To generate revenue and foster customer loyalty, many businesses, including retailers, airlines, and credit card companies, create loyalty and reward programs. Such programs can help companies attract and retain customers, but they also may be subject to fraud and abuse.
ATO Risk
Loyalty programs are particularly vulnerable to account takeovers (ATOs). In these schemes, a criminal assumes control of a customer’s loyalty or rewards account and monetizes it. The thief redeems points for goods and services for personal use or sells them on the black market. These days, the information usually ends up on the dark web.
ATOs often are successful because many loyalty programs lack the robust fraud controls and dedicated teams of investigators to prevent and investigate them. Often, companies do not understand the extent of fraud and abuse taking place in their programs to justify the investment.
Three Steps
To help reduce fraud risk and limit financial losses, consider taking the following steps:
1. Conduct a risk assessment: Review your loyalty program’s terms and conditions, structure, and activity to ascertain the potential for fraud and abuse. Think about engaging a suitably qualified fraud professional with experience evaluating loyalty programs to guide your efforts.
2. Gather and analyze historical losses: Establish a central location for employees to report fraud and abuse. Dissect each loss to identify its root causes and develop a list of potential control failings for remediation. And, if you do not already have one, establish an anonymous hotline for employees and customers to report suspected fraud.
3. Evaluate technology solutions: Use the results of your risk assessment and historical analysis of losses to pinpoint potential weaknesses for technology to address. For example, technology can help authenticate customers to prevent ATOs. It also can monitor transactions for activity indicative of fraud.
Watch Your Customers
Although ATO schemes involving criminals are common, your company cannot overlook the potential for legitimate customers to abuse your loyalty program. For example, customers may redeem points, then deny doing so and ask you to credit their accounts. Sometimes unethical customers sell their points to online brokers and deny having done so when challenged. Customers also could open multiple accounts under their own or assumed identities to receive new account sign-up bonuses.
Finally, do not overlook the fact that employees may compromise loyalty accounts. Make sure managers are aware of the possibility and keep an eye on workers with access to the accounts.
Maintain Strong Security
Contact us for help assessing the security of your loyalty program. If you suspect a widespread fraud problem, we can develop controls to limit thefts and losses.