Loyalty Fraud Scams: The Next Big Thing in Fraud?
Imagine spending years saving up for the trip of a lifetime…only for a fraudster to rip the tickets to your dream vacation right out of your hand.
This isn’t just a nightmare. It’s loyalty fraud: one of the fastest-growing travel fraud threats in the industry. These loyalty point scams are becoming a real problem for travelers and businesses operating in the travel space.
We’ve discussed how fraudsters use identity fraud tactics to steal unearned loyalty points directly from travel-focused businesses. But this week, we’re looking at how criminals target consumers’ accounts, and how air carriers, hotels, and other industry players suffer as a result.
- OTAs Lose Billions Every Year to Travel Fraud
- Travel & Hospitality Fraud: How it Works & How to Stop it
- Hotel Chargebacks: What Merchants Need to Know
- Travel Forecast 2023: is AI the Answer for Fraud?
- Travel Industry Chargeback Troubles Drag On… After COVID-19
- Are Travelers Abusing Chargebacks to “Double-Dip” From Your Revenue?
What is Loyalty Fraud?
- Loyalty Fraud
Loyalty fraud (also known as Loyalty Point or Reward Point Fraud) happens when a criminal abuses or exploits a merchant reward program for nefarious purposes. The scam is most often carried out after an incident of account takeover fraud or another form of identity theft in order to steal a consumer’s reward points.
[noun]/* loi • əl • tē • frôd/
From a business perspective, loyalty programs are a sure thing. They increase revenue and customer retention, amplify conversion, reduce marketing and promotion costs, and vastly influence consumer spending. From the consumer’s perspective, loyalty rewards make them feel recognized, appreciated, and rewarded for their continued loyalty to the brand. It’s a win-win situation for both parties.
Although the value of such programs is pretty clear, what isn’t advertised is how many opportunities for fraud lurk behind the appeal.
Chargebacks can wreak havoc on your cash flow and profitability. This FREE paperback book is your guide for preventing chargebacks and, when they happen, fighting them more effectively.Send Me My Free Paperback Book!
According to a recent study, loyalty program fraud increased by nearly 80% YoY in 2021. Rather than slow the trend, as one might expect it to, it looks like the global pandemic brought a sharp spike in loyalty fraud cases. But, when we look at the figures, it’s not hard to see why fraudsters would be so enthusiastic about loyalty programs.
The main problem here is that these accounts are worth quite a lot of money. However, they are rarely watched closely. This provides a prime, often unguarded opportunity for cybercriminals.
Why Do Fraudsters Target Loyalty Points Programs?
The average household in the US has about 30 individual loyalty program memberships, including travel, retail, and financial services. Unfortunately, more than half of those accounts were inactive, meaning the account, and all related data, still existed and were accessible, but were not actively used by the account owner.
That’s bad news, given consumers’ lax attitude toward loyalty program security and their tendency to reuse passwords. More than 8 in 10 consumers reuse the same password across multiple sites, and 3 in 10 share a password with 2 or more other people.
Every inactive account is a reserve of vulnerable customer data, ripe for thieves hoping to commit loyalty points fraud. If a criminal gains access to one account, the same login credentials will likely give them access to others.
According to CreditCards.com, only 1 in 3 travel- and hospitality-focused loyalty programs implemented two-factor authentication. Most of the survey respondents felt that the process was too expensive to implement and maintain, and that it created unnecessary friction for customers.
The problem’s grown so much that it’s practically a cottage industry for criminals. It’s not hard to see why, though. After all, loyalty rewards are:
We’ve discussed why fraudsters are so interested in consumer reward programs and why they’re vulnerable. Now, let's discuss how they actually carry out these attacks.
How Do Fraudsters Commit Loyalty Points Fraud?
Criminals typically gain access to customers’ accounts through the same methods used to breach bank accounts. In most cases, this means phishing attacks.
In many cases, the customer receives an email claiming to be sent by an airline, hotel, or travel agent. This individual requests that the customer verify certain account information. The consumer divulges their information, not realizing that they’re handing it over directly to a scammer. The fraudster then drains the customer’s account, either redeeming the points or transferring them.
A consumer may be more likely to fall for this trick than they would with a bank email. People are naturally more protective of personal banking information than of their loyalty program info. Even though most consumers think of reward points as equivalent to cash, they don’t exercise the same level of diligence in protecting their accounts.
Consumers don’t log in to check their rewards balances nearly as often as their bank balance. That’s a big problem because, unlike a zero-liability credit card, there’s no guarantee that the customer will be made whole after a loyalty fraud attack.
Loyalty Fraud Hurts Merchants Too
Fraudsters want access to consumers’ loyalty point accounts, and consumers don’t know enough to protect those accounts against fraudsters. This carries serious ramifications for businesses that operate these programs.
Merchants are adversely affected by loyalty scams in several ways:
1 in 4 program members reported that they would cancel a reward program membership if their account were compromised. Even worse, 17% say they would stop doing business with that company entirely. This concern is serious enough that loyalty points fraud could jeopardize the entire program's success if merchants don't implement solutions to prevent abuse.
In this exclusive guide, we outline the 50 most effective tools and strategies to reduce the overall number of chargebacks you receive.Get the FREE guide
5 Loyalty Fraud Solutions
We know this sounds like a lot of doom and gloom. It doesn’t have to be, though.
There are several things consumers and merchants can do to prevent loyalty fraud. Increasing security measures and being aware of any account changes is a key first step for both parties.
For merchants, in particular, a few best practices can help defend their businesses from the adverse effects of loyalty and other forms of identity fraud:
#1 | Monitor all account activity
It may be a sign of foul play if a customer leaves their account unattended for a long period of time, then suddenly becomes active. Ask customers to verify security information before accessing their account, and to confirm their identity before using any points in their account.
#2 | Enable fraud tools
Two-factor authentication, AVS (Address Verification Services), CVV (Card Verification Value), and 3DS 2.0 (3-D Secure) Technology can be used in tandem to prevent many forms of identity and ATO fraud.
#3 | Enforce stricter login credentials
Aside from two-factor authentication, remind customers to change their passwords at least semiannually, and require customers to create strong, unique passwords, combining letters, numbers, and special characters. Merchants can also use CAPTCHA puzzles to help prevent botnet attacks, and temporarily lock customers’ accounts after several failed login attempts.
#4 | Educate consumers
Building these security-conscious behaviors can help customers protect themselves against many potential security liabilities.
#5 | Reach out to inactive users
If a customer has not logged in for an extended period, it might be a good idea to reach out and see why. They might have lost interest or cannot engage with the service any longer, or they may simply be trying to save-up points.
It could be a good idea to lock inactive accounts. Many businesses are hesitant to take this action, fearing that it could anger customers or encourage disengagement. However, merchants can simply explain that it’s in the customer’s own interest; most will be okay with calling to unlock their accounts if it means improved data security.
Protecting against loyalty points fraud is a collaborative process between merchants and customers. Both parties benefit…and both parties bear specific responsibilities.
Get Help to Fight Loyalty Fraud
Aside from solid loyalty fraud detection and prevention methods, sometimes an expert eye could help merchants pinpoint internal weaknesses that could lead to chargebacks and fraud.
Chargebacks911® revolutionary approach to chargeback management is summarized in this free whitepaper. Understanding the hidden sources of chargebacks is vital in order to defend your processing rights and avoid facing the prospect of a closed merchant account.
Let us help you recover lost revenue today! Call us for a free ROI analysis.