We report frequently on the subject of loyalty fraud for two main reasons. 1) Because maintaining the integrity of a loyalty program for the sake of your member's confidence and security is just as important as doing so for bottom line integrity. 2) Because loyalty fraud keeps happening. A lot.
If you were able to catch our latest Loyalty Newswire, we quoted a recent article from Forbes that contained an alarming statistic: "Travel sites are the new target of choice for cybercriminals looking to take over users accounts - called account takeover, or ATO attacks — and steal loyalty points. It's a big business, with huge sums of money exchanged annually. According to our most recent data looking at tens of billions of daily interactions with websites and mobile apps, ATO attacks are up 65% year-over-year in 2019.”
There are several factors encouraging this trend but beyond the reasons why, it has become clear that because loyalty program operators are the gatekeepers of their member's data (and thus, their confidence), not proactively addressing this issue is no longer an option. The stakes are just too high. (For reference, at the bottom of this post, you’ll find a list of several other pieces we have published on the topic of loyalty fraud).
And though we continue to report on breaches and fraudulent activity, there is something of a glimmer of hope in our industry. The Loyalty Fraud Prevention Association (LFPA) was formed to provide thought-leadership, policy, education, and tools designed to create a collective rampart against fraudsters.
In their words, the objectives of LFPA are to provide the companies/organizations that are running or are involved in running a Loyalty Program with a platform that will do the following:
- Provide a central resource for professionals with responsibility for loyalty and loyalty fraud prevention (a membership directory will be provided)
- Establish and share best working practices – fraudsters are not brand loyal and will attack wherever they find a weak link
- Set-up an online chat forum (for accredited and recommended members only) to discuss all issues on loyalty fraud (schemes used, trends, alerts, etc.)
- Establish a central online database of known fraudsters
- Provide training on fraud prevention
- Provide training of how to secure/protect loyalty programs
It's an ambitious - and much needed undertaking.
The LFPA's recently held Spring Conference in London, produced a number of presentations which detailed the trends, specific vulnerabilities and defense strategies to help loyalty operators maintain the integrity of their data pools. We consider this critical reading for our industry. Those presentations are available to download here.