The exponential rise in e-commerce has been matched by an exponential rise in fraud. While the ability to shop and carry out transactions online has brought untold benefits to business and consumer alike, it has also brought untold opportunities to criminals.
Businesses are, or at least should be, well prepared against the threat of fraud. Database breaches and card-not-present fraud are all constant threats and no business wants to fall foul of them, says Donald Bush is the vice president of Marketing at Kount.
Yet there is another form of fraud that is on the rise and one which should be treated with the same concern as CNP fraud and data breaches: loyalty fraud.
The attractiveness of loyalty schemes to fraudsters
Loyalty schemes have changed since the old days of the Co-op dividend and Green Shield Stamp. They’ve gone digital and they are something that almost all of us are members of. 92% of the UK’s adult population are members of loyalty schemes and they have a combined value of £5.7bn.
They are valuable in terms of the monetary value and the information that they hold on scheme members. And this value is making them, increasingly, a target for fraudsters.
How the fraudsters attack
There are two ways that loyalty schemes are under threat from fraudsters.
The first works along the same lines as CNP fraud but, instead of getting access to someone’s payment details, fraudsters gain access to loyalty schemes through a mixture of phishing scams, identity theft and hacking weak and vulnerable passwords.
Loyalty points can be used for almost anything and, so, have a quantifiable monetary value. As they are managed and spent through smart cards and online accounts, the parallels with CNP fraud are clear. If a fraudster gets access to someone’s points account, they can spend them in the same way they would if they got access to their bank accounts.
The other way is the ever-present data breach threat. Scheme members share huge amounts of information with their schemes. Names, dates of birth, email addresses, home addresses, phone numbers…everything a criminal needs to commit identity fraud.
How real is the threat?
It is already happening. In December last year, JD Wetherspoon admitted a breach of their 650,000 strong loyalty scheme. Hackers obtained card details, names, addresses and other personal information.
Wetherspoon responded by saying that they would no longer hold certain types of information on customers on their database.
Nectar has also been a victim of fraud. In February 2015, the scheme reported that points had been stolen from members and were being spent on eBay and in Argos. Nectar have promised to increase security in the light of this.
When Britain’s biggest pub chain and biggest loyalty scheme are hit by criminals, it demonstrates not only the value of these schemes to criminals, but also the scale and audacity of the fraudsters’ ambition.
Fighting this fraud.
The two elements to this fraud; data breaches and points theft and misuse can be fought using the existing methods and protocols retailers should have in place to fight other frauds
1. Keep your customer information safe: If it is easy for customers to access, it’s easy for criminals to access. Consider multifactor authentication to access online loyalty schemes.
While this might make it slightly more inconvenient for customers, it is nothing compared to the inconvenience of having to rebuild your credit history after suffering identity fraud.
2. Keep watch for fraudulent loyalty point transactions: If you have the technology in place to spot CNP fraud, and there is no excuse not to, then you have the technology in place to spot loyalty point fraud. The indicators of fraud are very similar; unusual spending patterns, different address from usual, using a different ISP address, testing on small items before moving to the big ticket ones.
If your business is set up to spot CNP fraud, it can spot loyalty points fraud too.
Fighting loyalty fraud doesn’t necessarily mean huge investment in new tools. What it does mean, though, is treating your loyalty schemes, and their members, with the same diligence and care as you treat your payment processes and other fraud sensitive aspects of your business.
This is how the fraud can be stopped in its tracks.
The author of this blog is Donald Bush is the vice president of Marketing at Kount.
About the author:
Donald Bush is the vice president of Marketing at Kount
Don joined Kount as the Director of Marketing in October 2010 and became vice president of Marketing in December 2012. Don has worked in several management roles within the technology segment for over 20 years with both hardware/software manufacturers and as a partner in two top technology marketing agencies. He has led products launches and marketing programs for dozens of companies around the world such as Citi, HP, IBM, Kodak, Motorola and Weyerhaeuser, and co-authored the seminar series, “Common Launch Disasters and How to Avoid Them.”
Comment on this article below or via Twitter: @ VanillaPlusMag OR @jcvplus
