Loyalty FraudBenefits for Your Repeat Customers Could Help Make Them Victims

Loyalty Fraud Scams: The Next Big Thing in Fraud?

I love my job. It requires a lot of air travel, which can be exhausting, but one of the perks to it is all the frequent flyer points I rack up.

I have enough points banked right now that I could fly round-trip to just about any destination in the world. So, you can imagine what my reaction would be if I logged into my account and found all my points… were gone.

I can happily say that hasn’t happened to me. But, it is happening to more and more people these days. 

Hackers gaining access to, then draining victims’ loyalty points is one of several practices that fall under the umbrella of loyalty fraud. This is one of the fastest-growing fraud threats affecting both customers and businesses. It’s got an outsized impact in the travel space, but any loyalty program could be targeted.

So, let’s take a look at how crooks are doing it, why they’re doing it,  and how air carriers, hotel operators, and other industry players are paying the price.

What is Loyalty Fraud?

Loyalty Fraud

[noun]/loi • əl • tē • frôd/

Loyalty fraud (also known as “loyalty point fraud” or “reward point fraud”) happens when a criminal abuses or exploits a merchant reward program for personal gain. Fraudsters can attack individuals through identity theft, or hack merchants’ databases to gain private information.

From a business perspective, offering loyalty programs is a sure thing. The latest statistics show that 84% of consumers claim they’re more likely to stick with a brand that offers a loyalty program. The top performing loyalty programs boost revenue from customers who use them by 15-25% annually.

Customers feel that loyalty rewards make them feel appreciated and understood. 66% of respondents say the ability to earn rewards changes their spending behavior. So, it’s a win-win situation for everyone.

There are risks to consider, though. For example, you have organized fraud schemes that will use the latest tech to hack into customer accounts and suck them dry. Once they have the points, fraudsters can either use the points themselves, or convert them into something easier to sell, like physical goods or gift cards.

Loyalty program fraud is big business. How big? Check out some of these stats.

Your average customer equates loyalty points with money, but many of them fail to treat their loyalty accounts that way. Someone who checks their bank balance weekly might not ever consider regularly checking on their points balance. That’s a big opportunity for cybercriminals.

How Do Fraudsters Commit Loyalty Points Fraud?

Loyalty fraud can come from a lot of different angles.

Your customers may try to sneak extra points, using tricks that are morally questionable, but technically allowed. It can also come from your employees, skimming a few customer points here and there and padding their own accounts. But, most losses will likely come from third-party criminals. Common tactics include:

Some scams target businesses, while others target consumers. Like I mentioned above, people are naturally more protective of personal banking information than of their loyalty program info. They won’t log in to check their rewards balances nearly as often as their bank balance. That will come back to bite them because unlike a credit card, loyalty programs offer no guarantee that a customer will be able to reclaim their points.

Why Do Fraudsters Target Loyalty Points Programs?

The average household in the US has about 18 individual loyalty program memberships, including travel, retail, and financial services. Unfortunately, more than half of those accounts were inactive. In other words, the accounts (and all their related data) still exist and are accessible, but they’re even less likely to be checked by the account owner. 

Every inactive account is a treasure trove of vulnerable customer data, ripe for thieves hoping to commit loyalty points fraud. Even worse, if a criminal gets access to one account, the same login credentials will probably give them access to others.

Loyalty program fraud is practically a cottage industry for criminals these day. It’s not hard to see why, though. After all, loyalty rewards are:

Loyalty Fraud Hurts Merchants Too

So, here’s where we stand: fraudsters want access to consumers’ loyalty point accounts, and consumers don’t know enough to protect those accounts against fraudsters. That leaves you, the merchant, in a bit of a pickle.

Merchants are adversely affected by loyalty scams in several ways:

How Merchants are Fighting Back

The problems we just talked about aren’t going away. So, merchants have had to start adapting, if they’re going to keep their loyalty programs as viable options.

Some popular tactics that merchants are implementing to combat loyalty program fraud include:

Other Best Practices to Fight Loyalty Fraud

It’s true that crooks are working harder at developing new technology and techniques to commit fraud. And, while consumers can take steps to secure their account, let’s be honest: we know that most of them won’t.

We know this sounds like a lot of doom and gloom. It doesn’t have to be, though. A few best practices can help defend their businesses from loyalty fraud and other identity scams:

#1  |  Monitor All Account Activity

It may be a sign of foul play if a customer leaves their account unattended for a long period of time, then suddenly becomes active. Ask customers to verify security information before accessing their account, and to confirm their identity before using any points in their account.

#2  |  Enable Fraud Tools

Two-factor authentication, AVS (Address Verification Services), CVV (Card Verification Value), and 3DS 2.0 (3-D Secure) Technology can be used in tandem to prevent many forms of identity and ATO fraud.

#3  |  Enforce Stricter Login Credentials

Aside from two-factor authentication, remind customers to change their passwords at least semiannually, and require customers to create strong, unique passwords, combining letters, numbers, and special characters. Merchants can also use CAPTCHA puzzles to help prevent botnet attacks, and temporarily lock customers’ accounts after several failed login attempts.

#4  |  Educate Consumers

Nothing protects against fraud better than engagement. Educate your customers on the value of security-conscious practices like checking account balances regularly and updating passwords.

#5  |  Reach out to Inactive Users

If a customer has not logged in for an extended period, it might be a good idea to reach out and see why. They might have lost interest or cannot engage with the service any longer, or they may simply be trying to save-up points.

#6  |  Lock Inactive Accounts

It could be a good idea to lock inactive accounts. Many businesses are hesitant to take this action, fearing that it could anger customers or encourage disengagement. However, merchants  can simply explain that it’s in the customer’s own interest; most will be okay with calling to unlock their accounts if it means improved data security.

Protecting against loyalty points fraud is a collaborative process between merchants and customers. Both parties benefit, but it helps if both parties are contributing..

Get Help to Fight Loyalty Fraud

Aside from solid loyalty fraud detection and prevention methods, sometimes an expert eye can help you pinpoint internal weaknesses that could lead to all types of fraud and chargebacks.

Chargebacks911®’s revolutionary approach to chargeback management is summarized in this free whitepaper. Understanding the hidden sources of chargebacks is key to defending your processing rights and avoiding the prospect of a closed merchant account.

We can help you plan a winning strategy. Contact us for a free ROI analysis.