What if you book a summer holiday that doesn’t exist?
Forget flight delays - the real travel nightmare coming is your AI agent getting scammed
Hi everyone, welcome back to Customer Futures.
Each week I unpack the disruptive shifts around EmpowermentTech. Digital wallets, Personal AI and the future of digital customer relationships.
If you haven’t yet signed up, why not subscribe:
More Empowerment Tech Sessions coming soon!
Last week, we kicked off the very first Empowerment Tech session in London, on the future of Fintech.
We explored what happens when AI agents, digital wallets and portable ID collide with payments and banking. And we asked: Is the empowered customer the next big disruption for banks?
Huge thanks to my brilliant co-host, Erin McCune, who has shared her thoughts on the conversation here.
We’re now planning the next round of ET Sessions. Some in person, some virtual. What should we cover? Digital wallets as a customer channel? Insurance? Regulation? Loyalty?
Got an idea or want to join the next one? Hit reply or DM me.
Hi folks,
This week, it’s another deep dive for you. On AI Agents, holiday scams, and the collapse of digital trust. We dig into:
Why we don’t really know who we are buying from
Agent-to-agent fraud (it’s coming fast)
‘Know Your Agent’ becomes the new KYC - but it’s only half the story
The digital plumbing we need to stop the whole thing from falling apart
When we empower the customer at great speed, we better get ready for the consequences. Including empowering fraudsters at great speed, too.
Hold on to your hats folks, it’s about to get bumpy. For digital travellers, for travel providers, and for all of us who care about digital safety.
So grab a cafetiere of your favourite blend, a cosy corner, and Let’s Go.
Planning a holiday has never been easier. Or more confusing.
Today, it’s normal to start with a dozen browser tabs open. One for Skyscanner, another for Booking.com, and a Reddit thread on “hidden gems.” Then you scroll through TikToks of sunsets, compare reward points and sign up for alerts.
Booking a trip today is more like composing a playlist. All stitched together from different providers.
Flights from an airline. Rooms from a hotel aggregator. Insurance from a third-party site. Excursions from a separate platform you found via a friend of a friend. All bundled and re-bundled through layers of digital resellers. Each wrapped in loyalty points, discount codes and ‘exclusive’ bundles.
Every element looks polished, every platform has reviews, and some even offer live chat. Yeah baby, it all feels modern and digital. And all managed from your sofa.
But here’s the thing.
If you’re honest, you don’t actually know who you’re buying from.
Is the hotel you’ve chosen - the one listed on the Online Travel Agent page - directly managing its own bookings? Or is it being sold and resold by another third party you’ve never heard of?
Is the airline offering the deal? Or is the discount coming from a cashback platform called Wazzoo, layered on top of an affiliate booking site called SpoonDisco.net? And if something goes wrong, like your room is unavailable, your flight gets cancelled, or your refund is delayed, who’s responsible?
These are all real problems, and they’re happening every day.
Because the unhappy path is the path.
Look closely and you’ll see that these issues are caused by structural cracks in the digital travel economy.
And they are about to get a lot wider.
Your new (AI) booking agent
Soon, Personal AI agents will do more than just suggest where to go. They’ll start acting on our behalf.
They’ll check availability, compare options, fill out passenger information, approve payments, and email you all the confirmations.
You won’t have to wrestle with 12 bookmarks and 17 browser tabs. You’ll just get a friendly message: “Your 4-day trip to Lisbon is booked. Morning flights both ways with priority boarding, window seats, a highly rated city hotel with breakfast and a garden view.”
And it’ll feel magical.
But as we begin to offload decisions to our AIs - and as brands and platforms begin to optimise for interacting with AI platforms, not us - we introduce huge new risks.
Here’s the one that’s been on my mind the most:
What happens if the holiday your AI just booked doesn’t exist?
The perfect travel scam
Let’s fast-forward just a little. Imagine you’re planning a summer holiday.
Your Personal AI assistant does the research, finds a brilliant package with direct flights, a boutique hotel, and all at a great price. You start to get excited. Because the online travel agent has a beautiful website. Verified guest reviews. Videos of the room. Google Maps location. And the payment flow is legit.
So you decide to accept. A couple of taps and it’s booked. You smile. How clever of you and your Personal AI.
‘Traveller in the loop,’ you think to yourself.
But there’s a sting in the tail.
Because the hotel doesn’t exist. And neither does the travel agent. The reviews? Generated. The photos? AI. The ‘guest videos’? Deepfakes.
The payment? Gone.
You’ve just been scammed by a completely fake business. One that was built at almost zero cost, and that looked - and felt - completely real.
Yet this isn’t science fiction. This digital future is already here. And it’s now a very real security and fraud problem.
But there’s a bigger disruption coming. Because we’re about to switch up our entire model for digital trust.
Let me explain.
Today, when we book travel, we customers usually rely on:
User reviews to help us check the authenticity of a product or service (“4,371 other people can’t be wrong”)
Brand recognition to help us fall back on predictable experiences (“This accommodation won’t be locally authentic, but at least I know what I’m getting if I stay at the Marriott”)
Social proof from others to help us avoid the bad apples (“My buddy flew with them and was blown away with the service”)
And increasingly, the interface design to help us decide if a business is legit… a polished travel website feels more expensive - and must have taken more time, care and effort - so becomes trustworthy than a cheap, clumsy one (“Their checkout was as slick as Uber”)
But you see, it’s all still so fragile.
