Although the intention of loyalty programs is to provide customers with extra value and a great customer experience, within the ecosystem lurks a massive opportunity for loyalty fraud, and its alarming growth is often unnoticed and unchecked.
With over $48 trillion of unspent loyalty points globally it’s no wonder malicious actors are targeting rewards programs globally.
By: Robyn Simpson, CLMP
The statistics paint alarming trends:
- Javelin Strategy & Research reported that loyalty program fraud doubled from 2017 to 2018.
- According to a 2019 report by Forter Fraud Index, loyalty program fraud has seen an 89% increase year-over-year.
- A global pandemic hasn’t slowed the steep rise of loyalty fraud, but quite the opposite. For example as frequent flyer balances are left untouched by members, they become lucrative targets for fraudsters to swoop and scoop unnoticed.
- According to the Morder Intelligence report, “the global loyalty management market was valued at US$4,023.5 million in 2020 and expected to reach US$13,800.2 million by 2026 and grow at a CAGR of 22.7% over the forecast period (2021 - 2026).
- The estimated cost of loyalty fraud to program operators is estimated to be over $1 billion every year.
These are just a few of the trends that Loyalty Program Managers need to be cognizant of.
WHY IS LOYALTY FRAUD ON THE RISE?
There are six main reasons why fraudsters are paying more attention to loyalty programs and their beneficiaries:
- Fraud is Unanticipated — Since businesses rarely anticipate a high risk of fraud in loyalty programs, bad actors can safely fly under the radar without being noticed.
- Easy Targets — Loyalty programs often have multiple touchpoints along the customer journey, exposing the customer to an attack. Also, the protections in place are laxer than most other financial services.
- Growing Point Value — Over the years, points have steadily increased in value as businesses offer competitive loyalty programs in an effort to attract customers.
- Increased Liquidity — There are many ways to redeem points, and this liquidity is quite attractive to hackers who can easily sell them on the darknet.
- Personal Information Theft — Loyalty programs contain a wealth of personal information, including credit card info and addresses, all of which can be sold or exploited for further gain.
- Unclaimed Rewards — With such a large untouched balance of points globally, both small and large-scale fraudsters are attracted to this honeypot.
ATTACKS COME FROM ALL ANGLES
Not only can hackers attempt to exploit your loyalty program, but loyalty abuse can come from your program members and your employees, too. The three main types of loyalty fraud can be categorised based on these origins:
- Loyalty Fraud By Hackers
Hackers pose the most significant risks to loyalty programs as they can create thousands of fake accounts quickly, steal customer’s personally identifiable info (PII), take over customer accounts, and accumulate enormous points balances in unauthorised ways. Akamai recently reported over 100 billion credential stuffing attacks between 2018 and 2020.
- Loyalty Fraud By Your Employee
Employees with access to the loyalty program’s internal systems or the ability to assign points can pose a serious threat. They may add extra points to their points balances, steal unclaimed points from others, or pass on loopholes to customers in order to encourage them to sign up for the program.
- Loyalty Fraud By Your Customer
Qualified customers can game the system by creating multiple accounts to earn more points, selling or transferring points illegally, or repeatedly returning items after earning points. The fraud is bound to spread as more customers become aware of a loophole.
THE FINANCIAL IMPACT IS THE TIP OF THE ICEBERG
We often look to the hard costs associated with fraud, which are significant, including:
- Cost of reimbursing stolen customer points, which may be in the millions of dollars.
- Massive customer churn resulting in lost lifetime value.
- Loss of future revenue.
- Expensive fines and lawsuits often accompany customer data breaches.
- Inability to expand or offer new services due to costs, vulnerabilities, and inability to transact imposed by transactional partners.
What is more challenging to quantify are the soft costs associated with such incidents.
- Loss of trust from members and partners
- Damaged partner relationships
- Reputational damage
- Negative public relations
- Loss of a sales tool and value for customers
5 BASIC PRACTICES TO AVOID LOYALTY FRAUD
Loyalty fraud may be rampant, but it is preventable. Below are a few basic tips that can help businesses prevent loyalty fraud from hackers, members, or employees:
- Keep up to date with the latest methods used to attack loyalty programs so you are prepared to mitigate the behaviour quickly.
- Educate customers and staff about loyalty fraud schemes, phishing, and how to use strong passwords, multi-factor authentication, and the value of their rewards currency.
- Review KPI’s and avoid those that incentivise inappropriate internal behaviour.
- Design your program with protection for members in mind. Improve security with encryption and authentication based on triggered alerts.
- Create a dedicated fraud team within the loyalty program who randomly audit customer and employee accounts and closely monitor loyalty program metrics to identify fraudulent activities faster.
This is just the beginning. Detecting and preventing loyalty fraud is a complex task that warrants a more in-depth discussion.
THE BOTTOM LINE
Fraudsters will attempt attacks at all unguarded entry points and most loyalty program managers learn about vulnerabilities long after customers have been exploited and significant damage has been done. Hence, loyalty program designers and managers need to be more proactive by designing and testing their programs with fraudulent attacks in mind.
The trend is growing and the costs can be crippling. Taking the time to implement robust detection and prevention mechanisms is worth the investment. I highly recommend seeking professional advice from a fraud prevention specialist no matter what stage your program is at.
If you’d like to learn more about Loyalty Fraud, check out the Introduction to Loyalty Fraud Course from The Loyalty Academy. It will be offered live February 23, 2021 at 3pm EST — and available on-demand after that.
Robyn Simpson, CLMP, is founder of MarketSmartly which specializes in retaining the right customers in a rapidly changing world.