Digital Transactions Authoritative, insightful and timely information for payments professionals
Loyalty points have become as valuable as traditional currency. That’s attracting fraudsters—and forcing program managers to redouble their efforts to protect members.
The risk of fraud threatens each and every aspect of our digital lives, including loyalty programs. Nearly 72% of loyalty-program operators admit to experiencing fraud issues, with cybercriminals hacking into accounts, stealing loyalty points, and selling them for a profit.
Since loyalty miles and points are often regarded as a currency that holds real monetary value, it’s important to have solid security measures in place. Here are some key considerations for protecting consumers’ loyalty assets.
Loyalty Credentials Should Be As Secure As Credit Cards
Although loyalty programs serve as an excellent way for brands to strengthen their relationship with customers, every relationship is built on trust. Loyalty-program operators must give to their customers’ data the same level of attention that credit card companies give security and fraud protection. Members are less likely to engage with a loyalty program that isn’t taking every precaution and security measure to protect their information and record of engagement.
Strength in Numbers: The Value of a Platform
Even though loyalty-program points and miles may not come in the form of cold hard cash, the loyalty industry is worth more than the videogame and movie industries combined, with $48 billion worth of customer loyalty rewards dispensed each year. It’s important that loyalty-program operators treat loyalty rewards as the currency that they are. Yet, despite the growing economic value of miles and points, loyalty-program operators still sometimes fail to implement proper procedures designed to maintain the privacy of program members.
One way loyalty programs can combat fraud is by seeking safety in numbers and plugging into a loyalty platform that is specifically calibrated to detect and minimize fraud. Through a platform of connected loyalty programs, each program benefits from the “network effect” whereby the system is able to identify overlapping patterns of fraudulent activities across all connected programs.
The platform gets smarter with every transaction that passes through it by identifying patterns and learnings across the industry. And not only does the platform offer faster detection, it allows for widespread prevention as well, making the process of taking corrective action to block fraudulent activity even more efficient.
Strength in Layers: The Value of Mobile Wallets
Mobile wallets have been a hot topic in the payment industry lately, and for good reason. Mobile-device payments in the United States are estimated to reach $90 billion by 2017 after totaling just $12.8 billion in 2012. As consumers turn to mobile devices to make payments and redeem loyalty rewards, mobile wallets will play a vital role in deterring cybercriminals from accessing loyalty accounts and stealing personal information in the process.
By enabling loyalty-program members to track, exchange, and redeem loyalty rewards within a payment app, mobile wallets provide users with unmatched security through an added layer of verification. Members are required to authenticate information from two accounts instead of one, reinforcing that the loyalty-program membership registered in the wallet matches the user of the wallet.
This added layer of protection offers a bigger challenge to attempted fraudulent activity, all while ensuring that a legitimate member is able to transact with his or her rewards.
Loyalty Programs Should Be Secure, but Still Convenient
Eliminating fraud while also improving engagement with a loyalty program is no easy task. Strict regulations, such as requiring the name on an airline ticket to match the name of the account owner, may reduce fraud, but at what cost? Although such measures will certainly make it more difficult for cybercriminals to illegally exchange and redeem miles and points they do not own, a business’s most loyal customers will be forced to jump through a few extra hoops to enjoy the rewards they’ve racked up.
Another method of preventing fraud is limiting the number and size of miles and points transfers between accounts, but that inadvertently damages the user experience.
To avoid such a problem, loyalty-program operators should seek solutions that program members are comfortable with. From device recognition to two-factor identification, here are few methods loyalty programs can implement to secure their members’ loyalty points and transactions without removing the features that attracted the members in the first place.
Implement Device Recognition
According to a study from TeleSign, 54% of consumers use five or fewer passwords for all of their online accounts while 47% rely on a password that hasn’t been changed in five years. These bad habits make it easy for consumers to fall victim to a domino effect in which all of their accounts face the risk of being hacked even after a cybercriminal has guessed just one of their passwords.
Rather than pleading with customers to choose and successfully keep track of unique passwords for each loyalty program they’re part of, businesses can reduce cybercrime by using device recognition.
Device recognition not only alerts businesses in the event that a loyalty account has been accessed from a new smart phone or laptop, but it can also detect whether one device has accessed multiple accounts in a short period of time.
As soon as a loyalty-program operator recognizes any suspicious activity from a new or existing device, he or she can immediately suspend the account or try to contact the owner to either confirm or deny any charges. Even more important, the device-recognition software will encourage consumers to update their account login information for any additional accounts that are protected by the same user name and password.
Monitor Account Activity
While device-recognition software can quickly reveal whether a consumer’s login information has been compromised, it isn’t as adept at identifying charges from a stolen device or credit card. Closely monitoring loyalty-account activity enables businesses to catch fraud before it escalates.
For example, a sudden influx of hundreds of thousands of miles into a loyalty account may indicate use of a stolen credit card. Similarly, a criminal who has stolen a smart phone could attempt to redeem or sell loyalty-program credits from an account the owner has previously logged into.
Instead of leaving customers to fend for themselves, data-profiling modules that monitor transactions for suspicious activities commonly linked to fraud can help prevent the fraud from ever occurring in the first place. Regularly monitoring account activity will improve the ability of loyalty-program operators to recognize and thwart fraud.
Require Two-Factor Authentication
The average American household has more than 10 active loyalty program memberships. Now take a moment to consider all of the other passwords consumers need to keep track of. From email to credit cards, it’s difficult, if not impossible, to create and remember unique passwords for each online account without the help of a mobile wallet or password manager.
Add in simple security measures that will protect consumers in the event that one of their many other online accounts is compromised. This could include a question about something only the account owner would know such as their favorite teacher or their mother’s maiden name.
The loyalty industry shows no signs of slowing its pace. With 3.3 billion memberships in U.S. customer-loyalty programs, it’s vital to keep security and fraud protection at the forefront to protect your brand and your valued members.
—Chris Boyd is head of consumer products at Points, Toronto.
