Frauds in loyalty programs

As companies seek to increase their volume of repeat customers, loyalty programs in travel and retail have become more important. However, they should think about loyalty fraud management as it can be considered as one of the most detrimental threats to their e-commerce business.

Survey research carried out by Airline Information revealed that 72% of airline loyalty programs have an issue with fraud. Additionally, 30% of airline programs reported the problem was growing rapidly year-on-year. However, surprisingly, 10% of airline loyalty programs didn’t know if they had a fraud problem or didn’t know that it was possible for loyalty fraud to occur.

Unlike credit cards, visa or other cards, users do not pay attention much to the point balance or they don’t use the loyalty account frequently. The customers or even the merchants do not view reward points as currency, but fraudsters do. Therefore, there is going to be less protection around the loyalty points than there would be around credit card information. This makes loyalty programs an easy target for fraudsters.

Loyalty programs can be targeted by three main fraud schemes.

  1. Conducted by members.

Members of your loyalty program can themselves drive a fair amount of the fraud. This happens when customers find a loophole in the system and exploit it for their own needs. Referral programs are an easy way to encourage your customers to do just that, giving them the opportunity to earn rewards while bringing new members into your brand community. They can use different emails and phone numbers to create a new anonymous user and get bonus points accrued and redeem for rewards.

Another method that members can make use of and commit fraud is by selling points or miles. Some loyalty programs allow members to transfer points to another user. If enterprises do not limit the certain number of points enable to be transferred, members might collect unused points into an account and exchange for promotion codes or rewards.

Points brokers are illegal commercial outfits that purchase unused loyalty points, using them to re-sell products at substantial discounts or convert into a dummy account., a digital broker of unused airline miles, asks that customers call them directly to discuss sales and make such actions against airline rules.

  1. Conducted by employees

Some employees, given the opportunity, have no problem claiming points or benefits intended for others. They run your loyalty program so they know how it works much more than others or they could snatch customers’ info by abusing their access to internal systems. It is more likely to happen in a point-based program when employees take advantage of point-of-sale hardware, scanning her own card instead of those belonging to customers.

A Harrods employee has been found guilty of fraud and theft after she accumulated 280,000 pounds worth of loyalty card points from customers who failed to collect them. “She admitted to undertaking a three-year scam during which she acquired close to 850,000 Reward Card points.

  1. Conducted by hackers

Loyalty frauds can be conducted from the outside by fraudsters. This includes counterfeit accounts, data theft, and other methods of illegally obtaining your loyalty program rewards. Fraudsters can breach your loyalty account and take over other accounts.

7-Eleven Japan recently fell victim to a data breach that compromised approximately 900 customer accounts. The fraudsters were able to use weak security questions to have password change requests sent to their emails — many customers did not change their birthdates from the app’s default setting, granting hackers access to their accounts. The hackers made more than ¥55 million ($500,000 USD) worth of fraudulent purchases before 7-Eleven suspended the app’s mobile payment functionality. It happened the same when hackers stole sensitive and personal information and points of 350 millions of customers and members.

If your business offers a reward points program for customers, here are some tips to help put a damper on loyalty-program fraud activity.

Knowledge and experience is the key.

Awareness is everything. The best way to stay one step ahead of fraudsters is to keep on top of the latest fraud trends. Digital risk monitoring across fraud forums can help you see how your brand is being targeted for fraud and reveal potential business-process vulnerabilities. You are able to find out a fraud threat targeting your business to help focus your fraud prevention efforts.

Rethink authentication. 

The old username/password combination just isn’t enough to protect loyalty programs from being breached by determined fraudsters. Consider the use of multi-factor adaptive authentication to watch for signs of fraud based on device, user behavior, and other indicators.

Integrate rules limiting the fraud risk into the policy and process of point accrual and redemption.

Knowing when and where employees or members may commit fraud in your programs can help businesses prevent fraud. Instead of waiting to experience the consequences and losses, proactively pose a limitation on minimizing risks from the outset.

Design fraudulent scenarios for the system.

You can create fraudulent scenarios for the system so that the system can screen transactions by using fraud detectors. The system will mark the transaction “suspended” and automatically push that transaction to a default list. You just need to define fraudulent transactions and let the system do the job.

Be aware of account takeover.

Fraudsters take advantage of high volume traffic times, such as Black Friday and Cyber Monday, to launch automated attacks to test credentials that may have been stolen from other breaches.  Loyalty programs are a prime target for these types of attacks.  Align your security policies to watch for anomalies in the way users navigate your website and look for signs of account takeover such as thousands of login attempts within only a few minutes or multiple failed logins from the same IP address or geo-location.

Hire a professional loyalty program consultant. 

Another way is to choose professional loyalty program consultants. They will help identify gaps in the policy and the process of point accrual and redemption and make suggestions to limit fraud.

The risk of fraud to your loyalty program is no joke. But if you’re smart, and you take steps to prevent fraudulent activity, it’s you who will be laughing at would-be hackers and thieves, not the other way around.

If you are looking for a program that monitors all transactions in real-time, providing transparency, reducing the possibility of fraudulent activities, and allowing for quick action to be taken in case of suspicious transactions, we invite you to come take a look at H2T. Our loyalty experts have built many loyalty programs for various enterprises. Therefore, we can help you screen for fraud – at every point of account interaction, from account creation and updates through to purchase, transfer and redemption of points.