When creating new programs to entice consumers, companies must be careful not to attract fraudsters too, remembering that comprehensive fraud measures can protect both consumers and companies alike
Pioneered by the airline industry in the 1980s, modern loyalty and rewards programs are increasingly leveraged by organizations across the globe. Ideally, these programs encourage a mutually beneficial relationship between buyers and sellers in which both parties receive incremental value. Typically, organizations use reward programs to offer consumers rewards, in the form of points, miles, or status, in exchange for their business.
The consumer in turn benefits from these rewards as they can redeem or spend their points or miles like currency for products, savings, or experiences. At the same time, retailers benefit from a more engaged consumer who may be more likely to increase their purchase frequency, value, or both. As organizations compete to differentiate themselves, rewards program use has grown in both application and sophistication.
What is rewards fraud?
Not surprisingly, consumers have demanded that reward programs continually evolve to be easier to use, faster, and more worthwhile. Unfortunately, these improvements for consumers also give fraudsters new avenues to exploit.
Assessing the value of rewards programs in a similar way to how a consumer does, fraudsters often view rewards as worthy to steal because they are accessible, valuable, and increasingly liquid. In practice, fraudsters attempt to infiltrate valid customers’ accounts and convert the rewards into another liquid asset. These assets are commonly ACH deposits, gift cards, travel, or peer to peer transfers. (Although rewards fraud can refer to multiple fraud types, third-party rewards fraud is the exclusive focus of this article.)
Further, fraudsters may target rewards programs because they may be more attractive than other types of fraud simply because consumers check their reward accounts much less frequently than they do their other financial accounts. Because of this, consumers are less likely to identify fraudster activity if it is within a rewards program in a timely manner.
Due to the account information required for a fraudster to infiltrate a rewards account, many of these fraudster breaches are recognized as full account takeovers, which can be especially costly to organizations because the losses are threefold. One, the organization must spend time wholly safeguarding the breached account and collaborate with the customer to reset usernames, passwords, and ensure that no other funds were stolen. Two, the organization will likely have to refund the fraudulently used rewards back to the customer. And three, due to this poor customer experience, the consumer is likely to spend less, disengage, and may even quit, ultimately resulting in a diminished organizational reputation.
Why rewards programs fraud is growing
Similar to other types of fraud, the reward fraudster aims to accomplish three goals:
They want to remain undetected to effectively steal the target’s rewards and liquidate them for the fullest value — Fraudsters are aware that depending on how they use the rewards, the whole redemption process can be instantaneous or span several weeks. Thus, fraudsters target the fastest redemption options.
The fraudster looks to convert the stolen rewards to the most efficient asset — According to the terms and conditions of each reward program, specific redemption options or avenues may yield different values for the rewards. For example, 1 reward point may be worth 1 cent if redeemed into a gift card; however, if points are redeemed towards travel, the 1 reward point may be worth 1.5 cents. Fraudsters are acutely aware of this value spread and often target the redemption options that will yield the largest face value.
Fraudsters aim to redeem the rewards into a liquid asset — Even if they target a high-face-value redemption, if it is difficult to liquidate, the relative value for the fraudster’s effort is low. Thus, fraudsters aim to steal and use rewards most quickly, for the highest face value, and towards the most liquid redemption options.
Rewards fraud has increased dramatically over the last decade with estimates ranging between $1 billion to $3 billion in global fraud losses annually. This escalation may be attributed to two factors: i) as more companies offer rewards programs and these programs themselves become larger and more popular, the potential target population grows too; and ii) organizations have steadily strengthened their fight against more traditional types of fraud including transaction, check, and new account fraud, rewards fraud may be an easier play. In fact, as fraudsters hit more friction when attempting traditional financial frauds, they increasingly may shift their efforts towards the comparatively less mature reward programs.
Though unique in form, rewards programs fraud may be combatted by scaling existing fraud risk mitigation methods. Because reward fraud is often recognized as account takeover fraud, organizations should first fight it at the source — customers’ account login.
While this may add friction to consumers’ experience, stronger authentication options — such as one-time passcodes, multi-factor authentication, device fingerprinting, or biometric authentication — may provide meaningful deterrence to rewards fraud. Further, post-login validation can be used to continually ensure the logged-in user is valid and acting as expected.
If organizations can leverage these fraud-fighting methods that are successfully used in other areas of fraud, they may take the first step to curtail their rewards fraud losses.
You can find more about business fraud here.
