Loyalty fraud: How real is the threat?

July 14, 2020
3 minute read
Sydney Green
Sydney Green
Cybersource | Sr. Director, Risk Product

Fraudsters who successfully take over customer accounts will take anything in them that has immediate or resale value—and that includes loyalty points and rewards. Learn how to prevent this behavior.

The impact of loyalty programs

In the previous blog post in this series, we discussed how fraudsters exploit stolen credentials to take over customer accounts, and looked at the impact such attacks can have on a business and its customers. 

A loyalty program is a great way to strengthen customers' relationships with your brand, maintain communications with them, and keep them coming back.  Airlines and hotels led the way to create successful loyalty programs with programs that allowed customers to collect points and exchange them for free flights, rooms, and upgrades.

Today, businesses of all stripes run loyalty programs—from coffee shops and quick service restaurants offering the tenth coffee or pizza for free; to supermarkets and clothing stores that convert accrued loyalty points into shopping vouchers. Whatever the deal, it's clear that loyalty programs are popular with consumers of all ages: 40 percent of millennials and baby boomers and 44 percent of Generation X make purchases that earn rewards or benefits several times a week.1

According to Mordor Intelligence, the global loyalty management market was valued at $3.2 billion in 2019, and is expected to reach a value of $11.4 billion by 2025.2 With sums like these at stake, it's easy to understand why loyalty programs are a target for fraudsters. So if your business runs one, you need to understand the potential impact of loyalty fraud, and how to mitigate it.

What's the impact of loyalty fraud?

Because loyalty fraud is often part of account takeover fraud, which involves a fraudster logging in to customer accounts using legitimate credentials, it can be challenging to spot. You need to be able to recognize the types of behavior that may indicate loyalty fraud, to avoid consequences like these:

  • The financial impact of reimbursing customers whose loyalty points are stolen
  • The additional financial impact of any inventory losses
  • Loss of trust in your brand caused by loyalty fraud, which can lead to customer attrition and loss of future revenues
  • Negative publicity arising from loyalty fraud, which can lead to reputational damage

What are the signs to look out for?

An obvious indicator is customers reporting loyalty point theft and loss to your customer service desk. You should ensure there's a clear channel for communicating these reports to your fraud management team for action. Bear in mind, however, that customers don't always check loyalty point balances regularly, and may be reporting losses that took place days or weeks before.

Other indicators of loyalty fraud include unusually high rates of points being purchased, redeemed, or transferred between accounts—especially transfers from multiple accounts into a single account. These "receiving" accounts may be set up using fake or synthetic identities, so you also need to understand the typical behaviors associated with their creation.

Generally speaking, traditional fraud screening tools focus primarily on transactions that involve payments being made to a business, and therefore don't protect loyalty points. Further, they tend not to include capabilities for identifying fraudulent account login, update, or creation. 

Until then, you can find out more about how Cybersource can help you guard against loyalty fraud here.


1"The Truth About Customer Loyalty (2019 Customer Loyalty Report)," KPMG,  2019.
2"Loyalty Management Market — Growth, Trends and Forecasts (2020–2025)," Mordor Intelligence, 2019.