Loyalty program fraud and promo abuse - an easy fix
Loyalty program fraud and promo abuse is a major problem, but there is an easy fix with advanced fraud solutions.
If we were to ask a room full of 100 people the question, ‘How often do you check your bank balance?’ We would see that the majority keep tabs on their accounts on a daily or at least frequent basis. But if the same question were asked about loyalty program points, an air of uncertainty would hang over the room.
The reality is loyalty program fraud is not taken as seriously as it should be by customers due to a perceived lack of value assigned to points.
Ask the same group if they consider promo abuse an act of fraud or simply an act of taking advantage of loopholes; opinion would be divided. What is certain is that both of these types of fraud can have a major financial impact on any eCommerce merchant - but they can be prevented.
How are loyalty schemes and promotions targeted by fraudsters?
The majority of e-commerce platforms aim to have a loyalty scheme in place to entice regular customers to return to their online shop and continue making purchases.
The concept is fairly simple: customers buy products, and based on the amount spent, they receive points that can accumulate over time (provided more purchases are made).
These points can later be used to purchase various goods and services. However, while merchants aim to prevent fraudulent activities against regular payment methods, many do not afford the same protection against the theft of loyalty points.
Fraudsters are fully aware of this and are prepared to take advantage of this oversight. In certain cases, platforms' lack of action enables fraudster activities in this area.
A typical fraudster will aim to gain access to a customer’s loyalty program account through an account takeover (ATO), either through social engineering methods or phishing tools.
A fraudster will prefer to remain under the radar of any merchant anti-fraud systems in place, therefore, a ‘dormant’ account is the perfect target - customers rarely check them or have simply forgotten they possess one.
For a fraudster, gaining access to an account is like a bear finding a beehive full of honey! Especially when the true owner isn’t aware of suspicious activities taking place and is unlikely to discover it as they rarely (or ever) check such accounts. The fraudster can then create many fake accounts and transfer loyalty points between them, trying to disperse them before potentially being discovered.
Promo abuse scheme
Promo abuse is much easier to perform, not requiring sophisticated hacking tools but just the willingness and time to take advantage of loopholes in merchants’ internal rules and regulations. Just like with loyalty points, merchants will try to encourage existing and potential new customers to make purchases, either with discount codes or rewards for signing up for their service with a new account.
A typical sign-up offer may be to receive a free bet on a gambling website or a free 1st ride with a car ride service. Sign-up referral codes can be exploited to gain credit/points and even gift vouchers. Of course, such offers are great, and what makes this type of fraud so harmful to a merchant’s finances is that it’s not only taken advantage of by cybercriminals, but by normal individuals who simply wish to get themselves a good deal.
Everyone loves a freebie, right? And it can be as easy as one individual or household signing up for multiple accounts using different names through numerous email addresses.
Who is affected by loyalty fraud and promo abuse?
High stakes and rewards
Surprisingly, some big global brands have been affected, and these are problems not unique to one industry or sector. Some of those with loyalty programs to be affected have included:
- Airlines across the world that have air miles and loyalty points. The majority of big airlines, including American Airlines, British Airways and Lufthansa have dealt with this problem.
- Banks such as American Express with Amex points and its payback program.
In terms of promo abuse, the most common industries to be affected by sign-up promotions have included:
- Car-ride services such as Uber. The 1st ride is free, but in 2014, promotions were famously taken advantage of by one user who shared a referral promo code on Reddit for people to sign up, gaining him $50,000 in free credit.
- Food and beverage companies such as HelloFresh offer home-cooked meal packages, with the 1st meal being free upon sign-up. Everyone loves free food...
- The betting industry experiences problems with new users being offered a free 1st bet with multiple accounts used for sign-up by individuals.
Financial systems are regulated, loyalty and promo schemes are not
Whereas national and international financial institutions seek to maintain a highly regulated system, the result is that money is generally well protected - by governments and banks, etc. Where regulation does not have a hold are the points and various promotions that provide a financial value but are not, by definition, monetary. Fraudsters continually search for the best methods and techniques to earn money as quickly as possible and as easily as possible.
The mainstream media image conjures up an image of highly skilled hackers going after high-value and risky targets, but the reality can be somewhat different. The professionalization of cybercrime tools and techniques has resulted in a fairly easy way for fraudsters to succeed in their attempts. Loyalty and promo schemes are therefore seen as a soft touch that can lead to big gains.
No merchant should ignore the threat, although many choose to, as they are more concerned with ensuring customers are loyal and continue purchasing on their site. However, damage to reputation can have a major impact if the company acknowledges that it has not effectively prevented the problem, let alone taken it seriously. However, there are relatively easy options to prevent loyalty and promo fraud - easy but also advanced and very effective.
Weed out bad users by analyzing behavioral patterns
Merchants can introduce some internal processes to better record and monitor the levels of loyalty fraud and promo abuses taking place. Knowing the scale of the problem is half the problem, effectively dealing with it is the other. Some basic regulations for points and promotions can be introduced, which can be:
- Prevent accounts from accruing a huge amount of points in short spaces of time,
- Limiting the transfer of huge amounts of points to other accounts - and frequency of transfers.
- Setting expiry dates to limit the vast accrual of points.
- Flagging mismatches between expected and actual points/promo usage, for example, an account that has remained dormant for a long time has all of a sudden begun redeeming and transferring points.
- An altogether simpler approach can be to simply regularly inform customers via email to check on their accounts - education is always key in beating fraud.
Dealing with loyalty fraud and promo abuse can be done manually with the right procedures and checks in place, but of course, this can be a lengthy process, yielding fairly poor results. The sheer volume of data required to be sifted through can be overwhelming, which is why an automated solution is required. With Machine Learning (ML) backed models, thousands of pieces of data can be analyzed in real-time, effectively identifying suspicious patterns of behavior that indicate a high probability of fraud.
Indicators can be the use of multiple email addresses coming from the same IP address (and physical home address) being used to create new accounts to take advantage of sign-up promotions. Although this doesn’t necessarily have to be the actions of a seasoned or newbie cybercriminal, the scale of such actions by so-called ordinary users can financially impact a merchant.
Therefore, deploying an effective fraud detection and prevention solution not only ensures that you prevent cybercriminals from defrauding you or your customers, but you can improve the integrity of your loyalty schemes and put an end to promo abuses. And with such an effective solution in place, the company's reputation improves. With that, you have a win-win situation, ensuring customer loyalty and satisfaction - the whole point of loyalty schemes and promotions. But now you can ensure this in a fraud-free environment.
If you wish to prevent loyalty program fraud and promo abuse in your business, get in touch with us.
