Krebs on Security is reporting that criminals are taking over people’s loyalty program memberships as a way to defraud merchants and make some money.
Scam artists have been using hacked accounts from retailer Kohl’s.com to order high-priced, bulky merchandise that is then shipped to the victim’s home. While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up valuable credits called “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards.
The hack of a loyalty program shows that good security needs to apply across an entire organization. Companies need to be aware of the various ways criminals can try to in effect sneak value out of the company. As Krebs points out, loyalty programs are a big business.
It’s unclear how much is lost annual to points and rewards fraud, but the industry is ripe for the picking: Loyalty program experts at Colloquy.com estimated in 2011 that some 2.6 billion loyalty memberships generated some $48 billion in rewarded points and miles.
The problem is that people often do not think of these kinds of incentives and points as being ‘real money.’ But the value of the points and rewards can add up quickly, which is what draws fraudsters to look for ways to extract that value.
Overview by Ben Jackson, Director, Prepaid Advisory Service at Mercator Advisory Group
Read the full story here