Loyalty Fraud Scams: The Next Big Thing in Fraud?
I love my job. It requires a lot of air travel, which can be exhausting, but one of the perks to it is all the frequent flyer points I rack up.
I have enough points banked right now that I could fly round-trip to just about any destination in the world. So, you can imagine what my reaction would be if I logged into my account and found all my points… were gone.
I can happily say that hasn’t happened to me. But, it is happening to more and more people these days.
Hackers gaining access to, then draining victims’ loyalty points is one of several practices that fall under the umbrella of loyalty fraud. This is one of the fastest-growing fraud threats affecting both customers and businesses. It’s got an outsized impact in the travel space, but any loyalty program could be targeted.
So, let’s take a look at how crooks are doing it, why they’re doing it, and how air carriers, hotel operators, and other industry players are paying the price.
Recommended reading
- Travel & Hospitality Fraud: How it Works & How to Stop it
- OTAs Lose Billions Every Year to Travel Fraud
- Hotel Chargebacks: Causes, Rules & How to Win Disputes
- Businesses Losing Money in a Record-Breaking Travel Season?
- Travel Forecast 2023: is AI the Answer for Fraud?
- Hotel Chargebacks: What Cardholders & Merchants Should Know
What is Loyalty Fraud?
- Loyalty Fraud
Loyalty fraud (also known as “loyalty point fraud” or “reward point fraud”) happens when a criminal abuses or exploits a merchant reward program for personal gain. Fraudsters can attack individuals through identity theft, or hack merchants’ databases to gain private information.
[noun]/loi • əl • tē • frôd/
From a business perspective, offering loyalty programs is a sure thing. The latest statistics show that 84% of consumers claim they’re more likely to stick with a brand that offers a loyalty program. The top performing loyalty programs boost revenue from customers who use them by 15-25% annually.
Customers feel that loyalty rewards make them feel appreciated and understood. 66% of respondents say the ability to earn rewards changes their spending behavior. So, it’s a win-win situation for everyone.
There are risks to consider, though. For example, you have organized fraud schemes that will use the latest tech to hack into customer accounts and suck them dry. Once they have the points, fraudsters can either use the points themselves, or convert them into something easier to sell, like physical goods or gift cards.
Loyalty program fraud is big business. How big? Check out some of these stats.
Your average customer equates loyalty points with money, but many of them fail to treat their loyalty accounts that way. Someone who checks their bank balance weekly might not ever consider regularly checking on their points balance. That’s a big opportunity for cybercriminals.
How Do Fraudsters Commit Loyalty Points Fraud?
Loyalty fraud can come from a lot of different angles.
Your customers may try to sneak extra points, using tricks that are morally questionable, but technically allowed. It can also come from your employees, skimming a few customer points here and there and padding their own accounts. But, most losses will likely come from third-party criminals. Common tactics include:
Some scams target businesses, while others target consumers. Like I mentioned above, people are naturally more protective of personal banking information than of their loyalty program info. They won’t log in to check their rewards balances nearly as often as their bank balance. That will come back to bite them because unlike a credit card, loyalty programs offer no guarantee that a customer will be able to reclaim their points.
Why Do Fraudsters Target Loyalty Points Programs?
The average household in the US has about 18 individual loyalty program memberships, including travel, retail, and financial services. Unfortunately, more than half of those accounts were inactive. In other words, the accounts (and all their related data) still exist and are accessible, but they’re even less likely to be checked by the account owner.
Every inactive account is a treasure trove of vulnerable customer data, ripe for thieves hoping to commit loyalty points fraud. Even worse, if a criminal gets access to one account, the same login credentials will probably give them access to others.
Loyalty program fraud is practically a cottage industry for criminals these day. It’s not hard to see why, though. After all, loyalty rewards are:
Loyalty Fraud Hurts Merchants Too
So, here’s where we stand: fraudsters want access to consumers’ loyalty point accounts, and consumers don’t know enough to protect those accounts against fraudsters. That leaves you, the merchant, in a bit of a pickle.
Merchants are adversely affected by loyalty scams in several ways:
Lost Customers
If loyalty fraud attacks discourage customers from program participation, then it defeats the entire point of the program’s existence. Given that banks purchase billions in miles each year from air carriers and other travel-focused businesses, this would be a serious — even existential — threat.
Compromised Data
Names, birthdates, addresses, payment card information…these are just samples of the sensitive data stored by program websites. The fact that a site is storing much of the same sensitive data as banks, just with less customer concern, makes it a hot target for fraudsters hoping to nab cardholder data.