Midjourney and Stable Diffusion can today create stunning hotel images in seconds. Sora and Veo3 can now animate beach scenes that look cinematic, and spin up in-room reviews that feel like it really is a dirty sink.
And there are now any number of open-source LLMs that can generate thousands of convincing reviews and confirmation emails.
But maybe you’re still not convinced. So you call the accommodation directly. Yup, the latest voice cloning tools can also now make your call to the ‘hotel’ sound real.
In this new dizzyingly digital world, how do you know what’s real any more?
But perhaps more importantly: How does your AI know?
KYC - KYB - KYA - WTF
We all know about ‘KYC’ (and we can argue later about how (in)effective it is). And regular readers will know that ‘KYA’ - Know Your Agent - is coming soon, a new critical part of the AI landscape.
But it’s only when we can trust all the parties involved - including the travel providers and their AI platforms - that we can scale this whole AI booking assistant business.
We urgently need new frameworks for checking who is who, and what is what:
KYB: Know Your Business - to verify whether the seller, agent, or platform is a legitimate entity
KYA: Know Your Agent - to understand whether the “customer” (or business) is a human or a bot, and if that bot has permission to act (and if so, under what terms)
KYC: ‘Know Your Customer (or in this case, KYT for ‘Traveller’) - to verify the customer profile (that could be based on government-issued documents, but should also include the traveller’s loyalty and profile information)
And we’re going to need all three groups to be verified before these new exciting AI Agents will be accepted across the digital economy.
Helpfully, the EU has already begun laying the groundwork.
Including a new ‘Business Wallet’ initiative, including efforts like the Webuild Consortium. Designing for a world where companies can hold and present their own digital credentials. Verifying things like business status, registration, and the authority to transact.
It’s the beginning of a new ‘verifiable digital business identity’. And it can’t come soon enough.
I’ve written much more about Organisation ID here. It might just be the largest identity market you’ve never heard of.
Because we don’t just need to verify customers and their agents. We need to verify organisations too.
The collapse of platform-based trust
But back to travel.
Today, online trust relies on centralised intermediaries.
Booking.com vouches for the hotel. Expedia verifies the package. Trustpilot hosts the reviews. And if something goes wrong, we turn to them.
What happens when your AI makes a booking at a place that isn’t a recognised brand? Or makes a payment for a hotel that looks like it’s the real business, but doesn’t actually exist? Who’s liable?
Is it you, for approving the transaction? Or the AI provider, for not spotting the scam? Or the payment platform, for facilitating it?
When new booking transactions are ‘agent-to-agent’, the entire liability model becomes blurry. And becomes a whole new level of nightmare when customer processes are already a mess.
And AI agents are about to make digital fraud 100 times worse.
But there’s a way forward. And a new way to build digital trust.
It’s with Verifiable Credentials, or ‘VCs.’
These are new, open digital certificates, issued and signed by trusted parties, so that any person, business or AI agent can prove things about themselves.
In a travel context, verifiable credentials allow:
Hotels to prove they are who they say they are
AI Agents to prove they are authorised to resell inventory
Reviews to be tied to real stays
Content to be watermarked and source-verified
AIs to check digital signatures before proceeding
Imagine booking a trip where every piece of information - from the hotel listing and the room photo, to the business registration and the past reviews - carries a digital watermark. A cryptographic signature that can be independently verified.
That’s what I mean by the future of digital trust infrastructure.
A new layer of digital plumbing
Yes, it will all feel clunky at first. We’ll notice new popups and alerts. The ‘traveller in the loop’ steps might feel awkward, like the early days of two-factor authentication.
But over time, these checks will disappear into the background. Just like HTTPS, just like digital certificates, and just like spam filters. At that point, trust becomes infrastructure.
So let’s recap. AI Agents open up a whole new set of questions:
Who will be responsible when your AI books a fake trip - the assistant, the platform, or the payment provider?
How do we design digital signals to check authenticity, when they need to work for machines, not just humans?
What does customer service look like when there’s no human involved in the transaction?
Who wins and loses in a world where digital trust is based on credentials, not brands?
Can open standards compete with the closed trust networks of today’s travel giants?
We need answers to these and many more open questions. And soon.
Because when I book a holiday, I don’t want to land at the airport and discover the entire thing was either a) a hallucination (a ‘fake-fake’), or b) a bad actor scamming my AI Agent, all because it couldn’t do the right checks (a ‘real-fake’).
As the booking journey goes from personal to programmable, we’re going to need new forms of trust, ideally built on open, verifiable infrastructure.
Otherwise, we’re handing over our digital future - and our virtual credit cards - to a system that can be gamed at scale.
Thanks for reading this week’s edition.
If you found it useful, do forward to a friend or colleague working on digital ID, AI, travel, or digital trust.
There’s more coming soon - including info about the next Empowerment Tech Session. Subscribe here if you haven’t already: