Loyalty programs are successful business strategies in the retail and commerce industry because they present a win-win option for both the buyer and the seller. A loyalty program, also known as a brand rewards program, incentivizes customers to become patrons of one brand or chain. In return, the customers earn points on frequent purchases. The customers use these accumulated points by converting them into discounts or gifts.
But loyalty program fraud is on the rise over the past year, as reported by Retail Dive.
With the onset of the virtual age, brand loyalty programs have also gone digital. Notably, retail businesses store their customers’ data collected from forms filled for these programs. Customers also receive emails and messages regularly as reminders and updates related to loyalty programs. Hackers target these programs to access customers’ personal information and blackmail them for exorbitant ransoms on the dark web. There is an urgent need to secure retail businesses from brand loyalty fraud through application testing. Recent attacks that resulted in extensive losses prove that brand loyalty programs are becoming the next big target for cybercriminals who siphon off private information and money. Below are a few listed brand loyalty program fraud instances.
Brand Loyalty Fraud in the News
Mastercard Fraud- Around 90,000 German customers who were a part of the Priceless Specials rewards program for Mastercard became victims of a cyber-attack. The program included their personal information, including name, address and credit card number. Although the compromised data was generic in nature, fraudulent activity can still take place and this exposed how brand loyalty programs operated by third-party merchants do not have the required security safeguards.
Dunkin’ Donuts- Dunkin’ Donuts is a massive food chain with outlets worldwide. The company’s DD Perks Loyalty Program was run by an associated app managed by a third party. Hackers compromised the personal accounts of customers and stole a lot of data. Dunkin’ Donuts had to reimburse stolen rewards and a fine of $650,000 following a suit against them in New York State.
Frequent Flyer Miles- One of the most popular kinds of loyalty programs across the globe is frequent flyer miles. The stealing of flyer miles has increased and is a popular spurious commodity on the dark web. Comparitech reported thousands of stolen flyer miles, sometimes even hundreds of thousands at once.
Marriott hack- A significant blow on brand loyalty programs was the cyberattack on Marriott customer accounts. The criminals stole clients’ information from the Starwood Preferred Guest loyalty scheme. The amount of data stolen is not the only issue here, this type of fraud can grow to much higher stakes than just stolen loyalty points. Unfortunately, the only remedy available is to cancel and reissue a new card, involving administrative hassles that erode customer satisfaction levels as well as company reputation.
How to Prevent Brand Loyalty Fraud
Brand loyalty fraud has become more and more rampant in the past couple of years. This type of fraud will likely increase as hackers become more skilled. A robust mechanism such as cybersecurity maturity assessments, security checks and compliance codes must become a practice for all retail businesses. A few safety measures that can help businesses and customers are discussed in the following paragraphs.
Compliance Codes for Cybersecurity
Commission Multi-factor authorization – Companies must motivate consumers to use strong passwords and multi-factor authentication (for instance, 2FA).
Adherence to PCI standards can prevent credential stuffing attacks by adhering to the compliance code under PCI and other password-related breaches.
Follow the SOC 2 Code- The SOC 2 compliance code ensures a five-security principle to keep consumer data safe. The trust service principles are security, availability, processing integrity, confidentiality and privacy. The SOC code, by the American Institute of CPAs (AICPA), guarantees the safety of all consumer data stored in large business files.
What Can Consumers Do?
Customers can also defend themselves against such attacks by adopting simple practices while using their accounts. Stronger passwords and encryption software are effective ways of preventing cybercrimes. Also, members of any loyalty program should only log in to their account or feed sensitive personal data by directly logging in from the official website of any brand or business. Unsolicited links can lead to their servers being hacked and data being stolen.