraud teams that mobilise after losses have occurred are already behind. Reputational damage, customer attrition and operational cost do not reverse once they accumulate.
The shift is upstream. Detecting suspicious behaviour at the earliest touchpoint in the transaction journey prevents losses that post-incident investigation can only document.
The caveat: speed alone is not the answer. Intervening at the wrong moment, blocking a legitimate high-value redemption because a device signal fired without transactional context, costs more in customer lifetime value than the fraud it stopped. The missing capability is not faster decisioning. It is decisioning that understands where the customer is in their journey before it acts.
Virgin Atlantic implemented real-time intelligence across its Flying Club loyalty programme and the results were immediate.
Approximately 7 million loyalty points tied to fraudulent activity were identified. Over 3,500 compromised accounts were blocked in real time, protecting around 85 million Flying Club points from theft. Investigation times dropped from days to minutes.
The operational case and the customer protection case are the same case.
Fraud today crosses every function: loyalty, digital, cybersecurity, payments, customer experience, AML. No single team has complete visibility. No single team should be carrying this alone.
But cross-functional collaboration fails without shared risk language and aligned incentive structures. A fraud team measured on chargeback rates and a loyalty team measured on redemption volume are structurally opposed. That conflict does not resolve itself through better tooling. It requires deliberate governance design before any technology investment will deliver its intended value.
The goal is a central intelligence hub with visibility across every channel, redistributing signals and coordinating decisions across every function simultaneously.
What Europol documents in eighteen months, institutions in Malaysia, Thailand and the Philippines are managing today.
The fraud networks operating out of Myanmar, Cambodia and Laos are iterating on social engineering playbooks faster than Western threat intelligence can track. The tactics that will define global fraud patterns in 2027 and beyond are being refined in this region right now.
Institutions that want to understand where fraud is heading should be talking to operators on the ground here. Retrospective reports from the other side of the world will always arrive too late.