At its core, a loyalty program is a marketing tool designed to keep customers coming back. In exchange for their “loyalty” to your brand, products, or services, you reward these customers with discounts, freebies, and perks.
Setting up a loyalty program is fairly easy — especially if you use our free guide here. The impact is measurable; it’s reported that customer retention is five to 25 times cheaper than trying to attract new users. The fact that returning customers also spend up to 31% more (per purchase) is simply icing on the cake.
However, none of these benefits emerge if your customer retention efforts fall victim to loyalty program fraud.
How Does Loyalty Program Fraud Work?
Because loyalty programs usually rely on points or rewards (instead of monetary transactions), they don’t receive the same level of scrutiny that other aspects of retail do — like secure credit card payments. Even the average customer doesn’t track his or her loyalty points until he or she is ready to use them.
As such, most loyalty programs don’t benefit from strong data security. This lack of oversight invariably attracts criminals and thieves. For although loyalty programs don’t normally involve monetary transactions, stolen points are as good as cash if those rewards can be redeemed for flights, hotels, and other big-ticket purchases.
When it comes to loyalty card fraud, some criminals don’t even bother trying to redeem these points. Instead, they sell them on the dark web — often for a fraction of their original value.
Make no mistake, the monetary losses from loyalty card fraud are substantial — with an estimated $1 billion being stolen every year. This trend is on the rise, with some years seeing a tripling in the number of loyalty program attacks.
To highlight just one common example, a thief might obtain a customer’s login credentials for a given retailer — using phishing emails, fraudulent calls, or a fake website. Once inside the system, that thief can simply transfer the points to a loyalty card that he or she owns.
It really is that easy.
Even worse, it’s possible to scale up this operation using bots that try to access lots of accounts. In fact, an estimated 40% of travel-related web traffic comes from “impersonator” bots that are designed for this purpose.
It gets worse.
Loyalty program fraud can also happen when employees claim unused “customer” benefits for themselves. Doing so is as easy as logging into a company computer or simply picking up some unattended loyalty cards by the cash register.
Even your customers can get in on the action by finding loopholes in your loyalty program. Just ask David Philips, a very determined customer who earned millions of frequent flyer miles by buying 12,000 tiny cups of Healthy Choice chocolate pudding. His total investment cost only $3,150. He even made some of that money back by donating his pudding to charity and qualifying for an $815 tax deduction.
Loyalty Program Fraud Prevention Tips
Loyalty program fraud is a problem that affects customers and the businesses they patronize. As a consumer, here is a fantastic set of tips to help safeguard all the loyalty points you’ve accumulated over the years.
As a business owner, loyalty program fraud prevention is a little bit more involved. Below are some best practices you should consider implementing ASAP:
- Examine your current rewards program for any potential loopholes. Doing so won’t necessarily shield you from career criminals, but this examination could help prevent bad behavior from customers like David Phillips.
- Limit employee access to all loyalty program data on a strictly need-to-know basis. Known as the principle of least privilege, this approach can help reduce the likelihood of loyalty points falling into the wrong hands.
- Have everyone on your team use strong (and unique) alphanumeric passwords for every account. If possible, you should set up your website so that customers are also required to use secure passwords.
- Always alert users if and when a data breach occurs. In the aftermath of a breach, most businesses, banks, and victims focus on potentially compromised credit card data. When notifying your customers, have them carefully check their loyalty points, as well.
- Enable two-factor authentication (2FA) for all logins — both for your employees and for your customers. Thieves can easily get their hands on one piece of information (like a password). It’s much harder for them to gain access to mobile devices or guess people’s high school mascot.
- Tokenize everything. This data security method is normally used to protect payment information — like credit card numbers. Yet tokenization can be used for any piece of data, including usernames, passwords, and email addresses.
Let Us Help Make Your Loyalty Program More Secure
As a business owner, you’re likely aware that cybercriminals are always lurking in the shadows — ready to steal sensitive data from your payment system. Knowing that your customers and employees may also be involved can be a terrifying prospect.
However, none of this should discourage you from launching a loyalty program. Provided you take commonsense steps to protect yourself, the benefits (in terms of extra sales) far outweigh the potential downsides.