Loyalty program fraud rose 89% year on year, predominantly driven by the amount of personally identifiable information (PII) available from increasing numbers of data breaches, according to the latest of Forter’s Fraud Attack Index.
With direct and indirect losses from loyalty and reward points fraud estimated at $1 billion every year, enterprises are struggling to limit damage as fraud attacks shift from the point of transaction to different elements of the buyer’s journey, including new account signup, login, and promotion and coupon use.
Loyalty programs have grown exponentially in the last decade, with memberships increasing nearly 10% year on year. Consumers have accumulated $48 trillion of unspent loyalty points globally.
Nearly half (45%) of loyalty program accounts are inactive, with consumers not tracking or redeeming points.
Merchants are unprepared to protect their loyalty programs, and based on research conducted by Forter, 42% state that they do not have the skills required to prevent fraud and abuse.
Also, nearly half report insufficient resources, and that loyalty program account fraud prevention is considered a low organisational priority.
“The combination of consumers not paying attention to their accounts and merchant unpreparedness is a big reason fraudsters find loyalty and rewards programs so alluring. It is clear that loyalty program accounts are low hanging fruit for fraudsters,” said Michael Reitblat, co-founder and CEO of Forter.
“Loyalty program points are a currency as valuable and untraceable as cash, and fraudulent activity in these accounts causes damage to brand reputation and monetary losses to merchants and consumers alike,” said Reitblat.
Cyber criminals take advantage of loyalty programs in several ways. The most significant attacks include fraudsters hacking into member accounts or creating fake accounts, and consumers oversharing coupons or promotional codes in violation merchant policies.
To address this problem, Forter has made available the Forter Loyalty Program Protection solution to protect high-value rewards programs from fraud and abuse.