Skip to main content

How to Protect Yourself and Your Customers from Loyalty Program Fraud

With rewards fraud and loyalty scams on the rise, it’s vital to know the most common cons and implement strategies to stop them.

loyalty program fraud

If loyalty fraud prevention and detection haven’t climbed up a few spots on your to-do list, it may be time to re-think your priorities. Loyalty fraud is the abuse of a company’s loyalty rewards program. And it’s a growing problem, having skyrocketed 89% from 2018 to 2019 alone,1 and with 72% of loyalty and rewards program managers having experienced fraud.2

Ignoring it isn’t a dollar-wise move, either. Losses from loyalty program fraud have been estimated at $1 billion.3 And that doesn’t count the long-term damage to a retailer’s reputation — or immediate customer defections. A quarter of loyalty program members say they would cancel their rewards program account if it were compromised, and 17% say they’d stop doing business with that company altogether.4

That makes it imperative for retailers to understand why loyalty programs are particularly vulnerable, how the most common scams work and what you and your customers can do to reduce risk.

Why has loyalty program fraud increased?

Let’s start with a big number: $48 trillion. That’s the estimated value of unused loyalty points in the market today.5 It’s an extremely enticing treasure trove for criminals, especially since reward points are easily made liquid.

Unfortunately, the C-suite often sees loyalty fraud prevention as a lower priority — not least because it’s a challenging undertaking, with every point of the member journey at risk. That’s one reason security for loyalty programs lags behind that for other services, like credit cards.

Compounding the problem, loyalty program members are less likely to monitor their rewards accounts as routinely as they might check a bank account. So, loyalty fraud may not be noticed until it’s been going on for a while.

What are the 4 types of loyalty fraud?

Not surprisingly for such a pervasive threat, loyalty fraud can take many different forms. Here’s an overview of the four most prevalent scams.

Account Takeover or Pirating

This type of loyalty fraud occurs when a criminal hacks into a customer’s rewards account, either with stolen credentials or with a combination of real and fake information (known as synthetic identity fraud). The fraudster takes control of the account and can then redeem the member’s rewards points — often for cash or gift cards, which can then be used or sold on. Or they may siphon off the member’s points by transferring them to another account or outright selling them. They may also sell the stolen personal information.

Knock-Off or Fake Accounts & Transactional Loyalty Fraud

In this scam, the criminal again uses stolen personal information — specifically including a loyalty member’s payment details. Instead of using the information to take over a real, existing account, though, the bad guy uses the information to create one or more fake loyalty accounts. They can then make transactions — buying things they don’t have to pay for, since they’re using stolen payment details — and earn loyalty points. Then they can redeem, transfer or sell the points.

Internal Loyalty Fraud

Internal, or employee, loyalty fraud may involve a store employee entering their own loyalty information during a transaction — for instance, if the customer doesn’t have a loyalty account or doesn’t provide their own information. Or the employee may credit the transaction to a family member’s or friend’s loyalty account.

Employee loyalty fraud may also occur if an employee with access to member accounts improperly adds or adjusts a customer’s points. Employees could also fraudulently transfer points from one account to another. The bottom line is that the employee ends up accumulating points they haven’t earned and may have stolen from a customer.

Member Loyalty Fraud

This reward redemption fraud can take multiple forms, all with the end goal of gaining points by “gaming” the system. For instance, someone could open multiple loyalty accounts under different identities to gather extra sign-up bonus points — then transfer all the points to a single account.

In another approach, the member could make purchases for friends to gain points, with the friend paying them back. Or they could make a large purchase, gain and redeem the points, then cancel the purchase. Some fraudsters may even try to redeem points simultaneously by phone and online in the hopes your systems aren’t well coordinated and they’ll get two rewards.

Another approach to member loyalty fraud can be members taking actions that earn points but go beyond the bounds of ethics. For instance, if you give loyalty points for such actions, the customer may post meaningless reviews, refer people who are highly unlikely to become customers or “overshare” your social media posts.

Members could also sell or trade their loyalty points — an action often banned by loyalty program conditions, but not always monitored.

What are some loyalty fraud detection tips?

Loyalty fraud detection is largely focused on monitoring member accounts to identify irregularities and atypical behavior. This may include:

  • Excessive number of member account log-in attempts in a short time
  • Frequent transferring of reward points, particularly in a short time
  • Multiple accounts opened under the same name
  • Unusual variances in redemption activity
  • Unusual changes to member account profiles
  • Merchandise shipped to an address not associated with the member’s account
  • Increased employee access to or time spent on the loyalty program database

Account monitoring may be done either manually or with loyalty fraud monitoring services, such as Forter, DataVisor, and Zebra. Either way, a company needs to create a system to flag activities like these and follow up to determine whether it’s a legitimate member action.

How can loyalty fraud be prevented?

Ideally, loyalty fraud prevention starts with the creation of a cross-functional team that will work on loyalty program-based fraud detection and loss prevention strategies. Include employees from such departments as IT, operations, loyalty/marketing and security. One high-priority task for the team should be reviewing your loyalty journeys to identify potential vulnerabilities.

Another important protection step is installing firewalls, antivirus software and malware programs, keeping them up-to-date and implementing routine system scans. Requiring multi-factor authentication and using CAPTCHA for member log-ins will add more layers of security for your systems and your member accounts.

Your loyalty fraud prevention team should also review the loyalty program terms and conditions with an eye to closing potential loopholes. For instance, they might consider:

  • Limiting the number of rewards accounts a single person can hold
  • Establishing rules around whether households can pool points
  • Limiting members’ ability to sell or gift points
  • Putting restrictions around the number of rewards a member can redeem at one time
  • Limiting the number of points that can be earned from social media engagement — an easy action to abuse
  • Delaying referral rewards until the referred person makes a purchase

In addition, you can reduce the monetary value of rewards — and thus the criminal temptations — by ensuring your program includes enticing soft benefits. For instance, these might include members-only events, early-bird access to sales, express check-out or exclusive content.

And you can help prevent internal loyalty fraud by training employees on the consequences they’ll face if they take part in a scam. But employees can also be a line of defense. Teach them about common fraud schemes, why they can be damaging and red flags to watch for. As part of this, making sure employees understand your loyalty program terms and conditions can help them watch out for member misbehavior.

How can customers help prevent loyalty program fraud?

Just as employees can be an important part of loyalty fraud prevention, so can your members. Here are eight steps you can take to encourage members to protect themselves and their well-deserved rewards.

  1. Educate members about loyalty fraud so they understand how the scams work and the need for protection
  2. Require complex passwords for member accounts and require that members change them periodically
  3. Routinely send points and rewards status updates, so members can more easily and regularly keep track
  4. Incentivize members to log in to their accounts more frequently — for instance, by placing special promotions behind log-in
  5. Encourage members to let you know if they suspect any suspicious activity related to their loyalty account
  6. Remind members to install your mobile app only from a trusted source
  7. Encourage members to use antivirus or malware software on any device they use to access their member account or make transactions with you
  8. Remind members not to click links or open attachments in unsolicited emails, texts or social media messages, and note that they should visit your loyalty microsite directly, not through links from questionable sources

The Payoff from Loyalty Fraud Prevention

There’s no question that loyalty program fraud is a serious and growing problem that can damage your customer relationships and your bottom line. Implementing the ideas above can turn the tide — helping protect your business as well as the loyal customer relationships that support long-term revenue.

Whether you’re looking for ways to prevent loyalty program fraud or simply want to refresh — or build — a customer loyalty program, CCG can help. We have 40+ years of experience in retail customer relationship marketing and loyalty programs, as well as expertise in customer loyalty communications and a deep knowledge of CRM and loyalty technology solutions. See how our experts can help you. Call 303.986.3000 or click below for a free consultation.

Sources

1 “4 Common Loyalty Program Scams, and How to Prevent Them,” The Wise Marketer, posted Dec. 21, 2021, https://thewisemarketer.com/data-and-privacy/4-common-loyalty-program-scams-and-how-to-prevent-them/, accessed March 28, 2022

2 “Loyalty and Reward Programs: An Open Door to Fraud,” Chris Martinez, Signifyd, posted Jan. 30, 2020, https://www.signifyd.com/blog/loyalty-reward-programs-fraud/, accessed March 28, 2022

3 “Loyalty program fraud is a growing problem. Forter is here to help,” Daniel Shkedi, Tim Sloane, PaymentsJournal, posted April 14, 2020, https://www.paymentsjournal.com/loyalty-program-fraud-is-a-growing-problem-forter-is-here-to-help/, accessed March 28, 2022

4 “Customer Loyalty Program Fraud,” Samuel Barton, Cecily Raiborn, Ph.D., C.M.A., C.P.A., C.F.E., SF Magazine, posted Dec. 1, 2019, https://sfmagazine.com/post-entry/december-2019-customer-loyalty-program-fraud/, accessed March 28, 2022

5 “Making Loyalty Pay: How to Keep Your Loyalty Rewards Safe from Scammers,” Phil Muncaster, WeLiveSecurity, posted Jan. 13, 2022, https://www.welivesecurity.com/2022/01/13/making-loyalty-pay-how-protect-loyalty-rewards-scammers/, accessed March 28, 2022

Sandra Gudat

Author Sandra Gudat

Sandra Gudat is CCG’s president & CEO. Considered a pioneer in the field of customer marketing, she has a diverse background in consulting, database marketing, advertising, retail and business management. She is a frequent speaker on customer loyalty marketing and developing customer-centric policies

More posts by Sandra Gudat

Leave a Reply