Don’t Get Betrayed by Loyalty Program Fraud
Incentives work. Even the savviest consumers can be swayed by the promise to throw in a little something extra with their purchase, and many merchants find that providing customers with rewards in exchange for their repeat business is an effective way to build up goodwill and keep them coming back.
Digital technology has made it possible to create ever more sophisticated and engaging loyalty programs, but this also attracts fraudsters who take advantage of loopholes and vulnerabilities in these programs to steal the rewards. Why is loyalty and reward program fraud on the rise, and what can merchants do to protect their own programs?
Loyalty programs have been around for quite a while, in the form of things like frequent flyer miles and buy-ten-get-one-free punch cards.
In today’s ecommerce environment, where customers sign in to unique accounts that allow them to be identified and tracked more easily, merchants can offer incentives for various forms of engagement and give customers points that can be redeemed for rewards of their own choosing—discounts, coupons, free gifts, early access, or anything else the merchant thinks they might want.
The main benefit of a loyalty program is that it increases customer retention. Few merchants need to be reminded of the value of long-term repeat customers, and 69% of consumers say that loyalty programs influence their decisions about where to shop. But generous loyalty programs that provide real value can be a double-edged sword—the better the rewards, the harder fraudsters are going to try to steal them.
What is Loyalty Program Fraud?
Loyalty program fraud isn’t as clear cut as credit card fraud, but it can describe any instance where someone acquires or redeems reward points that they didn’t really earn. Loyalty program fraud may be carried out by third-party fraudsters, but it’s not uncommon for legitimate customers or even the merchant’s own employees to be involved in this type of fraud.
Account takeover fraud often precedes loyalty program fraud. When fraudsters use stolen login credentials, identity theft, or brute force attacks to hack into a customer’s account on a merchant website, one of the first things they will do is try to extract any money they can out of the account owner’s points or unclaimed rewards.
For fraudsters, gift cards can be the most lucrative rewards, as these can be easily liquidated on dark web markets. When reward points can be redeemed for things that have value, but are not easily resold—food delivery, for example—fraudsters may just try to sell access to the entire account.
When merchants create loyalty programs with loopholes that can be exploited, they shouldn’t be surprised to find their own customers trying to take advantage.
Referral abuse is sadly common—when customers can earn points by getting their friends to create an account with the merchant, some of them may create fake accounts to increase their earnings. When employees have the power to grant rewards, they too may get roped into fraudulent schemes, like giving away free points to their family members.
Why is Loyalty Program Fraud on the Rise?
The growth and evolution of loyalty programs has been driven by customer demand, competitive markets, and new technologies like apps and social media that expand the range of possibilities for creating customer incentives and redemption options.
In short, all of the value that merchants are pouring into their loyalty programs is making them honeypots for fraudsters.
At the same time, neither merchants nor customers are paying especially close attention to loyalty program security. Customers don’t always monitor their point totals closely, and merchants usually allocate their security budget and resources toward the more quantifiable problem of credit card fraud.
Loyalty program fraud can’t result in chargebacks when no payment card transactions are involved, but they can still be costly and detrimental to merchants.
Customers who get victimized by loyalty program fraud may feel disinclined to keep shopping with a merchant after they lose all of their hard-earned points. When loyalty programs become liabilities for merchants, they are likely to scale their programs back, causing them to lose out on the benefits that motivated them to implement such programs in the first place.
How Can Merchants Prevent Loyalty Program Fraud?
Loyalty program fraud must be dealt with on multiple fronts, depending on where it’s coming from. With no associated chargebacks to alert merchants after the fact, loyalty program fraud can go undetected for a long time. Merchants need to audit their programs to look for signs of account takeover (such as unusual point accumulations and expenditures), and to determine whether or not their customers and employees are abusing the system.
Account takeover attacks are a serious problem for all merchants, even the ones without loyalty programs. Beefing up your login security with two-factor authentication and strong password requirements can block a large percentage of takeover attempts, and behavioral analytics can be used to identify accounts that have been compromised.
Proper training will help reduce loyalty program fraud from your employees. Simply providing clarity about your policies, and making employees aware that manipulating the program will not be tolerated, can be an effective deterrent. You may also want to put internal controls in place to limit their ability to award or transfer points without approval.
If you find that your own customers are gaming the system to score unearned points, review your program and close up any technological or policy loopholes. If you’re giving out referral points, for example, you could require the referred accounts to remain active for a period of time before awarding the points.
It may be tempting to come down hard on customers who take advantage of you, but if you just quietly address the vulnerabilities in your program, they may revert back to being normal repeat customers.
While loyalty program fraud is one form of cybercrime that isn’t likely to result in a dangerous surge in your chargeback rate, it can still be a major headache for merchants. The biggest danger is that it damages confidence in the loyalty program itself, which can otherwise be a valuable tool for improving customer experiences and motivating them to stick with you for the long haul.
By carefully reviewing your program’s policies and implementation for fixable issues, you should be able to reduce fraud and abuse while continuing to offer valuable rewards for your dedicated customers.