Consumers expect a personalized experience from brands, and a majority now expect a brand to have a loyalty program offering. But when it comes to sharing the data needed to power those experiences, there is an ever-increasing concern from consumers about opening themselves up to fraud.
According to a Forbes magazine article, fraud is eroding the customer experience, with the majority of Americans – upwards of 90% − concerned about fraud increasing in their daily activities.
Loyalty programs are designed to enhance the customer experience, building engaged communities of consumer advocates. But that community feel is disrupted when a member’s points or miles fall victim to hackers, jeopardizing the all-important trust in that relationship.
“On almost a daily basis, consumers hear stories of data breaches and the exposure of personal information,” says Jon Siegal, Senior Vice President for Global Loyalty Solutions at Cheetah Digital. “Despite the drumbeat of fraud incidents, consumers willingly share their personal information with brands they trust and if they perceive a positive value exchange in return for them sharing that information.”
Questioning the Need for Sharing Data
Paige Schaffer, CEO of Global Identity and Cyber Protection Services at Generali Global Assistance, says they have seen a turning point where many consumers have begun to question the need for sharing certain pieces of personally identifiable information (PII), and it’s a shift they are happy to see.
“Simply handing over data when it’s not truly necessary was a bad habit that businesses seem to have encouraged,” Schaffer says. “The more data organizations hold, the bigger the prize for hackers, however, and bigger gains are going to be targeted more.”
Schaffer highlights the need for consumers to always be thinking about whether or not the information they’re providing to a business is required, or will enhance their relationship in any way. If not, then don’t provide it.
While over 80% of consumers consider their points equivalent to cash, the majority of them don’t check on their points balances on a regular basis, according to Samuel Barton and Cecily Raiborn, in a Strategic Finance article.
Barton and Raiborn also point to the surprising statistic that approximately one-fifth of loyalty program members have never redeemed any points – leaving large balances that are vulnerable to fraudsters.
Fraud Affects Customer Experience
Siegal says that any instance of fraud will have an effect on customer experience.
“Fraud impacts trust and creates a negative customer experience,” he says. “Consumers will take their business away from brands they don’t trust to ones that demonstrate they are trustworthy by acting as responsible caretakers of the consumer’s personal information.”
Paige Schaffer of Generali Global Assistance says that, since fraud is almost always a result of stolen data — and if an organization is responsible for that specific data being compromised such as in a data breach or other security incident — this can negatively impact customers’ trust.
“However, we must also recognize that it’s often very difficult to pinpoint the actual cause of fraud today,” she says. “Most customers’ information has been part of numerous breaches, and the resulting fraud is hard to link directly to one incident.”
According to Schaffer, sometimes it’s actually the combination of a few different breaches. For instance, in order to commit tax fraud, an identity thief needs several pieces of data, which they can piece together from multiple different data dumps on the dark web to create a holistic identity with which they can commit such fraud.
“Nonetheless, breaches of customer data deteriorate the customer relationship,” Schaffer points out.
Balances That Go Unmonitored
A New York Times article identifies loyalty points, sometimes with large accumulated balances and often unmonitored, as “almost a honey pot for hackers,” according to Kevin Lee, a risk expert for the digital security firm Sift.
Even veteran loyalty programs, like Bonvoy (the new iteration of Marriott Rewards), have fallen prey to increasingly agile hackers. The company’s most recent data breach exposed up to 5.2 million customers’ personal information, including their loyalty rewards numbers.
At last measurement, it is estimated that consumers accumulate close to $50 billion annually in loyalty points and miles, tempting hackers who look to capitalize on accessing these balances.
Siegal says both consumers and businesses shoulder the burden of fraud prevention, however, more of the burden falls to the business.
“Consumers have a limited set of best practices to mitigate fraud such as protecting their login credentials and monitoring their account activity,” he says. “Businesses on the other hand must create an environment that includes security best practices, fraud detection and transparency for how customer information is protected and used.”
Both Members and Program Operators Need to be Diligent
Eric Favaloro, who is responsible for managing Comarch’s loyalty clients in the United States, says that, when it comes to loyalty, fraud prevention is only successful when both the members and program operators are diligent in checking their own respective activity and searching for anomalies.
“From the brand’s perspective, it’s becoming increasingly essential to implement loyalty fraud mechanisms and identifiers, as well as staying up to date with industry best practices and current trends among fraudsters,” Favaloro says. “It’s no secret that brands are leveraging their loyalty programs to take advantage of the tremendous value that they provide. But of course, where there is value, there will be hacking attempts.”
Favaloro adds that a brand’s efforts are only effective if the program members are active and aware of what is happening within their accounts. Similar to fraud cases within major credit card companies, he says the algorithms are in place to identify suspicious activity – whether based on spending history, location, price, merchant, etc. – but sometimes there are transactions that fall through the cracks.
“It’s important credit card holders actively check their statements to ensure all of their charges look legitimate,” Favaloro says. “And when speaking about loyalty fraud, the expectation should be similar, with the main brand operator bearing some responsibility but certainly not all of it.”
Schaffer points to the need for consumers to advocate for themselves and seek out their own protection, knowing that consumer education plays a significant role in fraud prevention.
“Businesses should be doing all they can to protect their customers’ information, but they can do little to ensure other organizations and businesses are implementing the same type of security measures,” she says. “Thus, consumer data will still always find its way into bad actors’ hands – that is, if consumers rely solely on organizations. Savvier consumers will know that some data is best left unprovided and they’ll practice better cybersecurity measures throughout their day-to-day lives.”
Implementing High Levels of Security
Siegal says that, traditionally, loyalty program fraud has been perpetrated against the brand with fictitious accounts, employee abuse and gaming return policies and less so against individual consumers. He says that, going forward, brands need to implement the same high levels of security and fraud monitoring around their loyalty programs that they have around their ecommerce platforms and IT infrastructure.
“Brands need to be proactive and communicate to their customers how they are protecting their personal information and loyalty program benefits,” Siegal says.
Schaffer says that loyalty programs will always be particularly vulnerable because they don’t seem to get the same amount of security focus that more sensitive accounts do.
“Overlooked, but valuable, platforms such as these are easy targets for cybercriminals,” she says. “Loyalty program administrators should be building security into the brand’s essence. By incorporating an element of cybersecurity into who they are as a brand, and truly demonstrating this within their organization, will help to cultivate the very thing their program is trying to achieve – greater trust and loyalty.”
While fraud is becoming more prevalent, Favaloro says it probably won’t serve as much deterrent from consumers sharing their data within the context of loyalty programs. As long as there is a value proposition and consumers feel that they will be able to benefit from joining a loyalty program and sharing their data, he says they will continue to do so.
“Most people own multiple devices in today’s connected world, so consumer data is already being harvested on a continual basis,” Favaloro says. “In theory, this data is gathered for the consumer’s benefit; if it’s known which websites and apps you visit, and what you do while on them, it will be easier to tailor marketing messages based on your specific interests. Still, consumers should be mindful and weigh the potential risks against the rewards of sharing certain data.”