Loyalty fraud: it’s a thing

BUSINESSES are realising that a top-notch customer experience is the key to staying one step ahead — and fraud rings have begun to target loyalty schemes.

Individual customers and internal staff also sometimes exploit the schemes and commit fraud, according to an e-commerce data report from Signifyd.

Businesses including airlines and hotel chains invest in schemes to reward valued customers and boost brand loyalty. American Airlines’ loyalty programme, for example, can be valued “anywhere from $18bn to $30bn”, says CFO Derek Kerr.

Loyalty points can be used to make financial transactions — which makes them appealing to fraudsters. But the problem often remains overlooked by retailers. Loyalty points can be exchanged on the dark web, as there is minimal communication between buyer and seller, or exchanged for gift cards, which can be converted to cash. Loyalty programmes are less scrutinised by account holders because they aren’t seen as high risk.

In the pandemic, people were using air travel less. UK flight market revenue reduced from £18bn to £5.1bn between 2019 and 2020. Although it’s slowly recovering, loyalty fraud is still an issue.

The three most common types of loyalty fraud include account takeover, internal fraud, and customer fraud.

Account takeover, or ATO, is something that retailers and customers have been battling for years: stealing account holder credentials through a data breach and using them to make unauthorised transactions. And fraudsters become more innovative in stealing personally identifiable information, according to a study by Javelin Strategy & Research.

Employees can use “insider” privileges against the terms and conditions or the IT Systems of the programme, and manipulate customers’ details.

Customer fraud occurs thanks to a loophole or hack to illegally sell or transfer points, claim air miles twice, or create multiple accounts to earn more points.

Preventative measures can be taken:

  • Keep informed about the latest loyalty fraud methods
  • Regularly examine your loyalty programme
  • Always notify account holders if a data breach occurs
  • Limit employee access to the loyalty programme data
  • Strengthen account access security by implementing multi-factor authentication.
  • Invest in a fraud-protection solution that uses machine-learning and automation.