When Fraudsters Take a Vacation

Theft of loyalty points has become a serious issue in the travel industry. But is it being taken seriously by hotels and airlines?

With a new year comes new optimism that there will be a return to activities like travel. Some consumers will log in to book travel for the first time in a while, or to revisit rewards points, and it’d be a terrible surprise to find out they have been compromised by online fraud.

The word “fraud” has many associations. such as the image of a hacker tapping into someone’s social-media profiles or thieves who ring up large bills on a consumer’s credit card. For retailers, issues with policy abuse, such as customers “wardrobing” (wearing clothes with the tags on and then returning it despite the item then being ineligible), may be the association.

The goal of a fraudster can vary, from phishing attempts, to racking up a bunch of charges on someone else’s credit card to “borrowing” an outfit from a store. However, what about when fraudsters take a vacation?

What about someone intentionally stealing loyalty points?

Perfect Breeding Ground

According to Mordor Intelligence, the global loyalty-management market was valued at $3.2 billion in 2019 and is expected to reach a value of $11.4 billion by 2025. Hotel and airline-industry rewards programs essentially allow their customers to collect points or miles each time a room or flight is booked within the brand.

Travel rewards are like money in the bank. However, unlike actual banks, these are ones consumers trust too much and don’t check often enough.

Miles and hotel points encourage many consumers to stick with where they can receive the most “points” as they travel. For those closely making purchasing decisions linked by the rewards—investing their time, money, and energy on brand loyalty —to have the fruits of their labor ripped away would be devastating.

Unfortunately, account takeovers by fraudsters have become quite common within travel industries. In 2020 alone, account takeovers were up 282% compared to the previous year. Combined with lackadaisical password practices and even the most conscientious of customers checking their loyalty-account balances only about once every three months, this is the perfect breeding ground for scammers to cash in on loyalty points.

When travel rewards are stolen, the results can be devastating for customers, as this is the product of their conscious choice to support a business to achieve the goal of a dream vacation or hotel spot. Organizations that permit this behavior by not taking responsibility for the threat of fraud will also face very real consequences.

While customers have to be more vigilant in protecting their loyalty accounts by checking in more often and practicing good cyber hygiene, travel companies have steps to take as well.

Practical Steps

So what can be done about this issue?

1. Leverage the largest possible network to ensure your customer account information is safe. Don’t rely only on your internal network; work from a global network.

While no network is fully immune to cybercriminal activity, working from a global network typically means a greater volume of security measures for hackers to infiltrate to get their prize—customers’ information and points. The greater size and complexity of the locations in the global network allow organizations to keep data safer than when all is concentrated in one location. In the case of a small and dense network, a cybercriminal needs only to target one site to access customers’ accounts.

2. Automate decisions. Utilize machine learning to instantly distinguish fraudsters and customers.

By incorporating technology intended to catch fraudsters, travel businesses can best monitor for suspicious activity on customer accounts. This also means the business assumes the responsibility to protect their loyal customer relationships, something hotels, airlines, and more should prioritize to ensure long-term business with frequent travelers. After all, the accounts and points will not protect themselves. If a rewards program is promised, the business must be willing to put proper measures in place to protect their offerings. Allocating resources to an automated learning-based platform will save businesses time, energy, and customer relationships in the long term.

3. Streamline the customer experience. Save customers from multifactor authentication by identifying them with precision.

Another part of offering a rewards program is, again, ensuring that the business is able to provide the reward to customers who reach the aspirational number of points. It is not up to the customer to ensure that their points are not swiped out from under them. That’s up to the company that offers the grand prize. This is why businesses should aim for a secure strategy to protect their business from fraud thatdoes not require more to do on the customer’s end.

If they are signing up for travel arrangements, why should it be on the customer to go the extra mile to have multifactor authentication? Would they still use a business that does if some systems offer simpler, more secure travel programs? Rewards programs should be simple and user-friendly for customers. Don’t put it on customers to secure their own accounts when technology is out there to streamline the experience.

The numbers do not lie. The travel industry needs security solutions. Fraudsters have proven they know how to take advantage of vulnerable systems. Companies that protect their customers’ loyalty accounts are the ones that are protecting their customer relationships. After all, no lifelong customer wants an explanation of why their dream vacation was compromised.

—Yohana Andom is senior product manager at Forter Inc., New York, N.Y.