Loyalty schemes a target
Rewards programs are now the focus of criminals, writes Anthony Keane
CONSUMER loyalty programs are a new frontline for fraudsters who are stealing points then turning them into ill-gotten gains.
From frequent flyer schemes to retailers’ shopping rewards, criminals are taking advantage of many people’s lack of focus on their loyalty programs and point balances to rip them off.
Global fraud protection company Forter says loyalty program fraud has jumped
89 per cent in 12 months amid rising numbers of data breaches.
In the past year global airlines Cathay Pacific and British Airways have battled data breaches, while Mastercard’s German loyalty program was also hit by hackers.
Closer to home, the popular Woolworths Rewards loyalty program was hit by fraudsters in late 2018 and again in December last year. Forter CEO Michael Reitblat said many consumers did not pay attention to their loyalty program accounts, with nearly half of all accounts inactive as points were not tracked or redeemed. This made them “low-hanging fruit for fraudsters”, Mr Reitblat said.
“Loyalty program points are a currency as valuable and untraceable as cash,” he said.
It’s estimated that consumers have collected $72 trillion worth of unspent reward points globally, and these can be stolen and used to redeem flights, consumer goods or even cash discounts.
A Woolworths spokesman said its loyalty program member reports of fraud in December had, in all cases, been accessed with valid logins and passwords, “indicating fraudsters had obtained login credentials from online scams or other sources”.
“We took the precautionary step of locking down any accounts with suspicious point redemptions while working with individual members to verify if the activity was legitimate,” he said.
“Any fraudulently redeemed points were reinstated to members in full. We also reported the matters to police.”
The spokesman said consumers should carefully guard their loyalty program user names and passwords, set strong and unique passwords for their rewards accounts, regularly check their account and be careful when disclosing information online and on social media. “Fraudsters use phishing scams, where they imitate well-known brands, to gather personal information that can enable them to access online accounts,” he said.
Cybersecurity firm Norton LifeLock said some criminals were combining loyalty program card data with credit and debit card details to steal people’s identities.
It warned consumers to: • Be careful what you share on social media and websites.
• Disclose as little information as possible to program providers. • Consider using a secondary email address.
• Use unique passwords and consider password protection technology.
• Beware of fake loyalty program apps.