Loyalty & Rewards Programs – How Secure Are Your Customer Accounts?

Written by Ketan Kapadia
consent based aproval

The industries that offer loyalty or rewards programs is growing and are popular with businesses and consumers. According to LoyaltyOne, a loyalty advisory company, there are at least 3.8 billion rewards memberships in North America. The loyalty rewards accounts in North America are worth more than $60 Billion with an estimate of $250 Billion globally according to Loyalty Fraud Prevention Association group.

Despite all that value, security around rewards programs is often less than robust. In recent years, the loyalty programs have been hit by an increased rate of fraud attacks (for example Scene, PC Points, Marriott Rewards, Radisson, Master Card, etc.) as these programs are a repository of two things criminal hackers want: points that can be used to make purchases or converted to cash and data that can be sold and exploited for account takeover. Due to a simple password and/or PIN-based authentication requirements, it is easy for bot-assisted criminal hackers to crack and access many loyalty accounts.

According to PYMNTS, attacks on loyalty accounts rose nearly three times from 2016 to 2017, at a global cost of $2.3 Billion (USD). It is expected that the cost of rewards program fraud is high in the last 3 years and is expected to keep on rising in the next 5 years.

Loyalty program breaches generate bad publicity that can contribute to customer churn and penalties. Breach remediation often includes the cost of replacing stolen rewards, loss of customers and brand impact. With the breaches in the last couple of years, it has become obvious that how big of a target loyalty programs are for organized criminal hackers. Marriott and Radisson have been in the headlines in late 2018 because of loyalty program breaches. In February 2019, Marriott rebranded its rewards program which is a beneficial move as most consumers are often wary of brands that have been breached. Marriott also faces $123 million in GDPR fines, based on the loss of personal data for customers in the EU and UK. As more countries and local governments enable consumer data protection laws similar to California Consumer Privacy Act, organizations will face a growing list of penalties and fines for loss of their loyalty and rewards program data.

In 2019, the account takeover went up by 79% compared to 2018. With the rise of account takeover, organizations offering loyalty rewards programs will require increased attention and investment. Peter R. Maeder, co-founder of the Loyalty Fraud Prevention Association, in an interview with PYMNTS pointed out that “biometric technology, such as fingerprint and face scanning, are tools that could be used to prevent fraudsters from gaining access to accounts”.

With BlokSec’s decentralized authentication, rewards and loyalty programs can cut down account takeover attacks making it almost impossible for criminal hackers to gain access to customer accounts to complete such attacks. BlokSec provides a much stronger authentication mechanism that relies on the power and convenience of a mobile device combined with blockchain technology to provide a strong, friction-free login.

Protecting loyalty programs should be a top priority for all merchants, restaurants, banks and other businesses as account takeover and other digital fraud attacks deter loyal customers. Without loyal customers, organizations will have a financial impact and will struggle to survive.

Stop Fraud

Secure your customers and your organization from fraud.


Related Articles

Strengthening Online Security: The Rise of Phishing-Resistant Authentication

Strengthening Online Security: The Rise of Phishing-Resistant Authentication

In an era dominated by digital interactions, ensuring the security of our online identities has never been more critical. Phishing attacks, a prevalent form of cybercrime, trick individuals into revealing sensitive information. In this blog post, we explore the concept of phishing-resistant authentication, its methods, benefits, and how it’s reshaping the landscape of online security.

Achieve Zero Trust with Passwordless

Achieve Zero Trust with Passwordless

The acceleration of digital transformation has fueled the adoption of mobile and cloud technologies and we can no longer have a network perimeter-centric view of security. Instead, we need to securely enable access for various users – employees, partners, contractors, etc. – regardless of their location, device or network. We review how Passwordless authentication lays the foundation for a Zero Trust Architecture by providing the highest level security and a frictionless user experience.

Stay up-to-date with the latest news and updates

Join our newsletter

Keep in touch with us and stay up-to-date on how you can protect your and your organization from identity-based attacks.

Get 12,000 free logins.

No credit card required.