Ai Editorial: It is time for marketers or loyalty program managers to gain a better understanding of what goes into a security protocol and defence mechanism to take better steps to curb loyalty fraud.
23rd August, 2021
It’s not about becoming an IT or security expert, but if a loyalty program manager asks a better question, they will get a better answer!
This is what Michael Smith underlined during a webinar hosted by LSA last week. He said by knowing the IT colleagues better, program managers can also better understand vulnerabilities and audit to help prevent data security issues.
Smith shared five tips to strengthen the security of a loyalty program:
- Data security is not just the job of your IT department: When one thinks of passwords, firewall, encryption etc., all of this is associated with security and the role of the IT team comes to the fore. Data security is about valuable and sensitive customer information, then the tech part is certainly best handled by them. But as program managers they are the ones who are engaging with customers to generate that information. “IT looks after storing it securely. But as managers you are creating information exchanges – from garnering data about flights and stays to sharing sensitive PII to 3rd parties for redemptions. IT does look at protecting the database and related factors. But it is not only their job to be concerned about breaches,” he said. “Other than prevention, also look at detection (denying access to an account for example) and then remediation (to set it right again if something bad happened). IT looks at prevention at the corporate level, ensuring that the data hacks witnessed at BA, Marriott Rewards, Hilton etc. all of which are in the public domain are minimised. But they can’t do that job alone, which is why as program managers, thinking about data security is not just for them, but for you too, considering the significance of all it as an asset.”
- Get to know your IT colleagues: Referring to the example of Qantas, he referred to a role of an executive and shared – the cyber function focuses on embedding a holistic Cyber Security Culture across the business. For this, people from all parts of the business need to know each other. Also, understand where departments are coming from. “Try looking at things from their side,” said Smith.
- Learn about ways to get into a system: “There are myriad of ways in which a system can be compromised. And the IT colleagues can explain related aspects in detail,” he said. The mishaps are about one getting into the complete database at the corporate level and the second is individual account takeover (ATO). And the two aren’t un-related. Post a massive hack, this can result in takeover of individual accounts. Another way in is called SQL injection (compromising coding to get into a database). Again, IT colleagues can elaborate on the same. Smith also explained other issues like credential stuffing.
- Good program design and security: It is not just about actual software program but what you offer to your customer. When a program manager works on any feature for customers, understanding the security implications as well. Work out an audit of all of your systems, look at ways to spot flaws in the system. In case of member sign ups, if there is a sudden rush, say from a market where the airline or the FFP isn’t marketing actively, here a KYC process can help in spotting fake accounts.
- Good customer communications about security: A program engages customers, highlighting what all it has to offer. Some program managers think talking about security isn’t good for the business. But research has indicated that customers think negative about a brand/ program if decent data security measures aren’t in place. “IT colleagues along with loyalty platform suppliers can advise how to make data security processes as seamless, frictionless for customers,” suggested Smith.
By Ritesh Gupta
Ai Team
