Loyalty fraud is the deceptive practice of stealing or misusing loyalty program rewards or points, or airline miles, often by way of account takeovers, the creation of fake accounts, or through loyalty point resale. With account takeovers malicious actors gain access to a user's loyalty program account and then abuse a member’s rewards. With fake accounts, fraudsters may create multiple accounts to accumulate points fraudulently or use fake identities to exploit promotional offers.
This type of fraud can affect airlines, hotels, retailers, and any other businesses offering loyalty rewards, with losses often amounting to millions.
How does loyalty fraud work?
Loyalty programs require account registration to help monitor, personalize, and protect customer activities. However, fraudsters can exploit these systems by creating fake accounts or gaining unauthorized access to legitimate accounts through email phishing, password cracking, or by buying stolen credentials on the dark web. Once inside, bad actors can manipulate transactions, transfer, redeem, or even sell rewards for personal profit, ultimately undermining the program’s integrity.
What are examples of loyalty fraud attacks?
Common examples of loyalty fraud methods include the following:
- Account takeover. Fraudsters use stolen credentials, sometimes in automated credential stuffing attacks, to access and exploit legitimate customer loyalty accounts. Once malicious attackers gain access to these accounts with member rewards, the attackers can manipulate transactions and redeem or transfer rewards.
- Fake account creation. Scammers create multiple fake accounts to accumulate and exploit rewards and incentives fraudulently.
- Phishing scams. Bad actors leverage fake websites or email messages to trick loyalty program customers into providing their login credentials, which are then exploited in account takeover attacks.
- Program abuse.Malicious loyalty program users exploit loyalty program rules and loopholes to generate or redeem more rewards than allowed. Examples include rebooking and canceling services to earn extra points and exploiting family or group pooling options.
How does loyalty fraud create issues for businesses?
Customer loyalty is essential to the success of online businesses, and effective fraud prevention is crucial to the longevity of loyalty programs. Loyalty fraud not only erodes customers’ trust in the safety of these programs, which discourages participation, but also drives up operational costs given the direct financial cost of fraudulent redemptions and the ongoing costs of fraud mitigation.