Loyalty FraudBenefits for Your Repeat Customers Could Help Make Them Victims

Zak Matthews
Zak Matthews | July 10, 2024 | 12 min read

Loyalty Fraud Loyalty Points Fraud

In a Nutshell

Loyalty programs are all the rage, with a growing number of industries offering perks to repeat customers. But offering great rewards to incentivize consumers can also attract fraudsters. Our guest author looks at the how and why loyalty fraud has become such a huge threat, and what merchants can do to protect themselves.

Loyalty Fraud Scams: The Next Big Thing in Fraud?

I love my job. It requires a lot of air travel, which can be exhausting, but one of the perks to it is all the frequent flyer points I rack up.

I have enough points banked right now that I could fly round-trip to just about any destination in the world. So, you can imagine what my reaction would be if I logged into my account and found all my points… were gone.

I can happily say that hasn’t happened to me. But, it is happening to more and more people these days. 

Hackers gaining access to, then draining victims’ loyalty points is one of several practices that fall under the umbrella of loyalty fraud. This is one of the fastest-growing fraud threats affecting both customers and businesses. It’s got an outsized impact in the travel space, but any loyalty program could be targeted.

So, let’s take a look at how crooks are doing it, why they’re doing it,  and how air carriers, hotel operators, and other industry players are paying the price.

What is Loyalty Fraud?

Loyalty Fraud

[noun]/loi • əl • tē • frôd/

Loyalty fraud (also known as “loyalty point fraud” or “reward point fraud”) happens when a criminal abuses or exploits a merchant reward program for personal gain. Fraudsters can attack individuals through identity theft, or hack merchants’ databases to gain private information.

From a business perspective, offering loyalty programs is a sure thing. The latest statistics show that 84% of consumers claim they’re more likely to stick with a brand that offers a loyalty program. The top performing loyalty programs boost revenue from customers who use them by 15-25% annually.

Customers feel that loyalty rewards make them feel appreciated and understood. 66% of respondents say the ability to earn rewards changes their spending behavior. So, it’s a win-win situation for everyone.

There are risks to consider, though. For example, you have organized fraud schemes that will use the latest tech to hack into customer accounts and suck them dry. Once they have the points, fraudsters can either use the points themselves, or convert them into something easier to sell, like physical goods or gift cards.

Loyalty program fraud is big business. How big? Check out some of these stats.

Loyalty Fraud

Your average customer equates loyalty points with money, but many of them fail to treat their loyalty accounts that way. Someone who checks their bank balance weekly might not ever consider regularly checking on their points balance. That’s a big opportunity for cybercriminals.

How Do Fraudsters Commit Loyalty Points Fraud?

Loyalty fraud can come from a lot of different angles.

Your customers may try to sneak extra points, using tricks that are morally questionable, but technically allowed. It can also come from your employees, skimming a few customer points here and there and padding their own accounts. But, most losses will likely come from third-party criminals. Common tactics include:

Account Takeover (ATO)

Fraudsters gain unauthorized access to a legitimate user's loyalty account by exploiting weak passwords or through phishing attacks. The scammer can then redeem or transfer points to their own account.

Promo Abuse

Scammers create multiple fake accounts to take advantage of signup bonuses, “refer-a-friend” programs, and other promotional offers. They can bank points at a rate that’s exponentially faster than what you intended.

Points Reselling

Scammers steal loyalty points, then convert points into cash by reselling them on the dark web or through underground forums. In some cases, they go as far as setting up dedicated sites to resell “discount” loyalty points.

Social Engineering

Using psychological manipulation, scammers trick loyalty program staff or participants into divulging login credentials or compromising personal information. They can then access users’ accounts and steal their points.

Activity Spamming

Creating fake “dummy” transactions, or using bots to spam activities that let users accrue loyalty points. The scammer can use tactics like these to rack up and redeem rewards at a much faster rate than intended.

Gift Card Fraud

Gift cards, either stolen or purchased using stolen funds, are used to buy other goods or services that will let the scammer accrue loyalty points. These points can then be redeemed, or resold for cash.

