How Loyalty Program Fraud Takes Travel & Entertainment for a Ride

Rewards and other perks for repeat patrons are a great way of encouraging customers to keep coming back. But these same value-added services can also cost businesses in the travel and entertainment industries millions each year through loyalty program fraud.

How Criminals Use Stolen Data to Cheat Loyalty Programs

Loyalty programs represent huge reserves of value being carried on travel and entertainment businesses’ balance sheets. As such, they are increasingly popular targets for fraudsters. Consider, for example, how one might employ a botnet attack to rack-up unearned points:

The criminal acquires stolen cardholder information in bulk.
The criminal deploys a botnet attack to buy numerous tickets with an air carrier.
These transactions accrue thousands of loyalty points.
The criminal cashes-in or transfers the loyalty points before the fraud is discovered.
The cardholder discovers the fraud and files a chargeback to recover the funds.

The carrier loses profits generated from the ticket sale and is responsible for applicable chargeback fees. It also loses the value of the loyalty points redeemed by the fraudster, and if the breach is discovered too late, the carrier won’t even have time to resell the ticket to recoup some of the lost revenue.

Stealing Unused Loyalty Points

A proactive chargeback strategy helps end surprises. Ask us how.

More than $48 billion in airline miles and other rewards benefits went unredeemed as of 2016. Customers often forget about these rewards, making them a very enticing target for fraudsters—skilled criminals who hack into customers’ accounts to access and redeem program points.

Fraudsters might also steal from customers who are saving their points over long periods of time. This form of loyalty fraud carries the added baggage of depriving legitimate customers of their cash-equivalent points.

Some of the most popular targets for criminals redeeming customers’ points include:

Digital gift cards
Flight upgrades
Plane tickets
High-value merchandise that is easy to resell

Hackers steal millions of dollars in reward point value each year. Like other fraudulent attack schemes, the criminals responsible leave the merchant on the hook to reimburse customers for the reward points already redeemed.

Here, the real danger of loyalty program fraud is that the damage is already done by the time merchants recognizes a breach. With airline tickets, for example, the fraudster hits a merchant, then leaves their victim to deal with angry customers and lost opportunities for ancillary revenue. Even worse, each ticket stolen by a criminal is a seat that the carrier cannot sell, costing them several hundred dollars per attack.

The Essential Guide to Global eCommerce

Our new whitepaper takes a close look at eCommerce practices around the world. We carefully examined data on markets from Africa to Asia and beyond, all to assemble a thorough, predictive picture of where eCommerce is headed over the next several years.

FREE DOWNLOAD

How to Address Loyalty Program Fraud

Loyalty programs are a great way to boost customer retention and turn casual shoppers into die-hard supporters. To be effective, however, programs must go hand-in-hand with practices aimed at preventing loyalty program fraud. To make this approach work for you, be sure to adopt necessary precautions such as:

#1. Set Effective Earning Mechanics

Create reasonable limits on how quickly customers can collect points. This can be difficult, since many people travel frequently for work … but there are ways around this as well. For example, social media integration allows you to utilize social data to verify customers’ travel schedule when you suspect fraud.

#2. Be Reasonable with Redemption

Consider every possible opportunity for criminals to commit travel fraud—every angle, every scheme. Adopt fair rules and mechanics for the program aimed at addressing each of these threat sources, and keep to them. This can include minimum-spending requirements to accrue points, or coupon-backed rewards for offers other than tickets.

#3. Log Each Employee Interaction

As the saying goes, “trust, but verify.” It’s not uncommon for employees to be involved in more sophisticated fraud attacks. Therefore, it’s best to have a system in-place to automatically log activity any time an employee’s profile is accessed through the system’s admin tools. This includes live reporting—accessible only with valid credentials, of course.

#4. Grant Permissions as Needed

Most employees and vendors won’t need comprehensive access to every part of your system. This includes the ability to enter and adjust the balances of customers’ reward program accounts. Permissions to handle customers’ point balances and other sensitive information should only be given to those employees who need them to do their job effectively.

#5. Respond Quickly

The best time to respond to fraud is before it happens. This means implementing a chain of command, with each member receiving email alerts whenever suspicious activity is detected. This allows the entire team to coordinate and respond in a timely manner.

#6. Check Point Transaction History

One of the most important data nodes is transaction history; any time suspicious activity is detected, this should be the first place to look. The customer’s history details how long and how fast that individual accrued points, as well as how fast those points were spent. This will be your best clue as to whether a transaction is out of the ordinary.

Look to the Experts

Of course, there is only so much businesses can do to identify and intercept these attacks. While many of the same tools and strategies used to fight traditional fraud are applicable to rewards programs, it’s difficult for businesses to manage so many kinds of fraud.

Whether it’s rewards program fraud, payment card fraud, or friendly fraud, the best solution is to turn your strategy over to the experts. Click here to learn more.