If something has value, criminals will want to get their hands on it. Money, financial products, consumer goods, flights and phones – the list is inexhaustible. Yet, as professionals tighten up security to keep themselves, and their customers safe, there is a growing new trend that could prove equally damaging unless businesses take action: loyalty fraud.
Value of the UK’s loyalty schemes
Reward and loyalty schemes are long established in North America. They first made inroads in the UK more than 30 years ago, where they gained traction in the mid-1990s after the country’s biggest supermarket chain, Tesco, launched the Tesco Clubcard. A look at the current top 10 loyalty schemes in the UK shows just how much money is at stake today:
The total for the top 10 comes to £5.7bn. It is big business and it is little wonder that criminals might want a piece of it. With 92% of the adult population of the UK a member of at least one loyalty scheme, combating fraud is a cause that pretty much everyone has a stake in.
Confusion and apathy
While practically every UK consumer is a member of a loyalty scheme, not everyone is an active member. Research by Loyalive, a loyalty scheme smartphone app, found that in 2015 20% of loyalty programme members hadn’t cashed in during the previous 12 months while 7%, or three million scheme members, had never cashed in ever.
In total, £6bn has gone unclaimed from the top 10 loyalty schemes in the UK and this has significant implications in terms of fraud and security.
Financial professionals regularly remind the public that they should check their bank and credit card accounts daily. It is only through such regular checks that account holders can spot fraudulent activity and act on it before it is too late.
The same holds true with loyalty programmes; if scheme members aren’t keeping track on their points, they won’t know if they have been compromised.
How the frauds work
Loyalty fraud tends to work along the same lines as card-not-present (CNP) fraud, with criminals getting access to schemes through a mixture of phishing scams, identity theft and hacking weak and vulnerable passwords.
Once criminals have these points, they can be spent on almost everything. Nectar for example, whose partners include supermarket chain Sainsbury’s and BP garage stations, has 19m members and points can be spent with over 500 different companies including some in the travel and online gaming industries. These sectors are highlighted as they are especially vulnerable to fraud.
How much of a problem?
Nectar has already been targeted by fraudsters. In February 2015, the scheme reported that points had been stolen from members and were being spent on eBay and in the high street retail chain Argos.
Although Nectar responded with a pledge to increase security, the hack demonstrates the scale of what is a growing problem and the ambition and tenacity of the fraudsters. It is also afflicting the airline industry, where the formation of groups such as Star Alliance to aggregate loyalty programmes across several carriers has provided fraudsters with bigger potential targets.
Last December, reports suggested that the loyalty schemes of 10 or more major UK retailers had been infiltrated by hackers, and that numerous fraudulent loyalty point accounts were on offer on the dark web in exchange for Bitcoin.
Fighting the threat
There are three main elements to this threat: stopping loyalty schemes being breached, scheme members guarding their information and knowing when transactions made using points are genuine or fake.
1) Keep the data safe: Only keep as much as you need and keep it secure. Loyalty schemes, if hacked, can lead to identity theft.
2) Educate scheme members: Loyalty points have a cash value and should be treated with the same care as bank and credit card accounts.
3) Keep watch for fraudulent loyalty point transactions: The indicators of CNP fraud – such as different addresses, different internet service provider (ISP) addresses, different spending patterns and testing on small items before going for the ‘big ticket’ items – are all present for loyalty fraud too. Use the same techniques used to fight CNP fraud to fight loyalty fraud.
Loyalty schemes are valuable in terms of money and in terms of customer care and they are big business.
Businesses rely on them for customer marketing information, to ensure customer loyalty and to boost sales. Keeping them safe means keeping them popular. And keeping them popular means boosting profits and remaining financially strong.
Tim de Knegt, treasurer for the Port of Rotterdam, discusses how he is looking to bring more value to the Port's clients using blockchain.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.