Loyalty Leakage: How Fraudsters Exploit Loyalty Programs

Loyalty programs aren’t just all the fashion for gas and convenience store companies; they’re essential for companies in the industry to remain relevant and competitive in the fast-changing modern world. 

KPMG found that in 2015, 90% of forecourt revenue came from fuel. In 2022, that was 50%. By 2030, they anticipate that it will be only 20%, with 40% of revenues coming from retail, food, and beverage, 30% from adjacent services, and about 10% from mobility services.

Loyalty programs are crucial for success in this world. Unfortunately, they’re also a popular avenue for fraudsters to exploit.

Loyalty Programs: What’s Not to Love?

A Gartner survey found in 2022 that 50% of US respondents use a loyalty card or app for gas price discounts. This number has almost certainly grown since then, and so has the way loyalty programs function in convenience stores for non-fuel purchases. 

Consumers are entirely on board with loyalty programs at their favorite gas stations and convenience stores. They provide greater flexibility in how to pay, give access to discounts for fuel, other goods, and sometimes even related services, and make it easier to track spend and compare prices. 

The benefits for companies are just as strong. Just to name a few:

  • Increase customer loyalty at a time when the industry and customer behavior are in flux
  • Increase spend and engagement on individual visits and also recurring visits
  • Insights into typical customer demographics and behaviors
  • Position the company for a future in which fuel-focused spending is a less significant part of revenue
  • Provide a path to create a competitive advantage not purely based on the price of fuel
  • Increased communication touchpoints with customers

So, we all love loyalty programs. Unfortunately, so do fraudsters. 

Pumping Up the Fraudster Pressure

The bad news is that the better the loyalty program, the more it attracts fraudsters. The same things that legitimate customers enjoy appeal to criminals, as well. Forter’s data suggests that looking across industries:

  • Accounts that participate in loyalty programs are 4-5 times more likely to come under attack by fraudsters
  • Accounts with money or points stored in the account are 6-7x more likely to be targeted
  • Loyalty programs that stretch beyond a single company or brand are attacked 2.5x more than ones that don’t

While great for the company, the expansion into loyalty programs opens up many opportunities for fraudsters. 

Instead of fuel, which is a very specific product that’s not particularly attractive for fraud because it’s physical and difficult to resell, fraudsters have access to fluid points, which can be used to buy a multitude of items or even leveraged to sell an account on to an unsuspecting buyer. 

Naturally, fraudsters are willing to invest in taking over legitimate accounts — or setting up fake accounts — and using stolen payment methods to fund them. 

Don’t Let Risk Restrict Rewards

The greatest risk that fraudsters pose to loyalty programs is accidental. It’s common for companies to be so concerned about the real dangers of fraud attacks against their loyalty programs that they artificially constrict what they’re willing to offer as part of the program. 

That’s a real loss because it prevents the company from seeing the full potential of the value it should gain from the program and stops customers from benefiting fully. It’s a long-term risk, too, because re-envisaging the nature of the business to become customer-centric rather than product-driven is critical to success in this industry. 

It’s also unnecessary. 

Instead of reducing the benefits you’re willing to offer as part of your loyalty program, invest in ensuring that you’re confident in the identities of your customers and those using your app or card.

You can identify legitimate customers by their known data points, device and cyber intelligence, and behavior. Returning fraudsters are also actors you can identify by seeing through their smokescreen of disguise. Account takeovers can be pinpointed on the same basis. 

I know that this approach works because I’ve seen merchants working with Forter to protect their loyalty programs and increase the value available to loyal customers by 20% to 30% over 12 months. There’s room for growth and the capacity to do it safely. 

For gas stations and convenience stores in particular, it’s not just possible to embrace loyalty programs as an important element of the business strategy; it’s essential. That means that fraud prevention and customer protection need to be baked in from the start — in balance with a firm focus on excellence, creativity, and innovation to make the program attractive, useful, and desirable for customers.

Doriel Abrahams is the Principal Technologist at Forter, where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.