The industries that offer loyalty or rewards programs is growing and are popular with businesses and consumers. According to LoyaltyOne, a loyalty advisory company, there are at least 3.8 billion rewards memberships in North America. The loyalty rewards accounts in North America are worth more than $60 Billion with an estimate of $250 Billion globally according to Loyalty Fraud Prevention Association group.
Despite all that value, security around rewards programs is often less than robust. In recent years, the loyalty programs have been hit by an increased rate of fraud attacks (for example Scene, PC Points, Marriott Rewards, Radisson, Master Card, etc.) as these programs are a repository of two things criminal hackers want: points that can be used to make purchases or converted to cash and data that can be sold and exploited for account takeover. Due to a simple password and/or PIN-based authentication requirements, it is easy for bot-assisted criminal hackers to crack and access many loyalty accounts.
According to PYMNTS, attacks on loyalty accounts rose nearly three times from 2016 to 2017, at a global cost of $2.3 Billion (USD). It is expected that the cost of rewards program fraud is high in the last 3 years and is expected to keep on rising in the next 5 years.
Loyalty program breaches generate bad publicity that can contribute to customer churn and penalties. Breach remediation often includes the cost of replacing stolen rewards, loss of customers and brand impact. With the breaches in the last couple of years, it has become obvious that how big of a target loyalty programs are for organized criminal hackers. Marriott and Radisson have been in the headlines in late 2018 because of loyalty program breaches. In February 2019, Marriott rebranded its rewards program which is a beneficial move as most consumers are often wary of brands that have been breached. Marriott also faces $123 million in GDPR fines, based on the loss of personal data for customers in the EU and UK. As more countries and local governments enable consumer data protection laws similar to California Consumer Privacy Act, organizations will face a growing list of penalties and fines for loss of their loyalty and rewards program data.
In 2019, the account takeover went up by 79% compared to 2018. With the rise of account takeover, organizations offering loyalty rewards programs will require increased attention and investment. Peter R. Maeder, co-founder of the Loyalty Fraud Prevention Association, in an interview with PYMNTS pointed out that “biometric technology, such as fingerprint and face scanning, are tools that could be used to prevent fraudsters from gaining access to accounts”.
With BlokSec’s patent-pending decentralized authentication, rewards and loyalty programs can cut down account takeover attacks making it almost impossible for criminal hackers to gain access to customer accounts to complete such attacks. BlokSec provides a much stronger authentication mechanism that relies on the power and convenience of a mobile device combined with blockchain technology to provide a strong, friction-free login.
Protecting loyalty programs should be a top priority for all merchants, restaurants, banks and other businesses as account takeover and other digital fraud attacks deter loyal customers. Without loyal customers, organizations will have a financial impact and will struggle to survive.