3rd October, 2022
When an account holder, say a frequent flyer program (FFP) member, loses his or her loyalty currency due to an account takeover (ATO), it can be a messy affair to deal with.
Talking about the same during a webinar last week, Pete Barker, Director of Fraud and Identity at SpyCloud shared that when a legitimate customer becomes a victim and informs the merchant about the same, account holders can regain their lost miles or points only to lose them again at times!
Malware (viruses, spyware, ransomware etc.) can be on a device and fraudsters can exploit by stealing sensitive information, make device vulnerable to even more malware and so on. (If the device suddenly slows down, crashes, uses a new default search engine, or displays new tabs or websites you didn’t open or functions in any erratic manner, then it is possibly owing to a malware).
Other than loyalty currency, loyalty programs are luring considering the fact they contain highly valuable PII and successful loyalty data breaches eventually pave way for sale of data, stolen accounts etc. on the dark web.
Key point: Workout a mechanism to instantly verify subscriber logins and signups against billions of already leaked user credentials from 3rd party data breaches. Ensure rapid risk decisions can be made. The team at SpyCloud focuses on using the same data that fraudsters have to combat their moves and this methodology is a way to counter the plan of cybercriminals before they cause any further significant damage.
Poor password hygiene
We are living an era, in which possibly all accounts have been “compromised” or are vulnerable to hacking. As Barker pointed out, the password hygiene is so poor that it is imperative for e-commerce companies/ merchants to handle the situation and combat loyalty fraud by preparing for the same. Considering that complex ATO techniques are emerging, companies have to plan better.
Loyalty Security Alliance’s Co-Founder, Michael Smith highlighted that fraud in loyalty programs can be categorized in a number of ways, and just not includes customers themselves (think of friendly fraud i. e. when members exploit program or promotional rules through gaps or policy violations to illegitimately access program rewards). Other than hackers, own employees might break the rules. Smith referred to the significance of prevention, detection and remediation.
Recommendations:
- As Comarch recommends, first initiate with evaluation of networks, devices, applications, and employee behaviour, and then adapt resources for constant mitigation. Gear up for a risk-based protection strategy.
- It is time, as Smith says, for marketers or loyalty program managers to gain a better understanding of what goes into a security protocol and defence mechanism to take better steps to curb loyalty fraud.
- Enhance B2C authentication security of applications with zero additional user friction.
Ideally it shouldn’t reach a stage where a merchant has to deal with ruffled customers, who have suffered owing to ATO or a data breach. Dealing with such customers, according to those who know what it’s like, tends to be a messy affair.
By Ritesh Gupta, Ai Events
