Leading the fight against loyalty fraud

Loyalty points have value. And when something has value, criminals will want to get their hands on it. So retailers and consumers have to work to keep these loyalty programmes safe according to Don Bush.

Don Bush, vice president of marketing, Kount
Don Bush, vice president of marketing, Kount

The UK loyalty landscape

A look at the Top Ten loyalty schemes in the UK shows just how much money is at stake and the sheer number of us who are members

Top 10 UK loyalty programmes1


All this adds up to a total value of £5.7 billion. It is big business and it is little wonder that criminals might want a piece of it. With 92 percent of the adult population of the UK a member of a loyalty scheme, it is something that each and every one of us takes part in.

How loyalty frauds work

No industry suffers from payment fraud quite like the airline industry. Figures from Europol suggest that fraud has cost the industry €1 billion in Europe alone2.

Of course, the airline industry takes this seriously and is fighting back, but air miles (the airline industry's loyalty scheme) are proving attractive to fraudsters.

Criminals can gain access to someone's loyalty points in the same way they can gain access to other accounts such as hacking poor passwords and phishing scams.

Once they have access to these points, they can start to spend them; buying airline tickets and then either using them themselves or selling them on sites such as Craigslist.

Of course, air miles have far more uses than this and with airline alliances, such as Oneworld Alliance, offering air miles across all members that can be exchanged for goods and services, the opportunities for fraudsters are abundant.

This pattern is one that is reflected across all loyalty schemes. Get access to passwords, get access to points and then use them for money generating purposes.

How much of a problem is it?

It is a new problem but it is a fast growing one. In early 2015, for example, both United Airlines and American Airlines suffered breaches of loyalty programmes with hackers using stolen points to purchase flights3.

Critically, it wasn't hacking that led to this breach, it was using passwords and login details the fraudsters had obtained elsewhere.

In late 2015, it was revealed that the UK pub chain JD Weatherspoon had suffered a data breach of its loyalty programme, compromising the details of around 65,000 members of its loyalty scheme4.

These are not isolated incidences and are indicative of not only the scale of the growing problem but the two pronged attack by criminals; getting the points and getting the personal details.

Fighting back

The threat can be broken down into two main elements

1)    Employ the same techniques to fight loyalty fraud as you do to fight other sorts of fraud. When fraudsters are using loyalty points to make purchases, there are often similar patterns to when CNP fraud happens. A different USP from usual, a different device than usual (coming from a mobile instead of a laptop, for example) and purchasing patterns that are different from expected ones.

2)    Keep your customer data secure. When customers join a loyalty scheme, they expect rewards, discounts and offers. They don't expect identity theft. Treat the information you have from loyalty schemes with the same care and diligence as you do their payment details.

The good news for retailers is that while loyalty fraud might be a relatively new form of fraud, it is being carried out using, by and large, the same techniques as criminals use for other types of fraud.

So fighting it requires a combination of the same approaches to other fraud and an understanding that it is a growing and significant threat.

That is how loyalty fraud can be tackled.

Contributed by Don Bush, vice president of marketing, Kount