A recent study shows that such programs are low-hanging fruit for fraudsters and hackers. Time to tighten up the vigilance!

Loyalty programs have grown steadily in the last decade, with memberships increasing nearly 10% year on year. Yet, consumers have accumulated US$48 trillion of unspent loyalty points globally. Also, nearly half (45%) of loyalty program accounts are inactive, with consumers not tracking or redeeming points.

According to research conducted by e-commerce fraud prevention specialist Forter, merchants are unprepared to protect their loyalty programs:

  • 42% state that they do not have the skills required to prevent fraud and abuse.
  • Nearly 50% report insufficient resources, and that loyalty program account fraud prevention is considered a low organisational priority.

What kind of fraud can occur in such programs? The most significant avenues for cybercriminals include:

  • Account takeover: Fraudsters hack into member accounts, exploiting accumulated points and payment instruments saved in the account.
  • New account fraud: Fraudsters create fake accounts, often using stolen identities, and use them to accumulate, store, sell and redeem stolen points.
  • Policy abuse: Consumers overshare coupons or promotional codes, violating merchant policies and illegitimately gaining program rewards.  

According to Forter’s research, loyalty program fraud rose 89% year on year, predominantly driven by the amount of personally identifiable information (PII) available from increasing numbers of data breaches. With direct and indirect losses from loyalty and reward points fraud estimated at US$1 billion every year, enterprises are struggling to limit the damage as fraud attacks shift from the point of transaction to different elements of the buyers’ journey, including new account signup, login, and promotion and coupon use.

Said Michael Reitblat, CEO and Co-Founder of Forter: “The combination of consumers not paying attention to their accounts and merchants’ lack of preparation is a big reason fraudsters find loyalty and rewards programs so alluring. It is clear that loyalty program accounts are low hanging fruit for fraudsters. Loyalty program points are currency as valuable and untraceable as cash, and fraudulent activity in these accounts causes damage to brand reputation and monetary losses to merchants and consumers alike.”

One merchant has realized the importance of managing fraud in such programs. Said Doug Ferreira, director, Financial Operations, delivery.com: “Our loyalty program allows us to thank our customers by rewarding them with better benefits and a better experience while also enabling us to stay ahead of the competition. Features like ‘Tell-a-friend,’ rewarding customers for referrals, are extremely popular but are also a target for fraudsters and bad actors. Forter has helped us reduce loyalty program fraud by more than 60% while we build stronger relationships with our customers.”

Ferreira was referring to the Forter Loyalty Program Protection solution, an integrated fraud prevention platform that protects loyalty programs from all types of fraud and abuse, including transactional fraud, account-based fraud, and policy abuse.