PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Loyalty Program Fraud is a Growing Problem. Forter is Here to Help.

By PaymentsJournal
April 14, 2020
in Commerce, Featured Content, Fraud & Security, Fraud Risk and Analytics, Merchant, Security, The PaymentsJournal Podcast
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Loyalty Program Fraud is a Growing Problem. Forter is Here to Help.

Loyalty Program Fraud is a Growing Problem. Forter is Here to Help.

Fraud comes in many forms. When a criminal seizes control of another person’s legitimate account, that’s called account takeover (ATO) fraud. Then there’s synthetic identity fraud, which is when a criminal combines real and fake information to make an account. That’s in contrast to regular identity fraud, when a criminal steals a person’s real information to make a fraudulent account. While these types of fraud often get attention, there is one fraud vector that frequently flies under the radar: loyalty program fraud.

Loyalty program fraud—or reward points fraud—refers to when someone abuses or exploits a company’s rewards program for criminal purposes. Oftentimes, the criminal will utilize ATO or identity fraud to carry out loyalty program fraud. With over $140 billion in unspent loyalty points in the United States, according to data from Gartner, this fraud vector can be very lucrative for criminals. LSA estimates that $3.1 billion in redeemed points are fraudulent, a clear indication of the amount of money at stake.

To better understand loyalty program fraud and what solutions exist to address it, PaymentsJournal sat down with Daniel Shkedi, Senior Product Marketing Manager at Forter, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group. During the conversation, Shkedi and Sloane discussed the impact of this fraud vector, why companies struggle to catch it, and how Forter is working to stop loyalty program fraud.

“Loyalty program fraud is skyrocketing”

As the statistics in the introduction reveal, loyalty program fraud is a considerable problem. “I have to begin by saying that loyalty program fraud is skyrocketing,” said Shkedi. He added that direct and indirect losses from loyalty and reward points fraud are an estimated $1 billion, based off data from iApp. When you combine that with the estimated $3.1 in fraudulently redeemed points, the size of the problem comes further into focus.

There are four main reasons why this fraud vector is expanding. First, loyalty programs have evolved considerably in the last decade, with many now providing a variety of redemption options. As loyalty programs have become more complex, the value and liquidity of points has gone up. This makes loyalty programs an attractive target for fraudsters.

Second, while loyalty programs have become more complex, these programs’ fraud protections have often lagged behind other financial services, such as the security behind credit cards. As a result, “loyalty programs are an easy target for fraudsters,” explained Shkedi. Sloane agreed, likening loyalty programs to low-hanging fruit for fraudsters.

The third reason that loyalty program fraud is on the rise is that loyalty programs are simply harder to protect. “Loyalty fraud involves attacks at multiple touch points throughout the customer journey,” said Shkedi. Every step of the customer journey, from the sign-up process to the transaction and final redemption of points, is at risk of being compromised, making it extremely difficult to protect accounts. Finally, unlike the other types of fraud vectors, which have generated a lot of news and attention, loyalty fraud has largely gone unnoticed. “Customers are less aware of this type of fraud, making it easy for fraudsters to steal points under the radar,” noted Shkedi. All four of these reasons have combined to make loyalty points the new currency for fraudsters, he said.

The common types of loyalty program fraud

One common avenue for attack is account takeovers. Criminals will often leverage a variety of methods—including brute force attacks, stolen credentials, and automated cyber-attacks—to gain access to someone’s account. Once inside, the criminal can steal reward points, either redeeming them for money, or transferring them into another account for a later redemption. Some criminals will also hack into accounts to steal credit card information or make fraudulent transactions.

Another method relies on standard or synthetic identity fraud. Criminals will create fake accounts, sometimes many of them, and use these fraudulent accounts to accrue or transfer loyalty points within or between accounts.

A more recent type of attack is what Shkedi refers to as policy abuse. “This occurs when users, typically legitimate users, violate various business policies to receive benefits or rewards by exploiting loopholes in the system,” he explained. For example, think of when an airline’s frequent flyer program offers 200 free points upon sign-up. A devious customer might take advantage of the signup benefits by opening multiple accounts under different identities, and then transferring all the points to one account for redemption.

No matter which method the criminal employs, the end goal is the same: monetization. Points can be redeemed for money or products. When a hacker redeems the loyalty points for a product, they will typically then sell the product for a profit, thereby monetizing the points. “A common technique that we’re seeing quite a lot is them buying untraceable gift cards and reselling them for 25% or up to 60% of the real value,” Shkedi noted.

