Travel miles and hotel points are among the most coveted of loyalty rewards by consumers. They’re the stuff that dream vacations are made of. In a real sense, travel rewards are like money in the bank—only, a bank that consumers trust too much and don’t check often enough. Even the most conscientious travelers check their loyalty account balance infrequently, about once every three months. For other consumers, it’s more like once a year. And consumers are also more likely to use the same passwords year after year for their loyalty accounts, creating a perfect breeding ground for fraud.
The fact that most consumers (and even many travel companies) don’t pay a lot of attention to the security of their loyalty program accounts is the very reason why so many fraudsters do pay attention to them. Last year, loyalty fraud rose 89 percent, costing businesses more than $1 billion in the U.S. alone.
When travel rewards are stolen, the results can be heartbreaking. Dream vacations disappear and customers often don’t have the same assurances of reimbursement as they would with a bank account. This can be devastating to customer lifetime value, as it makes customers rethink whether they want to start the relationship all over again. While customers have to be more vigilant in protecting their loyalty accounts, so do travel companies. For example, multifactor authentication isn’t nearly as common for loyalty accounts as it is for other types of customer accounts.
But what about the consumers who don’t really care about loyalty points because they don’t accumulate enough of them or simply forget about them? Inactive loyalty accounts represent about one-third of all loyalty points issued. This makes them an especially easy target for fraud, as victims may never even realize they’ve been hacked. And hijacked accounts can quickly be converted into sellable products on the dark web, such as:
- Illegally purchased gift cards selling for half their face value
- A frequent flier account with a high number of miles that can be transferred
- A group of accounts with a modest number of points from a popular travel site that can be bundled together to buy services
Not all loyalty program fraudsters look like criminals. Loyalty fraud can be an inside job, perpetrated by employees who take advantage of their access to consumer accounts to steal unused points. And sometimes the fraudsters are otherwise legitimate customers who exploit policy loopholes to gain unearned points and rewards.
The best way to stop loyalty fraud is to protect the touch points between loyalty programs and customers. Whether a customer is logging into their account, redeeming rewards, changing their settings, updating their password, or something else, travel companies need to secure those activities against fraud without friction. Forter’s Loyalty Program Protection Solution is designed to do just that. It features:
- An advanced set of core capabilities that provide end-to-end protection against loyalty fraud, including real-time decisioning that gives a definitive “yes” or “no” for requested actions
- Adaptive authentication that reduces customer friction by triggering additional security measure only when necessary
- A global merchant network that understands the behaviors of over 620 million users
The travel industry is no stranger to security. By protecting their customers’ loyalty accounts, travel companies are protecting their customer relationships. After all, we could all use a vacation right about now, and losing it to fraud could be a one-way ticket to losing more customers.
To learn more about loyalty fraud and what you can do to prevent it, read the white paper, “Loyalty Fraud: Attacks From All Sides.”