E-Commerce Fraud Alert: How to Spot Loyalty Fraud

One of the most critical components to a business’s success is developing a loyal following, and many merchants have implemented loyalty programs to reward their best customers. But the last thing on merchants’ minds when they launch these programs is that they’re particularly attractive to fraudsters.

With reward programs’ potential dollar value estimated to be $48 billion, a fraud attack on these programs can easily result in a significant hit to an e-commerce merchant’s revenue — with a potential hit to reputation not far behind.

What Loyalty Fraud Looks Like

Loyalty fraud isn’t just about stealing cash; it can manifest itself in numerous ways including:

  • Making purchases to generate bogus loyalty rewards. Hackers accessed Kohls.com customer accounts to order expensive merchandise and have it shipped to the victim. The criminals weren’t looking for the merchandise — they’re after the Kohl’s Cash store credits they can use for merchandise that’s easily resold or that can be returned for store credit.


  • Hacking alternative payment systems. Nearly 16 million people use Starbucks’ mobile app, which lets customers quickly pay for purchases, earn rewards and auto-reload their accounts by connecting it to their credit cards. Fraudsters take advantage by hacking into accounts, transferring the value to gift cards they control and using the auto-reload feature to immediately access more cash.
  • Hacking point accounts. There’s an entire underground network for hackers who steal and sell hotel and travel points and then make fraudulent travel redemptions.
  • Stealing credit card and member identity data. Some cybercriminals hack loyalty accounts to send themselves virtual gift cards that can then be sold online.

Risking More Than Revenue: The Other Effects of Reward Program Fraud

Because more than 80% of customers consider their loyalty rewards equivalent to cash, a program hack is a significant financial hit to both businesses and customers. But fraud is measured in more than just dollars.

One study found 26% of customers would cancel their reward program membership if they were the victim of loyalty fraud, while 17% would even stop doing business with the company. And 37% of dissatisfied customers would alert others about their fraud exposure — with many taking to social media to share their negative experience.

With rising threats to consumer trust, credibility and revenue, merchants must look for ways to prevent loyalty fraud.

7 Ways to Protect Reward Programs From Fraudsters

Most rewards programs are just as — or even more — vulnerable to fraud as other online accounts, because they lack robust security procedures such as login authentications and complex password requirements.

As awareness of this vulnerability grows, merchants are realizing the need for prevention strategies like these:

  1. Establish a recovery plan. In the event of a hack, how will merchants compensate customers for the inconvenience and risk of compromised data?
  2. Monitor customer account activity. Look for account changes that seem out of the ordinary, such as an increase in changes to IP addresses, mailing addresses and emails. To protect your customers, implement a monitoring system that sends alerts when changes are made.
  3. Send regular status updates. Customers don’t always regularly log into their loyalty accounts to check their balances. Consider sending regular updates about balances and redemptions.
  4. Limit opportunities for fraud. Subway, for example, found that the stamps used in its loyalty program could be easily counterfeited. To make matters worse, employees were also caught stealing and selling the stamps. By the time Subway realized the extent of the fraud, significant financial damage had been done.
  5. Establish rules to limit earnings and redemptions. Consider basing rewards earnings on frequency (e.g., a maximum of two check-ins weekly) or minimum purchase amounts (e.g., earn rewards after a spend of $20 or more). Restrict redemptions by having a minimum spend of expiration date on the coupon (e.g., $10 off coupon toward a $50 purchase at your retail location that expires in 10 days)
  6. Increase login security. A multifactor authentication process can reduce security gaps, but ensure it doesn’t impede legitimate customers trying to access their accounts.
  7. Educate customers about security. Advise users to routinely change and strengthen passwords and monitor their rewards accounts.

Fraudsters are always looking for the next vulnerability that will give them access a customer’s most sensitive data — and loyalty programs are a prime target. But by implementing a comprehensive fraud security solution, merchants can minimize the damaging effects that loyalty and rewards fraud can have on their reputation and their bottom line.

As you consider a fraud protection solution for your e-commerce sales, don’t forget about protecting the value in your loyalty program, too. Talk with a ClearSale credit card fraud analyst today to learn how our multilayered approach can help provide fraud alerts and protect your business against the rising threat and cost of fraud.

Is a Fraud Managed Services Solution Right for Your Business?