Frauds in loyalty programs. What are they and how to counter them?
As the popularity and scale of loyalty programs grows, so does the threat of various types of fraud. Frauds and scams have a negative impact on the good functioning of the program, reducing its attractiveness in the eyes of customers. Detecting and countering fraud is becoming one of the main challenges facing loyalty program organizers. Unfortunately, for many companies, protecting against fraud and scams is a low priority. Despite the increase in rewards program fraud, 42% of vendors say they don’t have the skills and nearly 50% don’t have the resources to prevent it. What are the most common scam methods and how can they be countered?
1. Data falsification
Data falsification is one of the most popular methods of phishing for rewards in loyalty programs. Often, loyalty programs already offer attractive benefits just for joining – a discount on the first purchase or free coffee. Instant access to a reward at the start acts as a magnet for scammers. Customers take a few minutes to join the program and can even create new accounts every day, just to receive a freebie.
Another equally common situation of data falsification is giving a false date of birth in order to have faster access to a special birthday offer. This problem can particularly affect companies that have already expanded their loyalty program to include a birthday benefit. Then it turns out that a disturbingly large number of registered customers edit their date of birth, or many new customers join the program with a close birthday, just to get the benefit as quickly as possible.
One way to counteract the mass creation of false accounts is to change the way people register. More and more companies are moving away from identifying themselves with an e-mail address to providing a phone number, which is theoretically assigned to a specific person. It turns out that it is possible to find some workarounds in this case as well – on the Internet you can find services that “rent” a phone number for minutes, which allows the customer to register for the program and appropriate the reward. Companies are trying to deal with such scams, using solutions like reCAPTCHA, among others. Additional authentication improves the security of customer accounts. At the same time, however, requiring customers to go through additional steps can be annoying and affect the program experience.
Above all, monitoring, reporting and well-written rules and regulations outlining actions to be taken in case of fraud are essential. Companies need to be constantly on the lookout for any anomalies – the closer you get to winning an award, the more vigilant you need to be.
2. Impersonation of other users
With increasing customer expectations, loyalty programs are becoming increasingly personalized, with offers in them limited and assigned to a specific user. At the same time, brands are striving to simplify the use of the loyalty program, so more and more often, in order to take advantage of available offers, all you have to do is give the seller your phone number. It is no longer necessary to search through your wallet to scan a plastic card. Unfortunately, this allows fraudsters to impersonate other people and take advantage of other people’s offers in the program by using someone else’s phone number.
Protection against fraud is to create additional security mechanisms. One way to do this is to require the offer to be activated in the app in advance. However, loyalty program organizers must take care to maintain a healthy balance between security and a good experience for the average, honest user.
3. Rewards for returned purchases
In some cases, the occurrence of a loophole may depend on business decisions. This includes the reward of a cashback for purchases of a certain amount – a typical mechanism for a 10% refund on subsequent purchases for spending $500 or $1,000. If cashback is charged immediately, dishonest customers return the purchased products and thus shell out a free shopping discount. Customers expect an immediate reward, so postponing the accrual of cashback over time will not necessarily be a favorable solution. The solution to this problem may include charging the discount immediately after the transaction, but reserving the use of the cashback after the deadline for returning the products has passed. Unfortunately, this involves a certain limitation for honest customers who do not intend to return products and would like to use the discount as soon as possible.
Often cashback and customer service systems do not integrate all information regarding at least the product purchased, the return made, the rewards given in one place. The system may not have access to the information that a benefit was attached to the product, so a customer making a return is left with an available reward. Fortunately, fewer and fewer companies in the market allow such a loophole, but unfortunately there are still some organizations for which the implementation of advanced solutions in this regard remains a challenge.
4. Employee fraud
Sometimes the problem of fraud occurs directly within the company. This mainly concerns cashiers who do not ask customers for loyalty cards and instead use their own accounts to record transactions made. In this way they illegally gain points or other benefits. Employees deliberately register the purchases of others on their accounts in order to have faster access to rewards and more favorable benefits.
In such a situation, the solution is to prepare a report analyzing the number of transactions registered is one day on individual accounts. If we notice a clear anomaly – on one account we see dozens or hundreds of transactions registered in one day surely something is wrong. Although this is a seemingly small and simple to identify fraud, some companies continue to ignore the problem, risking customer dissatisfaction when they realize that their points are being appropriated by a store employee.
Sometimes fraud also occurs among those employed on the system side. The foundation of security in the use of tools by employees is to link each operation performed like granting discounts, adding points or extending the validity of a reward with a specific person. The organizer must ensure accountability, so that each operation in the system is assigned to a specific employee (manager, developer, analyst), so that they too do not abuse their powers. To nullify any temptation for fraud from the loyalty program tool, employees should be constantly made aware of the security systems used in the company.
5. Organized hacking attacks
In extreme cases, fraud in loyalty programs can take the form of organized hacking attacks. Hackers may look for security vulnerabilities in loyalty programs, such as software bugs, poor server configurations or out-of-date software, thereby gaining unauthorized access to the system. A cybercriminal can falsify transaction information, accrue additional points or add fake purchase confirmations to obtain additional discounts.
The main safeguard against hacking attacks is to schedule systematic reporting. Monitoring activity related to suspicious logins or attempts to access unauthorized functions can help detect an attack early enough. It’s also a good idea to develop an incident response plan that outlines action steps – how to respond quickly, how to notify customers and how to restore normal system operation.
How to protect against fraud?
Frauds can actually occur in any loyalty program. Increasingly, even an objectively low-value benefit is already becoming a temptation for fraudsters. The basis for protection against fraud is, first of all, an experienced partner in the operation of loyalty programs, who, based on many years of operation in the market, knows in what situations threats can occur and how to effectively counteract them. One equally important security element is a good loyalty program’s rules and regulations, which specify actions to be taken against those who do not comply with them.
Countering fraud is a continuous and ongoing effort, so managers need to monitor any deviations from the norm on an ongoing basis. Current CRM systems are equipped with technologies that allow the creation of rules for identifying fraud, thus minimizing the degree of threat. This ensures that the manager is notified of any suspicious activity. Fraud detection should take a proactive turn in the company – loyalty program organizers should be aware of possible fraud and react to suspicious activity and any deviations from the norm.