News & Events

Keeping your loyalty program safe from fraud

Alert
05.24.2021

man holding credit cardTo generate revenue and foster customer loyalty, many businesses, including retailers, airlines and credit card companies, create loyalty and reward programs. Such programs can help companies attract and retain customers, but they may also be subject to fraud and abuse.

ATO risk

Loyalty programs are particularly vulnerable to account takeovers (ATOs). In these schemes, a criminal assumes control of a customer’s loyalty or rewards account and monetizes it. The thief redeems points for goods and services for personal use or sells them on the black market. These days, the information usually ends up on the dark web.

ATOs often are successful because many loyalty programs lack the robust fraud controls and dedicated teams of investigators to prevent and investigate them. Often, companies don’t understand the extent of fraud and abuse taking place in their programs to justify the investment.

3 steps

To help minimize fraud risk and limit financial losses, consider taking the following steps:

  1. Conduct a risk assessment. Review your loyalty program’s terms and conditions, structure, and activity to ascertain the potential for fraud and abuse. Think about engaging a suitably qualified fraud professional with experience evaluating loyalty programs to guide your efforts. 
  2. Gather and analyze historical losses. Establish a central location for employees to report fraud and abuse. Dissect each loss to identify its root causes and develop a list of potential control failings for remediation. And, if you don’t already have one, establish an anonymous hotline for employees and customers to report suspected fraud.
  3. Evaluate technology solutions. Use the results of your risk assessment and historical analysis of losses to pinpoint potential weaknesses for technology to address. For example, technology can help authenticate customers to prevent ATOs. It can also monitor transactions for activity indicative of fraud. 

Watch your customers

Although ATO schemes involving criminals are common, your company can’t overlook the potential for legitimate customers to abuse your loyalty program. For example, customers may redeem points, then deny doing so and ask you to credit their accounts. Sometimes unethical customers sell their points to online brokers and deny having done so when challenged. Customers could also open multiple accounts under their own or assumed identities to receive new account sign-up bonuses.

Finally, don’t overlook the fact that employees may compromise loyalty accounts. Make sure managers are aware of the possibility and keep an eye on workers with access to the accounts.

Maintain strong security

Contact us for help assessing the security of your loyalty program. If you suspect a widespread fraud problem, we can devise controls to limit thefts and losses.

Jump to Page

Boyer & Ritter LLC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek