Loyalty & Rewards Programs – How Secure Are Your Customer Accounts?

Written by Ketan Kapadia
consent based aproval

The industries that offer loyalty or rewards programs is growing and are popular with businesses and consumers. According to LoyaltyOne, a loyalty advisory company, there are at least 3.8 billion rewards memberships in North America. The loyalty rewards accounts in North America are worth more than $60 Billion with an estimate of $250 Billion globally according to Loyalty Fraud Prevention Association group.

Despite all that value, security around rewards programs is often less than robust. In recent years, the loyalty programs have been hit by an increased rate of fraud attacks (for example Scene, PC Points, Marriott Rewards, Radisson, Master Card, etc.) as these programs are a repository of two things criminal hackers want: points that can be used to make purchases or converted to cash and data that can be sold and exploited for account takeover. Due to a simple password and/or PIN-based authentication requirements, it is easy for bot-assisted criminal hackers to crack and access many loyalty accounts.

According to PYMNTS, attacks on loyalty accounts rose nearly three times from 2016 to 2017, at a global cost of $2.3 Billion (USD). It is expected that the cost of rewards program fraud is high in the last 3 years and is expected to keep on rising in the next 5 years.

Loyalty program breaches generate bad publicity that can contribute to customer churn and penalties. Breach remediation often includes the cost of replacing stolen rewards, loss of customers and brand impact. With the breaches in the last couple of years, it has become obvious that how big of a target loyalty programs are for organized criminal hackers. Marriott and Radisson have been in the headlines in late 2018 because of loyalty program breaches. In February 2019, Marriott rebranded its rewards program which is a beneficial move as most consumers are often wary of brands that have been breached. Marriott also faces $123 million in GDPR fines, based on the loss of personal data for customers in the EU and UK. As more countries and local governments enable consumer data protection laws similar to California Consumer Privacy Act, organizations will face a growing list of penalties and fines for loss of their loyalty and rewards program data.

In 2019, the account takeover went up by 79% compared to 2018. With the rise of account takeover, organizations offering loyalty rewards programs will require increased attention and investment. Peter R. Maeder, co-founder of the Loyalty Fraud Prevention Association, in an interview with PYMNTS pointed out that “biometric technology, such as fingerprint and face scanning, are tools that could be used to prevent fraudsters from gaining access to accounts”.

With BlokSec’s decentralized authentication, rewards and loyalty programs can cut down account takeover attacks making it almost impossible for criminal hackers to gain access to customer accounts to complete such attacks. BlokSec provides a much stronger authentication mechanism that relies on the power and convenience of a mobile device combined with blockchain technology to provide a strong, friction-free login.

Protecting loyalty programs should be a top priority for all merchants, restaurants, banks and other businesses as account takeover and other digital fraud attacks deter loyal customers. Without loyal customers, organizations will have a financial impact and will struggle to survive.

Stop Fraud

Secure your customers and your organization from fraud.


Related Articles

Achieve Zero Trust with Passwordless

Achieve Zero Trust with Passwordless

The acceleration of digital transformation has fueled the adoption of mobile and cloud technologies and we can no longer have a network perimeter-centric view of security. Instead, we need to securely enable access for various users – employees, partners, contractors, etc. – regardless of their location, device or network. We review how Passwordless authentication lays the foundation for a Zero Trust Architecture by providing the highest level security and a frictionless user experience.

3 best practices to keep critical infrastructure secure from cyberthreats

3 best practices to keep critical infrastructure secure from cyberthreats

Critical infrastructures have faced a barrage of cyberthreats in recent years, and operators now recognize that future attacks are a matter of ‘when’ rather than ‘if’. With 56% of the utilities network operators worldwide, reported at least one shutdown or operational data loss per year and 54% expected an attack in the coming year posses a major cyberthreat to energy and utility organizations. In this blog we explore 3 best practices that critical infrastructure sectors need to adopt to keep the malicious actors from a barrage cyberthreats.

3 Benefits of a Frictionless and Secure Digital Banking Experience

3 Benefits of a Frictionless and Secure Digital Banking Experience

Over the past decade the banking and finance industry has experienced a monumental shift that brought both unique challenges and opportunities for institutions all over the world.  Fast forward to today one thing is apparent – banks that choose to maintain the status quo simply will not be able to compete in a digitally accelerated landscape. In this blog we review the top 3 benefits of a frictionless and secure digital banking experience.

Stay up-to-date with the latest news and updates

Join our newsletter

Keep in touch with us and stay up-to-date on how you can protect your and your organization from identity-based attacks.

Get 12,000 free logins.

No credit card required.