Fraud and fraud prevention represent a never-ending battle between Bad Guys and Good Guys. The basic rule is that Bad Guys will A) steal anything of value and B) and anything that’s not nailed down.
People need to understand that somewhere in a bleak Stalin-era warehouse located in Belarus, people are using their laptops to rob you blind.
It’s hard to believe that the first major retail breach took place at Target in 2013 and resulted in a complete turnover of their c-suite. Today, we find out about breaches that happened months earlier, we barely raise an eyebrow. Customers are getting lazy when it comes to this kind of fraud and there is a price to be paid. Maybe we will change our passwords, but then again, maybe not.
Since the mid 1990’s as a nascent eCommerce market grew, insidious groups of Bad Guys followed close behind. As the payment ecosystem became more complex and more sophisticated, Good Guys did their best to pace themselves with the imaginative genius that Bad Guys often deployed.
Countless billions have been spent to make transactions safe. There are a variety of authentication protocols on the front end of the transaction, rules that have been created in tandem with the provider, and consortium databases designed to mitigate the spread of fraudulent spenders.
As the payment ecosystem becomes a little more hardened, enterprising Bad Guys often look elsewhere. They will poke around the soft underbelly of eCommerce to find something else to steal and they have hit gold—your loyalty points.
Loyalty points are the byproduct of a retail relationship and they are the “glue” they keep you coming back. For the most part, they arrive after the transaction has been completed. When it comes to airline miles, they are the main enticement to filling out a credit card application.
However, most people don’t realize that loyalty point theft represent a $48 billion dollar opportunity. Bad Guys are stealing your loyalty points. Not only do they have a tremendous value point, but they are often far easier to steal because they are not as hardened as the transaction itself.
Loyalty point fraud has doubled since last year and this spike will continue into 2021. Per Gartner, nearly 70% of those polled say that they have been victims of some sort of loyalty fraud.
All a Bad Guy needs to do is to access your login information. After that, they are a few keystrokes away from cleaning out your airline miles that will be laundered and sold on the Dark Web. So, if somebody steals you American Airlines miles, somebody else will be enjoying your vacation in Cabo San Lucas.
Worse, here is the kicker. Unlike the consumer protections found in fraudulent ecommerce purchases, if somebody steals your loyalty points, they are gone, unless the merchant chooses to refund them out of the kindness of their heart.
Amir Mousa commented in Fraud Prevention News that there were five important things every loyalty program manager should know.
He said, “Spread awareness. Discuss fraud schemes in loyalty programs with employees and offer training or education on the topic. Track account activity. If an organization is vocal and transparent that they are tracking activity in their accounts, it’s a proactive way to prevent fraud against customers and employees alike. Monitor the behavior in accounts. If a customer’s behavior suddenly changes from their baseline, that’s a red flag to follow up on. Implement multiple security features. Since loyalty points can be as valuable as cash, they should be protected with similar security barriers. Organizations should use security questions and multi-factor authentication. Communication. Companies need to communicate immediately with customers when they find anomalies.”
However, there is one additional important piece. Sounding the alarm that loyalty fraud is spiking makes it our responsibility as consumers to do our part to protect a $48 billion dollar marketplace.
Payments, Fraud, and Leadership 