To generate revenue and foster customer loyalty, many businesses, including retailers, airlines and credit card companies, create loyalty and reward programs. Such programs can help companies attract and retain customers, but they may also be subject to fraud and abuse.

ATO risk

Loyalty programs are particularly vulnerable to account takeovers (ATOs). In these schemes, a criminal assumes control of a customer’s loyalty or rewards account and monetizes it. The thief redeems points for goods and services for personal use or sells them on the black market. These days, the information usually ends up on the dark web.

ATOs often are successful because many loyalty programs lack the robust fraud controls and dedicated teams of investigators to prevent and investigate them. Often, companies don’t understand the extent of fraud and abuse taking place in their programs to justify the investment.

3 steps

To help minimize fraud risk and limit financial losses, consider taking the following steps:

1. Conduct a risk assessment. Review your loyalty program’s terms and conditions, structure, and activity to ascertain the potential for fraud and abuse. Think about engaging a suitably qualified fraud professional with experience evaluating loyalty programs to guide your efforts. 
2. Gather and analyze historical losses. Establish a central location for employees to report fraud and abuse. Dissect each loss to identify its root causes and develop a list of potential control failings for remediation. And, if you don’t already have one, establish an anonymous hotline for employees and customers to report suspected fraud.
3. Evaluate technology solutions. Use the results of your risk assessment and historical analysis of losses to pinpoint potential weaknesses for technology to address. For example, technology can help authenticate customers to prevent ATOs. It can also monitor transactions for activity indicative of fraud. 

Watch your customers

Although ATO schemes involving criminals are common, your company can’t overlook the potential for legitimate customers to abuse your loyalty program. For example, customers may redeem points, then deny doing so and ask you to credit their accounts. Sometimes unethical customers sell their points to online brokers and deny having done so when challenged. Customers could also open multiple accounts under their own or assumed identities to receive new account sign-up bonuses.

Finally, don’t overlook the fact that employees may compromise loyalty accounts. Make sure managers are aware of the possibility and keep an eye on workers with access to the accounts.

Maintain strong security

If you suspect a widespread fraud problem with your loyalty program, seek professional guidance to devise controls to limit thefts and losses.

(This is Blog Post #1041)