Information Age: As an organisation founded by nine of Europe’s largest airlines, Opodo clearly has an unusual corporate structure. It must be quite a challenge bringing all those companies systems together. What are you key priorities?
Stuart Walters: First, we have to provide a distribution channel for the shareholding companies, including British Airways, Air France, Lufthansa and a number of other major European airlines. But we are very much an industry-wide travel portal. We also provide products from more than 400 airlines – not just our shareholders’ – and 30,000 hotels worldwide. Second, is simply to build a profitable business – but as we sell more than just our shareholder’s flights, we have to be careful. We have to make an independent offering to the customer because we are competing with the other big European travel portals.
IA: Few organisations are actually running genuinely real-time ecommerce web sites. What are the key technology elements that support Opodo’s infrastructure?
SW: We basically run a Broadvision and Oracle environment. Those are the generic layers. On top of that, we have some very travel-specific components. We also connect to a number of travel suppliers, of course. To do that, we have to access those systems in real time, query price and availability and present it to the customer.
The core components of the system were chosen after strenuous and lengthy selection processes. We asked, for example, what should we use for personalisation? What should we use for the database and so on? Some of the answers were pretty obvious. We also had a number of decisions to make that were very travel specific. In particular, the choices of booking engines, content products and yield management. Those are very specialised to our business.
IA: How does that yield management software work?
SW: Yield management is a process that involves managing and determining pricing and, therefore, yield dynamically at the time of query. For us, there are different criteria depending on whether it’s a retail commercial deal with the supplier or a merchant commercial deal. If you have a retail deal, typically the sale price is determined for you by the provider and there’s a standard commission. A merchant model is where the retailer is offered a set price. In other words, a ‘buy’ price, and the merchant then marks it up to a ‘sell’ price. In that case, the onus in on the merchant to determine what price the market will tolerate and to determine the yield from the product.
IA: Opodo connects and exchanges data in real-time with multiple travel service providers. How do you connect to their systems?
SW: It varies enormously by provider. You have to take what’s being offered by the provider. More and more are adopting XML interfaces, but the travel industry is not known for its technical leadership, especially the ‘legacy’ inventory providers. Most of them tend to run on mainframe or mid-range systems, which are usually 15-plus years old.
Many providers are getting round to building XML layers in front of their systems and they have started to gear up for the Internet, rather than the offline world, which is what they were built for. Galileo, which is now a Cendant company, has just launched a complete web services interface to its global distribution system. It’s pretty leading edge by anybody’s standards. At the other end of the scale, we will have tour operators where we may be dealing with an outdated EDI [electronic data interchange] message set. But generally, we would do stuff over VPNs [virtual private networks], over the Internet or over private leased lines. We try to standardise on middleware and connectivity standards where we can. We do that by using some normalisation software, which will transform messages into a standard, consistent format.
IA: When you get the data, what happens next?
SW: With flights, for instance, we query Amadeus’ central system, which is based in Germany, and we get back a stream of data, with available flights, times and price information. We then strip out that data, re-format some of it, decode some of it because Amadeus’ Global Distribution System (GDS) information can be fairly unfriendly. After all, these systems were basically built for trained travel agents. So we filter it, screen it and make it comprehensible for the customer and then present it to them.
We use standard Internet security techniques to ensure that the connections with all our different third-parties remain secure. We use SSL [secure sockets layer] and encryption where necessary. We are very heavily firewalled at both ends. Our providers are very heavily firewalled as well and we do some stuff over private circuits. We also use Internet VPNs if it’s suitable and appropriate. Our security, in fact our whole hosting environment, is provided as a managed service from a hosting service provider.
IA: What use do you do with the data collected from users on the web site?
SW: The Informatica data warehouse collects large quantities of data, both customer and site behavioural data. We examine trends, destinations, where people are flying, what hotels they are booking, what cars they are hiring and whether they are buying travel insurance from us. We track from when people enter the site to when they leave, whether they buy from us or not.
That gives us an awful lot of intelligence about what we are offering to the customer: what they are choosing from the selection we are offering and, from that, obviously, we try to determine why they are choosing one and not another.
The real purpose of the data warehouse is not to get down to the customer-level so much, we are more interested in the product side of it. We are not looking at specific customers and asking why they didn’t buy this or that. Clearly there are upsell opportunities there as well, but we have to be careful that we are not intrusive. From a product point of view, we are interested in what airlines people buy and the hotel chains people book with. That’s simple. Then, we look at combinations of the two. So, for example, whether people who book with one airline might be more likely to book with a certain kind of hotel chain.
We also have a clever system that ensures that there are no double bookings on items such as flights. When you press the ‘book’ button on our site, that will send a booking request through to Amadeus and, whichever booking Amadeus receives first, it’s going to allocate the seat to that person – the other person will get an unavailable response.
IA: Historically, online transactions have been subject to higher rates of fraud than offline transactions. What anti-fraud measure have you taken to minimise the risk?
SW: We have a string of anti-fraud checks that should also capture double transactions. It is a problem for online retailers, there’s no question about that. We have deployed a number of measures. First, we have the address verification system, which is, I guess, one of the most widely used systems. We have CV2, which is the number on the back of the card.
We have ‘Verified by Visa’, which has been operating on the continent for years now. When you purchase something in a shop, you type your code in on a key pad at the counter. It means that someone might have your card, but unless they know your pin code, it’s unusable.
We also have something we call velocity checking, which is where we look for the same card number being used more than a certain number of times in a particular time period. If we trap that, the system will throw up a red flag against that card number.
We have a lot of business rules that we run. Some are destination based. Some are transaction-value based. Some are based on how many people are travelling. We use a combination of all those factors and a few others to determine whether a transaction has a high or low likelihood of being fraudulent. It’s quite a sophisticated system devoted to capturing fraud. But there’s some very good fraudsters out there who are quite well known, so we are always improving it. I think it’s something we will never stop improving.