If something has value, criminals will want to get their hands on it. Money, financial products, consumer goods, flights and phones – the list is inexhaustible. Yet, as professionals tighten up security to keep themselves, and their customers safe, there is a growing new trend that could prove equally damaging unless businesses take action: loyalty fraud.
Value of the UK’s loyalty schemes
Reward and loyalty schemes are long established in North America. They first made inroads in the UK more than 30 years ago, where they gained traction in the mid-1990s after the country’s biggest supermarket chain, Tesco, launched the Tesco Clubcard. A look at the current top 10 loyalty schemes in the UK shows just how much money is at stake today:
The total for the top 10 comes to £5.7bn. It is big business and it is little wonder that criminals might want a piece of it. With 92% of the adult population of the UK a member of at least one loyalty scheme, combating fraud is a cause that pretty much everyone has a stake in.
Confusion and apathy
While practically every UK consumer is a member of a loyalty scheme, not everyone is an active member. Research by Loyalive, a loyalty scheme smartphone app, found that in 2015 20% of loyalty programme members hadn’t cashed in during the previous 12 months while 7%, or three million scheme members, had never cashed in ever.
In total, £6bn has gone unclaimed from the top 10 loyalty schemes in the UK and this has significant implications in terms of fraud and security.
Financial professionals regularly remind the public that they should check their bank and credit card accounts daily. It is only through such regular checks that account holders can spot fraudulent activity and act on it before it is too late.
The same holds true with loyalty programmes; if scheme members aren’t keeping track on their points, they won’t know if they have been compromised.
How the frauds work
Loyalty fraud tends to work along the same lines as card-not-present (CNP) fraud, with criminals getting access to schemes through a mixture of phishing scams, identity theft and hacking weak and vulnerable passwords.
Once criminals have these points, they can be spent on almost everything. Nectar for example, whose partners include supermarket chain Sainsbury’s and BP garage stations, has 19m members and points can be spent with over 500 different companies including some in the travel and online gaming industries. These sectors are highlighted as they are especially vulnerable to fraud.
How much of a problem?
Nectar has already been targeted by fraudsters. In February 2015, the scheme reported that points had been stolen from members and were being spent on eBay and in the high street retail chain Argos.
Although Nectar responded with a pledge to increase security, the hack demonstrates the scale of what is a growing problem and the ambition and tenacity of the fraudsters. It is also afflicting the airline industry, where the formation of groups such as Star Alliance to aggregate loyalty programmes across several carriers has provided fraudsters with bigger potential targets.
Last December, reports suggested that the loyalty schemes of 10 or more major UK retailers had been infiltrated by hackers, and that numerous fraudulent loyalty point accounts were on offer on the dark web in exchange for Bitcoin.
Fighting the threat
There are three main elements to this threat: stopping loyalty schemes being breached, scheme members guarding their information and knowing when transactions made using points are genuine or fake.
1) Keep the data safe: Only keep as much as you need and keep it secure. Loyalty schemes, if hacked, can lead to identity theft.
2) Educate scheme members: Loyalty points have a cash value and should be treated with the same care as bank and credit card accounts.
3) Keep watch for fraudulent loyalty point transactions: The indicators of CNP fraud – such as different addresses, different internet service provider (ISP) addresses, different spending patterns and testing on small items before going for the ‘big ticket’ items – are all present for loyalty fraud too. Use the same techniques used to fight CNP fraud to fight loyalty fraud.
Loyalty schemes are valuable in terms of money and in terms of customer care and they are big business.
Businesses rely on them for customer marketing information, to ensure customer loyalty and to boost sales. Keeping them safe means keeping them popular. And keeping them popular means boosting profits and remaining financially strong.
Unbelievably, Kodak has created its own ‘Kodak moment’ worthy of going in the blockchain industry’s family album by announcing the launch of 'KodakCoin'. Even though the Kodak press-release is suspiciously light on details, this is perhaps not as bonkers a move as it first appears. Distributed ledger technology was designed to track assets, and valuable images and digital rights management seems a natural fit.
We have been witness to a series of significant security events recently around payment execution, from Leoni in Germany through to ABB in South Korea and SWIFT in Bangladesh to name a few of the major headlines.
When Mark Cuban declared that "Data is the new gold" he highlighted why information is possibly the most valuable asset a business has. APIs are the unsung heroes that make it possible to extract that value.
How treasury stands to benefit from blockchain: Ripple’s goal to revolutionise cross-border transactions
Imagine a world where cross-border transactions can occur in real-time, at a few cents per transaction, to and from any bank, in any ... read more