Following the recent 5-day May Day holiday in China, data from the "2024 May Day Tourism Trend Insight Report" further demonstrates the positive development trend in the tourism industry: the tourism market in small and medium-sized cities in China has shown significant growth, with hotel bookings in non-first-tier cities increasing by 68% year-over-year, scenic spot ticket orders up by 151%, and inbound travel bookings up by 130% year-over-year.
With changing consumer habits, more and more people are choosing to travel during holidays. The demographic structure of tourism consumers is also changing, with young tourists born after 2000, particularly college students, becoming the new driving force in the tourism market. Naturally, the recovery of the tourism industry is also closely related to the active promotion and support of cultural and tourism sectors across various regions.
However, when the holiday ends and the return journey peak hits, transportation pressures increase for planes, ships, and other means of travel, resulting in a situation where tickets become extremely hard to get. "A ticket that costs over 1,000 RMB for the outbound journey can cost nearly 20,000 RMB for the return." This is a real problem faced by travelers trying to fly back. When supply and demand are imbalanced, existing resources can't meet the travel needs of all tourists. In fact, in recent years, the occurrence of exorbitantly priced tickets has become more frequent, with many international flight tickets often exceeding these prices, and some one-way economy class tickets approaching 200,000 RMB. The root cause often lies with threat actors. During holiday travel peaks, transportation modes such as airplanes, trains, and buses are likely to face security risks like web crawlers, script-based ticket snatching, and SMS fraud. Specifically, these manifest as fake registration/login accounts, ticket queries, and order submissions to hold seats.
Impact on Major Platforms: Airbnb and TripAdvisor
Both Airbnb and TripAdvisor have become essential platforms in the travel industry, providing valuable services to millions of users. However, they are not immune to the threats posed by bots.
Airbnb
Fake Listings and Reviews: Bots can create fake listings and post fraudulent reviews, undermining the trust and safety of the platform. This can lead to guests booking unsafe or non-existent properties, damaging Airbnb’s reputation.
Automated Booking Bots: These bots can book popular listings quickly, leaving genuine users unable to secure accommodations. This not only frustrates users but also distorts availability data, affecting the platform’s efficiency.
TripAdvisor
Review Manipulation: Bots can post fake reviews to manipulate a property’s rating, either boosting a competitor’s standing or tarnishing a legitimate business’s reputation. This compromises the reliability of user-generated reviews, which are a cornerstone of TripAdvisor’s value.
Data Scraping: Bots can extract vast amounts of data from TripAdvisor, including user reviews and ratings. This information can be used maliciously or sold to third parties, posing a significant privacy risk.
POW (Proof of Work) to Curb High-Frequency Interactions
For threat actors to successfully purchase tickets in a resource-scarce situation, they must outpace real travelers in speed, requiring computer scripts. These scripts allow threat actors to snatch tickets at speeds thousands or even tens of thousands of times faster than normal people. If a CAPTCHA appears, they can also use scripts to crack it.
Based on GeeTest's 12 years of experience in business security, we have found that brute force cracking is a common method used by threat actors—using repeated attempts to achieve successful verification eventually. Even if the CAPTCHA blocks 80% of attempts, by increasing the number of attempts eightfold, the success rate can be brought back to the original level. A significant characteristic of brute force attacks is that they place excessive pressure on business servers, increasing operating costs.
To counter the common brute force methods of threat actors, GeeTest uses POW (Proof of Work) technology to curb the high-frequency interactions generated by brute force cracking when providing behavior verification solutions for transportation enterprises.
POW (Proof of Work) is a form of cryptographic proof where the prover (threat actor) must demonstrate to the verifier (CAPTCHA) that they have performed a certain amount of computational work, which is then confirmed by the verifier. In simple terms, POW is like a mandatory "math problem" that needs to be solved. When a threat actor initiates a request, besides performing actions like sliding or clicking, they must also spend time and CPU resources solving this "math problem," thereby slowing down their attack frequency and effectively curbing high-frequency interactions.
During travel peaks, POW (Proof of Work) technology can effectively alleviate server pressure, stabilizing operating costs, and at the same time, curb threat actors' attempts to crack CAPTCHAs through high-frequency interactions to purchase tickets.
Multiple Verification Forms Ensure a Good User Experience
When designing CAPTCHA products, it is essential to consider not only the needs of enterprise users to ensure business security but also the user experience of individual consumers. GeeTest Behavior Verification 4.0 supports nine verification forms to meet different users' needs, and enterprise customers can choose the form that best fits their business scenarios. When travelers are already anxious about booking tickets, a good booking experience becomes even more critical.
In summary, implementing GeeTest Behavior Verification 4.0 on tourism industry ticketing platforms prevents automated scripts from maliciously snatching tickets during peak periods (negatively impacting actual passengers' interests and experiences), reduces the monopolization of ticket resources by ticket scalpers, and prevents passenger information leakage caused by web crawlers. Moreover, GeeTest Behavior Verification uses innovative technologies like Proof of Work and protocol cracking to curb frequent automated script requests, reducing server load, improving system stability and response speed, and lowering business operating costs, achieving cost reduction and efficiency enhancement.
Currently, many companies related to the cultural and tourism industry have chosen GeeTest to prepare in advance, including tourist attractions, theater performances, travel platforms, hotel accommodations, and air travel. GeeTest has established partnerships with many leading domestic airlines, achieving a 50% market share in the leading sector. Beyond airlines, GeeTest, in its twelve years of business security market engagement, has achieved a 56.4% market share in key industries such as e-commerce, gaming, finance, and social networking, surpassing other similar service providers in the market.
Start your free trial
Over 320,000 websites and mobile apps worldwide are protected by GeeTest captcha