Imagine you're an online travel agent managing payments to hundreds of hotels, tour operators and local guides across the globe. Each day, you face potential fraud, forcing you to track down misdirected payments and work through head-scratching manual reconciliation.

You're not alone – Modulr research shows that 94% of travel businesses are concerned about fraud and 83% say its risk has increased since 2020.

It’s no surprise things feel painful. Traditional bank transfers and static payment methods weren't built for this complexity. They lack real-time controls, are hard to reconcile, and leave you exposed to costly errors and bad actors. But the travel business hasn’t been ignoring the threat of fraud – far from it.

In fact, one of the industry’s most-loved payment methods – virtual cards – is a fundamental tool in the fight against fraud. The question is, is everyone getting the best from their virtual cards, or leaving themselves expose to unnecessary risk?

In this blog, we’ll be looking at:

• Why travel payments are prime targets for fraud

• What virtual cards do to fight fraud

• Real-world protection in action

• Embedded payments for travel's complexity

• Understanding the limits: chargebacks and card fraud

• A more secure path forward

Why travel payments are prime targets for fraud

As any professional in the sector sadly knows, travel is particularly vulnerable to fraud. More than 25% of European OTAs surveyed by Modulr complain that payment inefficiency increases their exposure to fraud risk.

Long and fragmented payment chains, multiple currencies, high transaction volumes and a globally dispersed supplier base create the perfect environment for fraudsters to operate.

Traditional B2B payment flows in travel rely on static accounts, limited oversight and post-hoc reconciliation, usually manually or in bulk. Often payments are settled long before or after customer or supplier bookings, meaning financial visibility is poor across payment chains and errors often go unnoticed until it’s too late.

What virtual cards do to fight fraud

In many travel businesses, there’s little room for proactive control when it comes to payment accountability. In a typical invoicing or account-to-account transfer, a finance team is left without the ability to set rules at the point of payment. That leaves blind spots fraudsters can exploit.

Virtual cards solve for these risks by letting businesses issue secure, single-use card details for each transaction, supplier or booking. You define the rules, on amount, expiry, merchant type or other specific details.

Unlike account-based payments, and unlike physical cards used for many transactions to many suppliers, virtual cards:

• Can be created instantly and tied to a single booking or use
• Offer granular controls at card level
• Automate reconciliation by linking each card to a booking ID or reference

For example, a virtual card tailored to a travel payment can be configured with:

• A fixed spend amount
• Merchant category code (MCC) filtering (restricting card use to certain supplier types)
• BIN routing (limiting card use by geography or issuing bank)
• Expiry limits (from minutes to days)
• Tokenisation (making card data usable only once or in a specific context)

This level of control ensures that if card details are stolen or reused, the transaction will be blocked. And when paired with webhook alerts and card-level identifiers, finance teams gain real-time visibility into every payment.

Real-world protection in action

Let’s say a travel management company or TMC needs to pay one of their many boutique hotels. Instead of raising a purchase order or issuing a bill, or simply responding to an invoice requesting a transfer of funds, they generate a safeguarded e-money account, funded precisely to the booking amount, before matching it to a virtual card restricted to hotel merchants, and setting to expire within 24 hours of the date of the customer checkout.

If the supplier attempts to overcharge, use the card again or share the details, the transaction fails. If the card data is stolen, it’s unusable. If the funding account for the card is empty, the card won’t work. And once payment clears, reconciliation happens automatically.

This isn’t hypothetical. Modulr’s travel clients use thousands of virtual cards every day to automate, protect and streamline outbound payments. So why aren’t more travel businesses embracing the full potential of virtual cards?

Embedded payments for travel's complexity

While card networks such as Visa and Mastercard are trusted globally, and virtual cards for single or multiple use are widely embraced by the travel sector, the full extent of virtual card capabilities come through embedding payments and automation into your existing finance systems.

It’s best to think of virtual cards within a broader embedded payments infrastructure built for travel’s high-volume, high-complexity payments.

Embedded via API, and supported with automated virtual account creation, travel businesses can:

• Integrate directly into booking systems or ERP tools
• Issue cards at scale, instantly
• Apply and update rules and card metadata programmatically
• Receive real-time alerts for anomalies
• Reconcile payments automatically by booking or account ID

Understanding the limits: chargebacks and card fraud

While virtual cards offer a high level of control, they are not entirely immune to fraud. Card schemes can still be targeted by bad actors using social engineering, stolen details or chargeback abuse.

Chargebacks are often used by buyers to dispute a transaction – a protection mechanism that can support consumers when services aren't delivered. But in some cases, they are exploited to fraudulently reclaim funds after services have been provided. In travel, where bookings and fulfilment often occur weeks apart, this becomes a grey area that fraudsters may try to exploit.

However, unlike static card credentials, virtual cards significantly reduce the exposure window. Defined-use and restricted by spend amount, merchant category and expiry, these cards make it far harder for fraudsters to execute multiple or recurring attacks. And with real-time webhook alerts and embedded reconciliation, any anomalies are surfaced instantly.

Ultimately, no method is entirely risk-proof, but virtual cards shift the balance in favour of the payer.

In Modulr’s research, The Hidden Costs in Travel Payments, 26% of OTAs believed access to multiple payment options reduced the fraud risk they faced.

When deployed with layered controls, and used alongside services like account-based payouts supported by Confirmation of Payee and 2FA, virtual cards are a meaningful first-line defence against both opportunistic fraud and structural inefficiencies.

A more secure path forward

Virtual cards give travel businesses a safer, more scalable way to manage supplier payments. They embed control at the point of payment, automate oversight, and simplify the process of financial due diligence.

In an industry where reconciliation wastes time and money and often erodes trust with suppliers, virtual cards offer speed, traceability and confidence.

If fraud is a known risk in your supplier payments, it shouldn’t be an accepted one.

Explore Modulr’s virtual card capabilities and discover how we help travel businesses embed security into every transaction.