By Rich Stuppy
An evening at the movies recently turned into a frustrating experience for many Canadians: when they discovered that the valuable points they had collected on their movie rewards cards had disappeared into a
No, this isn’t the premise of the latest crime-action blockbuster. It’s a true story of loyalty card fraud that befell the Scene program, which is one of the largest points-based loyalty programs in Canada. Scene allows members to earn free movie tickets as well as rewards at restaurants and sporting goods stores.
Cineplex Entertainment, which operates the Scene program in conjunction with Scotiabank, said in a press statement that it had “identified some patterns of attempted fraudulent redemption activity in certain markets across Canada.” Many consumers reported losing thousands of points, which meant many lost evenings at the movies.
In cases like these, the pilfered points are just the coming attraction. Often fraudsters use stolen points to fund illegal transactions, such as booking plane tickets for human traffickers and drug smugglers. They also cash in points on the dark web to finance criminal schemes.
The vulnerability: and criminal appeal
The Scene breach shows just how vulnerable consumers are to loyalty program attacks. That’s partly because most consumers don’t monitor and protect their loyalty points as they would the money in their bank accounts. This has resulted in a broadening fraud epidemic in Canada, with leading loyalty programs like Air Miles, WestJet and PC Optimum being hit by breaches in recent years.
One reason fraudsters target Canadians is that they’re such avid collectors of rewards points. The average Canadian participates in 12.9 different loyalty programs, according to Bond Brand Loyalty’s The Loyalty Report 2019.
What’s more, the typical Canadian holds $832 worth of loyalty points says a new study by PC Financial Mastercard. On a national scale, that’s billions of dollars in unredeemed points sitting in loyalty accounts: a very large pot of gold for fraudsters.
A lot of people view loyalty points as a perk, a fringe benefit. But cybercriminals see rewards points for what they are: currency. And they go to great lengths to target high-dollar accounts and steal those points. Indeed, account takeover attacks have tripled in the last year alone and have cost consumers more than $5.1 billion worldwide, according to the 2018 Identity Fraud Report published by Javelin Strategy & Research. And, with businesses themselves now discussing rewards points as currency, expect the attacks to continue in the future because of the potential value to thieves.
Steps to take
So, what can be done? It’s important for loyalty programs to tighten their security and assure program members that they can redeem their points easily and confidently, without worrying about digital heists and account takeovers.
Loyalty programs must take fraud seriously and ensure that customers — not criminals — get full value from their points. Beyond lost rewards, missing loyalty points damages the customer experience and therefore brand reputation.
It’s also important for operators of loyalty programs to involve their members more closely in their own security. They can do this by encouraging members to sign up for fraud alerts, so they will receive texts or emails whenever their points are redeemed. Programs should also consider implementing multifactor authentication, which is much more secure than a simple username/password combination.
Another critical step that loyalty programs can take is to raise fraud awareness both within their organizations and among their members. For example, companies that run loyalty programs should make their internal teams fully aware of the magnitude of the fraud problem and the potential reputation risk. Meanwhile, they should encourage their customers to think of their loyalty accounts as the equivalent of bank accounts: and monitor them the same way. To help in this regard, they should make it as easy as possible for customers to check their points balances and review their statements for suspicious transactions.
Finally, retailers that operate loyalty programs should consider technology solutions that can automatically spot and stop loyalty program fraud. The best fraud prevention solutions use artificial intelligence (AI) to quickly and accurately detect loyalty fraud through a combination of supervised and unsupervised machine learning. With this capability, retailers can identify suspicious transactions with a high level of precision, then exercise real-time judgement to make the right calls for their businesses and their customers.
Retailers especially should bear in mind the reputational damage that can be done to their brand by loyalty program fraud. When customers are the victim of points theft, they don’t only lose their points: they lose their loyalty to you.
Rich Stuppy is chief customer experience officer, Kount.