Some scams target businesses, while others target consumers. Like I mentioned above, people are naturally more protective of personal banking information than of their loyalty program info. They won’t log in to check their rewards balances nearly as often as their bank balance. That will come back to bite them because unlike a credit card, loyalty programs offer no guarantee that a customer will be able to reclaim their points.

Why Do Fraudsters Target Loyalty Points Programs?

The average household in the US has about 18 individual loyalty program memberships, including travel, retail, and financial services. Unfortunately, more than half of those accounts were inactive. In other words, the accounts (and all their related data) still exist and are accessible, but they’re even less likely to be checked by the account owner. 

Every inactive account is a treasure trove of vulnerable customer data, ripe for thieves hoping to commit loyalty points fraud. Even worse, if a criminal gets access to one account, the same login credentials will probably give them access to others.

New opportunities. New threats. Take steps today to protect your customers and keep your fraud risk under control.REQUEST A DEMO

Loyalty program fraud is practically a cottage industry for criminals these day. It’s not hard to see why, though. After all, loyalty rewards are:

Good as Cash

Good as Cash

There are many ways to redeem loyalty points. They can be used to exchange for merchandise, book flights, cruises, or other travel, or even sell to online brokers. They can also be traded back and forth by fraudsters on the dark web. This increased liquidity is a serious issue.

Soft Targets

Soft Targets

Airline and hotel loyalty accounts tend to be less protected than other financial accounts. That, of course, makes them much more tempting to hackers.

Unsupervised

Unsupervised

As mentioned above, most consumers don’t check their loyalty points balances as often as they do their bank account. This is a recipe for fraud.

Growing in Value

Growing in Value

Points have increased in value as businesses compete with each other to attract customers. But fraudsters can benefit from it, too.

Loyalty Fraud Hurts Merchants Too

So, here’s where we stand: fraudsters want access to consumers’ loyalty point accounts, and consumers don’t know enough to protect those accounts against fraudsters. That leaves you, the merchant, in a bit of a pickle.

Merchants are adversely affected by loyalty scams in several ways:

Lost Customers

Lost Customers

If loyalty fraud attacks discourage customers from program participation, then it defeats the entire point of the program’s existence. Given that banks purchase billions in miles each year from air carriers and other travel-focused businesses, this would be a serious — even existential — threat.

Compromised Data

Compromised Data

Names, birthdates, addresses, payment card information…these are just samples of the sensitive data stored by program websites. The fact that a site is storing much of the same sensitive data as banks, just with less customer concern, makes it a hot target for fraudsters hoping to nab cardholder data.

Stolen Revenue

Stolen Revenue

Loyalty points fraud can put a merchant in a difficult position. You either have to replace customers’ stolen points — effectively handing-out double points — or risk alienating loyal customers. Regardless which option they go with, it’s going to have an impact on their bottom line.

Chargebacks

Chargebacks

You can’t file chargebacks on lost loyalty points. That said, if a consumer specifically bought from you based on your rewards program, losing those points may lead them to dispute the original purchase.

How Merchants are Fighting Back

The problems we just talked about aren’t going away. So, merchants have had to start adapting, if they’re going to keep their loyalty programs as viable options.

Some popular tactics that merchants are implementing to combat loyalty program fraud include:

Authentication

Making it Harder to Access Accounts

More merchants are requiring multi-factor authentication to get into loyalty accounts. They’re using device fingerprinting and requiring a one time authentication code for new devices.

Sending Notifications

Sending Notifications

When multiple profiles can be added to the same account, merchants may notifying the account holder any time a new passenger or recipient is added to a rewards account. Users can also cancel transactions or tickets before they’re actually redeemed or used.

Requiring Approval for Account Changes

Requiring Approval for Account Changes

Requiring confirmation for any changes to contact details (phone, address, etc.), provided using the contact email on file.

Other Best Practices to Fight Loyalty Fraud

It’s true that crooks are working harder at developing new technology and techniques to commit fraud. And, while consumers can take steps to secure their account, let’s be honest: we know that most of them won’t.

