View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Analysis
February 5, 2020

Loyalty programme fraud soars, enterprises need to act

By Douglas Blakey

So when was the last time you checked the balance of any of your loyalty cards?

For this writer, the Amex BA card with its Avios points is the only one I am really engaged with. Flying several times every month does little for one’s carbon footprint. But the excellent loyalty scheme means that Avios points soon accrue and combines with one other crucial feature of any worthwhile loyalty programme. That is the rewards are meaningful and easily monetised. So I would claim to be something of an anorak as regards BA Avios.

But other than Avios, at least for me, I could not guestimate how many Nectar points or Tesco points I might have. Hotel loyalty programmes, ditto.  I know that I have been enrolled into programmes run by Accor and Hilton but cannot recall the last time I studied a points statement. As for my primary bank?  Forget it. UK banks do not really get loyalty programmes in the manner of banks in say Canada or the US.

On asking around one’s work colleagues, friends and family, as I suspected, I am not alone in disengagement from loyalty programmes. The Boots scheme gets a few favourable mentions. On the other hand, on a very rudimentary straw poll, few people I quizzed had a clue about their approximate Nectar balance.

45% of loyalty programmes inactive: Forter

So it comes as little surprise to learn that as many as 45% of loyalty programme accounts are inactive. The figure is provided courtesy of Forter. Loyalty programmes have grown tremendously in the last decade. Membership is up from 2.6 billion to 3.8 billion from 2012 to 2016 alone. Moreover, Forter forecast that this figure will continue to grow to hit over 5 or 6 billion in the next few years.

The rise in customer expectations and frequent price promotions are encouraging consumers to switch to the best offer. And according to the Colloquy Loyalty Census a whopping 22% of consumers shop exclusively with brands whose loyalty programmes they have joined.

This all sounds rather positive for loyalty and rewards until one notes that merchants – or at least a significant percentage of firms –  are not protecting their loyalty programmes.

And that fact has not escaped the attention of fraudsters. The criminal fraternity are increasingly viewing rewards schemes as easy targets.

They are increasingly shifting their attention to these accounts. They offer a currency as valuable and untraceable as cash. The result: damage to brand reputation and monetary losses to merchants and consumers alike.

One of the best reports of the year to hit the editorial desk here is Forter’s seventh Fraud Attack Index. It reveals that attacks on loyalty programmes increased 89% in the first quarter of 2019 compared to 2018.

It is well worth a download and a read. It notes that cyber-criminals take advantage of rewards schemes in several ways. The most significant attack vectors include:

  • Account takeover: Fraudsters hack into member accounts, using the personal data and financial instruments therein.
  • New account fraud: Fraudsters create fake accounts, often using stolen identities, and use them to accumulate, store, sell, and redeem stolen points.
  • Policy abuse: Consumers overshare coupons or promotional codes, violating merchant policies and illegitimately gaining program rewards.

Attacks on loyalty programmes come from several sources:

  • Fraudsters: Sophisticated professionals — whether lone attackers or those operating in fraud rings — monetize points associated with loyalty programmes;
  • Insiders: Merchants’ employees take advantage of their access to customer accounts for any of the three attack vectors referenced above.
  • Customers: Considering themselves savvy shoppers, customers misuse loyalty programmes’ policies to gain rewards unfairly.

Notable, it is inactivity in loyalty accounts, with consumers failing to track points they’ve earned or redeem that is one big reason fraudsters find loyalty programmes so alluring.

The increase in loyalty programme fraud has been driven by the enormous amount of personally identifiable information that has become available via massive data breaches. In the first six months of 2019 alone, 3,800 data breaches exposed 4.1 billion records.

According to Forter, the average impact of a data breach is a 5% drop in share price and a 7% loss of customer base.

Damage to enterprises:

This takes many forms with examples including:

  • Tarnished reputation: Loyalty programme executives report that the biggest impacts of loyalty programme fraud are on brand reputation and customer experience.[1]
  • Lost revenue: When fraudsters redeem points, merchants replace the stolen points, doubling the loss to the business.
  • Stifled business growth: Those same executives further report that loyalty sign-up abuse leaves them unable to provide new offerings, such as aggressive promotions or gift cards, due to the risk of abuse or loss.

The Forter report is a timely wake-up call for loyalty programmes to act now to ensure they have the appropriate levels of e-commerce fraud prevention.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Electronic Payments International