The Internet has quietly revolutionised the world. It has made completion of tasks easy and fast, making us dependent on it heavily for almost every aspect of our life. One of the earliest revolutions took place in the banking industry, followed by the ticket booking services after the US military made their ARPANET project public and allowed universities and businesses to take advantage of this wonderful technology.
Interestingly, computer and programming nerds create a primitive web-based ticket booking systems with the Java language, which is considered by many as the language of the internet. They do so for their academic projects in their schools and colleges, and these applications are insignificant concerning the commercial versions. However, the case was discussed to make the reader realise the popularity of theses internet-based ticket booking applications.
Now, coming to the main point, online ticket booking and hotel reservation systems often provide the option of paying the required amount online, which is referred to as wire transfer in common man’s language. These websites use third-party plug-ins through APIs, that integrates their website’s database with the bank’s computer systems and servers through a software-defined network device called the Payment Gateway.
Generally, these payment gateways are extremely secure environments that employ Secured Socket Layer or SSL algorithms, which can be 64 bit or 128-bit encryption algorithms, based on the requirement. 128 bit SSL algorithms are the most secure algorithms deployed in public domain to secure fund transfer environments and encrypt the sensitive information with a highly reliable process that is extremely difficult to crack by modern standards.
The problem, or rather the loopholes lie with the internal data storage mechanisms deployed by the third party ticket booking websites. Sometimes, to reduce the cost associated with maintaining the security standards high, these websites do not take adequate measure to ensure that the payment-related information is safe in their servers. It might also be the fact that their server or database administrators are not skilled enough to ensure stringent security measures are deployed.
It may happen that while no security breach takes place on the part of your bank’s transfer system, security loopholes might exist in the hotel’s or the airline’s website. If their servers are hacked, and any expert hacker appropriately mines the data, your complete details regarding the financial transaction, including your credit card details, will be in front of the hacker.
The hacker can download or copy the information to some other system of his own and use the same to perform unauthorised transactions and fund transfers. Although banks deploy double-layered verification methods to mitigate such frauds, the process is far from being full-proof.
Thus, think twice before you trust a third party hotel and ticket booking service. Even the best hotel booking service providers are vulnerable to such server attacks by cyber experts, and they do very little to plug the loopholes in their systems and servers.