We know this sounds like a lot of doom and gloom. It doesn’t have to be, though. A few best practices can help defend their businesses from loyalty fraud and other identity scams:

#1  |  Monitor All Account Activity

It may be a sign of foul play if a customer leaves their account unattended for a long period of time, then suddenly becomes active. Ask customers to verify security information before accessing their account, and to confirm their identity before using any points in their account.

#2  |  Enable Fraud Tools

Two-factor authentication, AVS (Address Verification Services), CVV (Card Verification Value), and 3DS 2.0 (3-D Secure) Technology can be used in tandem to prevent many forms of identity and ATO fraud.

#3  |  Enforce Stricter Login Credentials

Aside from two-factor authentication, remind customers to change their passwords at least semiannually, and require customers to create strong, unique passwords, combining letters, numbers, and special characters. Merchants can also use CAPTCHA puzzles to help prevent botnet attacks, and temporarily lock customers’ accounts after several failed login attempts.

#4  |  Educate Consumers

Nothing protects against fraud better than engagement. Educate your customers on the value of security-conscious practices like checking account balances regularly and updating passwords.

Important!

Customers are an ally in the fight against loyalty fraud, not an object. Account security is in customers’ best interests, which is why merchants should educate them on the value of security-conscious practices like checking account balances regularly and updating passwords. Sellers should also encourage customers to enable activity notifications when an account is accessed and report any suspicious activity immediately.

#5  |  Reach out to Inactive Users

If a customer has not logged in for an extended period, it might be a good idea to reach out and see why. They might have lost interest or cannot engage with the service any longer, or they may simply be trying to save-up points.

#6  |  Lock Inactive Accounts

It could be a good idea to lock inactive accounts. Many businesses are hesitant to take this action, fearing that it could anger customers or encourage disengagement. However, merchants  can simply explain that it’s in the customer’s own interest; most will be okay with calling to unlock their accounts if it means improved data security.

Protecting against loyalty points fraud is a collaborative process between merchants and customers. Both parties benefit, but it helps if both parties are contributing..

Get Help to Fight Loyalty Fraud

Aside from solid loyalty fraud detection and prevention methods, sometimes an expert eye can help you pinpoint internal weaknesses that could lead to all types of fraud and chargebacks.

Chargebacks911®’s revolutionary approach to chargeback management is summarized in this free whitepaper. Understanding the hidden sources of chargebacks is key to defending your processing rights and avoiding the prospect of a closed merchant account.

We can help you plan a winning strategy. Contact us for a free ROI analysis.

FAQs

What is loyalty fraud

Loyalty fraud is when a fraudster gains unauthorized access to an account in a merchant’s loyalty rewards program. The criminal can either redeem the victim’s points themselves, or exchange the points for goods more easily sold, such as gift cards.

What is an example of loyalty fraud?

A cybercriminal commits identity theft. Along with emptying bank accounts and maxing out credit cards, the fraudster also steals  the victim’s frequent flyer points, either using them to buy a plane ticket or selling them on the dark web.

Is loyalty fraud a crime?

In some instances, yes. A customer manipulating the system for their own gain may not technically be doing anything illegal. On the other hand, individuals making unauthorized transactions with accounts other than their own are definitely commiting a crime. In cases where the activity happens across state lines, the crook could be facing a felony charge and jail time.

What is loyalty abuse?

While it’s nearly the same as loyalty fraud, some people use the term loyalty abuse in reference to legitimate account holders who attempt to circumvent the terms of the loyalty program for their own benefit. For example, opening multiple accounts to take advantage of a deal designed for new users.

Are loyalty programs for real?

Yes. Many businesses offer loyalty programs, especially within the travel and lodging industries.

Zak Matthews

Author

Zak Matthews

Zak Matthews is the VP of Solutions Engineering and Partnerships at Chargebacks911. In his current position, Zak leads the design and implementation of technology solutions for our enterprise customers and technology partners. He brings many years of experience to the role, having worked with several fintech and software start-ups in the data analytics space. Zak graduated from the University of Wisconsin with a double major in Market Research & Supply Chain Operations Management with an emphasis in Quantitative Business Analytics.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
Embed code has been copied to clipboard