Rewards fraud costs companies a lot

The immediate harm caused by loyalty program fraud is the direct loss of revenue. If a hacker redeems points worth $100, for example, the company has theoretically just lost $100. But this type of fraud has a much wider and more detrimental impact than just the immediate losses.

Brands that endure endemic loyalty program fraud often suffer a reputational harm as well. “Negative public perception or reviews translate to lost revenue and diminished customer lifetime value,” said Shkedi. Additionally, these companies will likely have stifled business growth. When companies experience high levels of fraud, it makes them reluctant to expand their programs or offer new services without adequate protection.

Many companies are also spending considerable sums of money on operational costs to fight fraud. A common approach, said Shkedi, is to have manual review teams or fraud investigations, both of which prove costly. Alternatively, a company can invest in expensive fraud tools, which may prove effective, but are often unaffordable for many merchants. As Shkedi put it: “Nearly 50% of merchants in several surveys have indicated that low organizational priorities and the lack of adequate resources prevent them from stopping loyalty fraud.”

Securing the entire consumer journey

The key to stopping loyalty program fraud is to implement layers of protection across all customer touchpoints. “This is critical because loyalty program fraud involves attacks at every stage in the user journey,” explained Shkedi. The protection also needs to be automated and operate in real time, allowing businesses to swiftly identify suspicious behavior.

Another feature of an effective fraud-prevention platform is the ability to detect hidden links in the network, a capability Shkedi refers to as “specialization theory.” A lot of fraud rings are quite sophisticated, with individuals operating on different continents and specializing in specific aspects of the fraud. “It’s amazing and it’s kind of scary, just out efficient and effective these criminal organizations have become,” cautioned Sloane.

For example, a criminal in North America may steal credentials from a victim and send this information to a partner in Europe. The European criminal may be in charge of seizing the account and transferring its loyalty points to a different account, set up by another criminal based in Asia. The third criminal will redeem the points and share some of the value with the rest of the criminal network.

A successful fraud prevention platform needs to be able to identify a complicated network like this. However, many solutions on the market will only identify some of the individuals without tying the entire network together.

Forter’s Loyalty Solution

One effective solution companies could adopt is Forter’s Loyalty Solution. Crucially, Forter’s Loyalty Solution starts its protection at the very beginning of the customer journey. The solution assesses attempts to create an account, determining if it’s a fake account or not.

Once an account is created, it is monitored to ensure that if an ATO attempt is made, the fraudulent activity can be flagged. Then the platform determines the trustworthiness of each transaction or point redemption, and even the user behind it. The capabilities of the platform are summarized below:

  • Transactional Protection: Protects loyalty rewards redemptions from fraud by accurately determining the trustworthiness of each transaction/redemption and the user behind it.
  • Account Protection: Identifies and blocks attempts to create fake accounts, or take over existing accounts to steal points.
  • Policy Abuse Prevention: Prevents financial losses due to exploitation of coupons and promotions.
  • Adaptive Authentication: Returns a fully automated decision—approve, decline or a multi-factor authentication challenge (via SMS/email) —for each touchpoint.

With all these capabilities, Forter’s Loyalty Solution stands out from its competitors. “Forter is in a pretty unique situation,” observed Sloane, because “it’s one of the few payment fraud platforms that has its own edge identity capabilities and follows that customer journey all the way through to disputes.”

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: ForterFraud PreventionLoyalty Program

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    push notification bank

    From Bland to Beneficial: Using Push Notifications to Reach Business Customers

    May 16, 2025
    recurring payments, PCI Compliance for small business, Fintech for Underserved Small Businesses

    Tariffs May Create an Opportunity in Small-Business Cards

    May 15, 2025
    Using the Card “Beyond” Payments to find the Holy Grail

    Using the Card “Beyond” Payments to find the Holy Grail

    May 14, 2025
    Payments Modernization

    Playing Offense and Defense: Why Now Is the Time for Payments Modernization

    May 13, 2025
    Authorization Rates

    Boosting Revenue for Merchants by Optimizing Authorization Rates

    May 12, 2025
    Why Payment Orchestration is the key to international merchant growth

    Ensuring Payment Decisions Pay for Themselves

    May 9, 2025
    cross-border

    As Businesses Reevaluate Cross-Border Relationships, Financial Institutions Can Help

    May 8, 2025
    Nacha WEB Debit Account Validation Rule Verification Solution, Quovo ACH Payment

    The Brave New Future of the Disappearing Account

    May 7, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result