Fighting the Growing Phenomenon of Loyalty Fraud

The Loyalty Fraud Prevention Association was founded in 2016 to bring all involved in the loyalty industry together and provide a neutral platform to exchange trends and learn from colleagues. We’ve found that seven main factors have caused loyalty fraud to become more common:

1. A change in global accounting rules (IFRIC13) dictated that points/miles must be redeemed in order for the profits to be booked in the P&L. So, programs have facilitated redemptions for products of all sorts, including gift cards, making it easier to monetize their value.
2. The card payment industry has successfully reduced fraud with the introduction of PCI DSS, 3DSecure, Chip & PIN, etc., so fraudsters have moved into the loyalty industry instead.
3. Loyalty accounts are not adequately protected by programs. Many programs still use legacy software prone to hacking and unsophisticated tools to monitor websites and accounts. It’s not uncommon that a simple four-digit password is the only requirement for a customer to access their account.
4. Account holders may not consider points/miles at their true value, namely their equivalent in case.
5. Loyalty accounts contain very valuable personal information that can easily be marketable on the internet and darknet to be used for illicit purposes (setting-up of fake identities, fake accounts, etc.).
6. Defrauding loyalty programs is easy, as there are numerous loopholes, including in programs’ terms and conditions.
7. The legal consequences of loyalty fraud are limited, as law enforcement may see the loss as “just points.”

Reducing loyalty fraud

Since the launch of the Loyalty Fraud Prevention Association, here are eight ways that loyalty fraud can be reduced:

1. Update terms and conditions to make gaming and bartering of points/miles more difficult.
2. Implement tools/systems to protect customer account data and regularly test the effectiveness of the set-up — penetration testing, introduction of dual-factor authentication, account monitoring, etc.
3. Invest in putting together a well-trained and staffed loyalty fraud prevention department.
4. Educate account holders to help protect their accounts by regularly checking them.
5. Share best practices among programs, as fraudsters adapt quickly to new defences against them.
6. Make sure there is a reasonable compromise between marketing and financial departments that involves wanting to provide a good customer experience and protecting the company’s assets.
7. Collect data of loyalty breeches and contact law enforcement. Police forces around the world (Europol, FBI, Ameripol, etc.) have recognized that sometimes, serious crime involves loyalty fraud (smuggling, human trafficking, etc.).
8. The overall impact of a loyalty data breach vastly exceeds the pure financial loss in terms of replacement of points/miles, so loyalty programs must keep in mind that — to quote Kevin Lee, Sift Science’s “Trust & Safety” architect — “trust is earned in drops, but it is lost in buckets.”

Peter Maeder, Co-Founder and Membership Secretary, Loyalty Fraud Prevention Association, [email protected]