Safeguarding Loyalty and Rewards Programs

17-September-2018

Most companies prioritize the security of payment and transaction information over that of loyalty and rewards programs. But don't be fooled – anything of monetary value is fair game to criminals.

Loyalty and rewards programs are a huge draw for consumers, encouraging them to spend money to get future benefits and discounts. Many save up points to use for a big trip or purchase, making those points an extremely valuable asset. And, often, these loyalty accounts are extremely vulnerable to fraudsters looking to turn points into cash.

There is an estimated $225 to $350 billion in loyalty programs, which are commonly used by merchants in many industries. Thirty-four percent of consumers only log into their accounts every few months; only 23 percent check account balances even once a month, providing a huge window of opportunity for fraudsters to operate for weeks undetected.

How exactly do criminals access these accounts? Loyalty fraud tends to work along the same lines as card-not-present (CNP) fraud, with criminals gaining access through a mixture of phishing scams, identity theft and hacking weak email/password combinations. Once criminals have these points, they spend them, combine them with other accounts, sell them or use them to receive an item that can be resold for cash.

After all, that's what fraudsters do, turn stolen goods and services into cash as often and as quickly as they can.

Financial professionals regularly remind the public that they should check their bank and credit card accounts daily. It is only through such regular checks that accountholders can spot fraudulent activity and act on it before it is too late.

Safeguarding rewards programs

Here are the three main factors businesses should consider in keeping rewards programs safe:

  1. Keep the data safe: Minimize the amount of customer data collected. Loyalty schemes, if hacked, can lead to identity theft of your customers.
  2. Educate members: Loyalty points have a cash value and should be treated with the same care as bank and credit card accounts.
  3. Keep watch for fraudulent loyalty point transactions: The indicators of CNP fraud – such as new or changed login credentials, changing or adding addresses, different Internet service provider addresses, irregular spending patterns and testing on small items before going for the big-ticket items – are all present for loyalty fraud too. Many of the techniques used to fight CNP fraud can help fight loyalty fraud.

Following are best practices for protecting loyalty accounts:

  1. Advanced screening technologies: Technologies like device fingerprinting, geo-location, and proxy piercing provide a first line of defense. Using them, companies can know that consumers are who they say they are, are where they say they are and are using the accounts they're entitled to use in a legitimate manner.
  2. Machine learning: Computers have unlimited capacity for finding the patterns that reveal suspicious "needles" worthy of greater scrutiny in an ever-expanding haystack of transactions, while avoiding unnecessary consumer interactions. This can help protect accounts and the user experience.
  3. Order linking: Fraudsters will use multiple accounts and devices to make dozens or even hundreds of fraudulent redemptions and/or combine points into accounts to earn prizes of greater value. That's why order linking capabilities are critical in protecting loyalty accounts.
  4. Mobile-optimized screening and rules: Nearly 4 in 10 global travelers shop for travel on mobile devices. And approximately 33 percent of them complete their bookings using a mobile device, according to travel research firm Skift. With this volume of mobile transactions, it's essential that travel and leisure businesses are able to detect the unique signals of mobile fraud. Furthermore, they need to be able to set mobile-specific rules to minimize manual reviews.
  5. Statistical rules engine: Quantifying the risk associated with every loyalty account interaction allows companies to fine tune decisions so that redemptions and customer experience are optimized and friction during the process is minimal. This can dramatically reduce the number of manual reviews and customer service inquiries.
  6. Business intelligence reporting: Big data can reveal patterns and behavior that may appear harmless in isolation, but reveal themselves as fraud when seen across millions of transactions in real time. Similarly, transaction data specific to your company also reveals trends unique to your business. The ability to combine these two data streams is critical to spotting fraud, reducing manual reviews, avoiding false positives and increasing the satisfaction of the customer.

Loyalty programs can be a powerful way for companies to interact with and reward their best customers. Looking at the security and protection of each customer's account should be given the same consideration as monetary transactions when it comes to reducing fraud. Otherwise, criminal networks can hit at the heart of a company's top revenue generators: loyal customers.