Mandatory Credit: Photo by Alex Lentati/LNP/Shutterstock (10548018d)

Retail giant Boots has suspended payments made using its Advantage Cards following a cyber security attack.

Boots said there was suspicious activity on some of the loyalty card accounts, but promised none of its own systems were compromised.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

In a statement, Boots said: “Our customers’ safety and security online is very important to us. We can confirm we are writing to a small number of our customers to tell them that we have seen fraudulent attempts to access boots.com accounts. These attempts can be successful if people use the same email and password details on multiple accounts.

“We would like to reassure our customers that these details were not obtained from Boots. We are aware that other organisations may be impacted too.

“As an extra precaution we have temporarily stopped payment by Boots Advantage Card points on boots.com or in store. This removes the ability for people to attempt to access any Boots accounts, but means that customers will not be able to use Boots Advantage Card points to pay for products in store and online for a short period of time.”

A Boots spokeswoman told the BBC the issue affected less than 1% of the company’s 14.4m active Advantage Cards – around 150,000 accounts.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Customers can still use their Advantage Cards to collect points while the issue is being resolved.

Loyalty programme fraud 

This comes after loyalty programme fraud increased by 89% in 2019. According to e-commerce fraud prevention tech specialists Forter, the most significant attacks include:

  • Account takeover: Fraudsters hack into member accounts, exploiting accumulated points and payment instruments saved in the account;
  • New account fraud: Fraudsters create fake accounts, often using stolen identities, and use them to accumulate, store, sell, and redeem stolen points, and
  • Policy abuse: Consumers overshare coupons or promotional codes, violating merchant policies and illegitimately gaining programme rewards.

Forter’s research finds that too many merchants are simply unprepared to protect their loyalty programmes. Forter notes that 42% of merchants state that they do not have the skills required to prevent fraud and abuse.

In addition, almost 50% report insufficient resources, and that loyalty programme account fraud prevention is considered a low organisational priority.