Balancing Loyalty and Loss Prevention: How to Battle Rewards Program Fraud

Retailers are focused on developing long-term customer relationships that drive profits. While product, price, and promotion will drive some customers to your store or website, other customers are looking for loyalty programs that provide value beyond a basic transaction.

The loyalty market is projected to grow at nearly 20% CAGR, projected to reach $10 billion globally by 2027. In the meantime, as retailers strive to retain customers during the pandemic, loyalty programs are a proven way to attract customers, collect data on their purchase habits, recommend purchases using AI programs, and reward customers with perks.

Customers continue to sign up for loyalty programs but may not always use the points they earn. How much do retailers and other loyalty programs have in unused loyalty points? Starbucks is reported to have over $1.6 billion in unused points on customer loyalty cards and wallets.

Why is Loyalty Fraud on the Rise?

Loyalty programs are as diverse as the retailers who offer them. While some loyalty programs lead to rewards or perks, traditional programs offer points based on what the customer spends. The rewards typically include discounts or even cash rewards. With billions in unused points and rewards, it is easy to see why fraudsters are looking to exploit these valuable programs.

Gartner estimates that there are over $140 billion in unspent loyalty points, making it a prime target for criminals, with an estimated $3 billion in fraudulently redeemed points. There are typically three ways for criminals to gain access to a loyalty account:

• Account Takeover (ATO) – Occurs when a criminal takes over an existing account.
• Synthetic Identity Fraud – Uses a combination of real and fake information to create an account.
• Identity Fraud – Criminals use information from identity theft to establish a new account.

Because of the relative ease of establishing or taking over an account, in addition to the high reward point balances, loyalty programs are a growing target for fraud. Companies have made it easier to redeem points but do not always have the high-security protocols in place that might be comparable to credit card security. Points are harder to protect because they can be collected and used at different parts of the customer journey, not just collected during a one-time transaction. Loyalty points fraud also travels “under the radar”, not receiving the attention that identity theft or other forms of payment fraud receive.

Common types of Loyalty Program Fraud

Loyalty program fraud is only limited by the imagination of the fraudster. Schemes include opening multiple accounts to get valuable points upon signup and then transferring all the points to a single account to use. Similarly, an ATO attack may take loyalty point values and transfer them to another single, fraudulent account. They may redeem the points for products, only to sell the products for cash, including gift cards which can be sold at a significant reduction from the face amount. Fraudsters may also hack loyalty program accounts to get the more valuable credit card and identity information, only to use the data for additional theft.

Daniel Shkedi of Forter indicated, the primary goal for fraudsters is the same: monetize loyalty points.

Fraud can also be an “inside job,” commonly referred to as internal or employee theft. It is not uncommon for employees to rack up points on their personal loyalty cards by entering their card numbers for purchases made by non-loyalty program customers. With the growth of third-party shoppers, additional loyalty program vulnerabilities are on the rise.e

It is not just fraudsters that take advantage of loyalty program loopholes. Some otherwise legitimate customers also exploit loyalty program policy and procedural gaps to take rack up extra loyalty points. One customer legally earned 1.2 million airline miles, about 40 round trips to Europe, by buying 12,000 pudding cups. Frequent travelers also share their tips on how they continue to legally “hack” travel reward programs, earning millions of miles each year.

The Cost of Rewards Fraud

Fraud is expensive. Not only do retailers suffer from increased shrink and lose potential revenue, but they also incur the expenses necessary to investigate fraud and develop enhanced more secure loyalty programs.

Of bigger concern is the damage to a retailer’s reputation. Customers join loyalty programs as part of a trusted relationship. When the trust is broken due to fraud, chances are good the customer will stop purchasing from the retailer as well. Social media and negative publicity can also impact a retailer’s brand and the reputation of their loyalty program.

Why isn’t more done to stop loyalty program abuse? Reward programs are usually a low priority within the organization. Management must decide where and when to invest resources and loyalty programs are rarely a top priority.

Unfortunately, fraud organizations are just that - organized and sophisticated, often operating on a global level. Keeping pace with criminals invested in and rewarded by fraud schemes should not be overlooked.

Preventing Loyalty and Reward Program Fraud

To combat fraud, retailers have to make difficult decisions that include implementing stringent policies that close loopholes for fraud while still offering incentives to customers. More importantly, they must have secure systems at every step of the customer journey, that secure their information. Using data analytics to examine existing transactional data can also reveal gaps and potential fraud in current operations.

The first step in preventing fraud is raising awareness within your organization and with customers. Companies should track vulnerabilities and loopholes in their systems that lead to potential fraud before it happens. Data analytics software can help identify and quantify suspicious transactions that can point to unwarranted and unrecognized attacks.

Raising awareness with customers is also critical. Few customers are vigilant about checking point balances and only do so when a problem arises, as shown in the recent loss of over 200,000 AMEX points as a result of a hack. Changing passwords, not using public wi-fi, and other safety reminders can raise awareness with customers.

Recently, Agilence teamed up with Loss Prevention Magazine on a research report aimed at measuring the changing perceptions and value of Loss Prevention teams. Responses were collected from a hundred LP professionals at every level, operating in various industries. Download your free copy of the full report today to see the results.

Learn more about how to Combat Theft & Fraud.