Stolen Revenue
Loyalty points fraud can put a merchant in a difficult position. You either have to replace customers’ stolen points — effectively handing-out double points — or risk alienating loyal customers. Regardless which option they go with, it’s going to have an impact on their bottom line.
Chargebacks
You can’t file chargebacks on lost loyalty points. That said, if a consumer specifically bought from you based on your rewards program, losing those points may lead them to dispute the original purchase.
How Merchants are Fighting Back
The problems we just talked about aren’t going away. So, merchants have had to start adapting, if they’re going to keep their loyalty programs as viable options.
Some popular tactics that merchants are implementing to combat loyalty program fraud include:
Other Best Practices to Fight Loyalty Fraud
It’s true that crooks are working harder at developing new technology and techniques to commit fraud. And, while consumers can take steps to secure their account, let’s be honest: we know that most of them won’t.
We know this sounds like a lot of doom and gloom. It doesn’t have to be, though. A few best practices can help defend their businesses from loyalty fraud and other identity scams:
#1 | Monitor All Account Activity
It may be a sign of foul play if a customer leaves their account unattended for a long period of time, then suddenly becomes active. Ask customers to verify security information before accessing their account, and to confirm their identity before using any points in their account.
#2 | Enable Fraud Tools
Two-factor authentication, AVS (Address Verification Services), CVV (Card Verification Value), and 3DS 2.0 (3-D Secure) Technology can be used in tandem to prevent many forms of identity and ATO fraud.
#3 | Enforce Stricter Login Credentials
Aside from two-factor authentication, remind customers to change their passwords at least semiannually, and require customers to create strong, unique passwords, combining letters, numbers, and special characters. Merchants can also use CAPTCHA puzzles to help prevent botnet attacks, and temporarily lock customers’ accounts after several failed login attempts.
#4 | Educate Consumers
Nothing protects against fraud better than engagement. Educate your customers on the value of security-conscious practices like checking account balances regularly and updating passwords.
Customers are an ally in the fight against loyalty fraud, not an object. Account security is in customers’ best interests, which is why merchants should educate them on the value of security-conscious practices like checking account balances regularly and updating passwords. Sellers should also encourage customers to enable activity notifications when an account is accessed and report any suspicious activity immediately.
#5 | Reach out to Inactive Users
If a customer has not logged in for an extended period, it might be a good idea to reach out and see why. They might have lost interest or cannot engage with the service any longer, or they may simply be trying to save-up points.
#6 | Lock Inactive Accounts
It could be a good idea to lock inactive accounts. Many businesses are hesitant to take this action, fearing that it could anger customers or encourage disengagement. However, merchants can simply explain that it’s in the customer’s own interest; most will be okay with calling to unlock their accounts if it means improved data security.
Protecting against loyalty points fraud is a collaborative process between merchants and customers. Both parties benefit, but it helps if both parties are contributing..
Get Help to Fight Loyalty Fraud
Aside from solid loyalty fraud detection and prevention methods, sometimes an expert eye can help you pinpoint internal weaknesses that could lead to all types of fraud and chargebacks.
Chargebacks911®’s revolutionary approach to chargeback management is summarized in this free whitepaper. Understanding the hidden sources of chargebacks is key to defending your processing rights and avoiding the prospect of a closed merchant account.
We can help you plan a winning strategy. Contact us for a free ROI analysis.
FAQs
What is loyalty fraud
Loyalty fraud is when a fraudster gains unauthorized access to an account in a merchant’s loyalty rewards program. The criminal can either redeem the victim’s points themselves, or exchange the points for goods more easily sold, such as gift cards.
What is an example of loyalty fraud?
A cybercriminal commits identity theft. Along with emptying bank accounts and maxing out credit cards, the fraudster also steals the victim’s frequent flyer points, either using them to buy a plane ticket or selling them on the dark web.
Is loyalty fraud a crime?
In some instances, yes. A customer manipulating the system for their own gain may not technically be doing anything illegal. On the other hand, individuals making unauthorized transactions with accounts other than their own are definitely commiting a crime. In cases where the activity happens across state lines, the crook could be facing a felony charge and jail time.
What is loyalty abuse?
While it’s nearly the same as loyalty fraud, some people use the term loyalty abuse in reference to legitimate account holders who attempt to circumvent the terms of the loyalty program for their own benefit. For example, opening multiple accounts to take advantage of a deal designed for new users.
Are loyalty programs for real?
Yes. Many businesses offer loyalty programs, especially within the travel and lodging industries.