As loyalty program databases and the depth of information around the world grows in size, security concerns, namely loyalty program fraud, are increasing and becoming a major concern for practitioners. Whether the fraudsters aim to steal points, divert rewards, find a back door to credit card details or just identify individual’s personal information, the threats are real and can have serious implications to our industry.
The latest security bombshell comes out of the UK where Tesco, the leading grocery chain and a long time poster child for loyalty excellence, announced a security issue involving up to 600,000 Clubcard loyalty members. The supermarket giant believes the security breach involved fraudsters attempting to use stolen usernames and passwords on its websites.
Tesco issued the statement, "We are aware of some fraudulent activity around the redemption of a small proportion of our customers' Clubcard vouchers ... Our internal systems picked this up quickly and we immediately took steps to protect our customers and restrict access to their accounts ... We have asked customers affected to reset their passwords and are contacting customers whose Clubcard vouchers may have been affected to let them know that we will replace these vouchers and issue new Clubcards, as a precaution."
Tesco seemed to detect and correct this breach quickly, but it's another example that loyalty fraud is increasing. Program managers must continue to be vigilant and take their role as fiduciaries seriously. In that same breadth, consumers must be smart about password creation and management: take advantage of password manager services, use two-factor authentication, and use unique passwords. And keep in mind that even if you are diligent about password management, things can still happen, so it's important to routinely check your accounts and update your passwords.
In this case, user names and passwords were stolen from an outside database and used in an attempt to access Clubcard accounts. So as loyalty program currencies continue to become more valuable, we're left wondering: What will the fraudsters try next?