It’s not just about the points- from free custom makeovers, to access to exclusive clubhouses, to donating to communities in need, reward programs are putting a new spin on loyalty. One thing is for sure: both customers and retailers are loving it. In fact, 72% of consumers prefer shopping with retailers who offer a program, and an average customer belongs to 13 different rewards programs. Not only do these programs attract and retain customers, they also encourage customers to spend more. Unfortunately, loyalty programs have become prime targets of account takeovers (ATO), with cyberattacks nearly tripling from 2016 to 2017. 3 out of 4 loyalty programs have experienced fraud attacks! These attacks are not restricted to any industry or scale of business- airlines like American Airlines and United Airlines, retailers like Tesco and Kohl’s, and restaurants like KFC have all suffered the same fate of ATO on their loyalty programs.

In order to engage your customers and keep them happy with an attractive loyalty program, it is paramount to first keep your program safe. Therefore, let’s dive deeper into loyalty account takeover fraud to better understand how to keep fraudsters away.

A hot new target: loyalty account security risks

The bad news: there are many ways for a cybercriminal to obtain login credentials to these accounts. Data breaches are happening every other day. This gives fraudsters access to a large volume of personal information, which can likely be used across several different accounts. Alternatively, hackers also send out phishing emails as an attempt to steal their data.

After gaining access to the login credentials, it’s a breeze for fraudsters to take over the loyalty accounts. There is an increase in loyalty account takeover fraud largely due to two reasons: these accounts are growing in value, but lacking in terms of security.

Security risk 1: loyalty points are as good as cash

cost of data on the dark web
Cost of data on the dark web
Statistics from: Experian, Network World and ZDNet

Most loyalty programs make the mistake of underestimating the value of their accounts. Not only is ATO on the rise, loyalty accounts specifically are the new gold. While a Social Security number sells for $1 on the dark web, loyalty account information can sell for a whopping 20 times more. With a loyalty account, fraudsters can proceed to either redeem the points for rewards (like hotel stays and flight upgrades), sell the points for cash, or transfer the points into a shell account. Fraudsters can also use stolen credit cards to make multiple transactions, racking up a massive amount of loyalty points. These points are as good as real currency- they can be used for almost any real-world transaction including shopping, travelling and online gaming. With $48 billion worth of rewards, it is unsurprising that loyalty accounts are getting increasingly attractive to fraudsters.

Security risk 2: loyalty accounts are ripe for the picking

Loyalty programs typically lack security measures, with most accounts guarded only by a username and password. This makes it extremely easy for fraudsters to hack into the account. It is also effortless for fraudsters to redeem the points, since you want it to be convenient for your customers. Furthermore, only 1 out of 3 customers will log in to check their accounts once every few months. The lack of attention given to loyalty accounts means that there is a low possibility of detecting any fraudulent activity. This gives fraudsters a huge opportunity to attack.  

When loyalty programs betray you: costs of fraud

The financial implications that merchants must bear are obvious and costly- you will have to reimburse the points to affected customers, suffer the monetary losses of redeemed rewards, and be responsible for chargeback fees if purchases were made with fraudulent credit cards.

effects of loyalty program fraud on customer relationships
Statistics from: Connexions Loyalty

Alas, the consequences of loyalty account takeover fraud go way beyond monetary losses. Loyalty programs are supposed to build customer loyalty and reward your best customers, but -voila!- all that is gone when fraud hits. In fact, 10% of a customer’s value is instantly lost upon any fraudulent activity. Having accounts hacked, loyalty points stolen, and personal data compromised will push even the most loyal customers away. Loyalty and trust come together- disappointed customers might find it tough to trust that an attack will not happen again. Furthermore, your loyal customers are also your biggest brand advocates. Giving them an unpleasant experience will most definitely give you bad publicity. Regrettably, the biggest loss will be your company reputation and your customers’ lifetime value.

Keeping your customers loyal: fraud management as a top priority

It is simply not enough to protect your loyalty accounts with a username/password combination. Instead, consider monitoring the accounts for anomalies to effectively distinguish between genuine and fraudulent customers. You should analyze user behavior throughout the entire journey- including account creation and login, any account activity and also at the point of transaction such as redemption of points. Watch out for suspicious behavior, such as when an account receives thousands of login attempts within a few minutes, or when a user is accumulating points at an unusual rate. A comprehensive fraud solution which employs behavioral analytics with pattern recognition will be able to accurately filter fraudsters away from genuine users.

Start treating loyalty points like real currency! For loyalty programs to work their magic on your customer relationships, make sure that you protect your customers from fraud. Demonstrating the security of your loyalty program will do wonders for your consumer engagement.