Loyalty fraud prevention and how to protect digital accounts
Loyalty and rewards programs can increase spending and improve brand loyalty. Businesses can incentivize small acts like repeat purchases, sharing content on social media, and referring new customers. In return, customers can get free products, store credit, and more. It pays to retain customers with loyalty programs, and businesses are willing to invest.
Global direct loyalty and customer relationship management costs topped $126 billion. And studies suggest that loyalty members spend two to three times more than non-members.
Businesses that don’t prevent loyalty fraud and account takeover fraud put loyal customers — particularly, their digital accounts, points, and rewards — at risk.
What is loyalty fraud?
Loyalty fraud (or rewards fraud or points fraud) happens when a bad actor accesses a customer’s digital account looking for high-value points. Loyalty fraud is most prevalent in account takeover (ATO) attacks, especially those that target gas rewards and travel miles.
In an account takeover attack, a bad actor may program a bot or botnet to access customer accounts using stolen or hacked credentials. Once the bad actor has access to the customer’s account, they can drain, use, transfer, or resell the customer’s loyalty points, rewards, miles, etc. The objective of account takeover and loyalty fraud is to steal points and convert them into cash or cash equivalents.
ATO losses were up 72% year over year, according to a Javelin report. And loyalty fraud may be among the reasons why. 10% of shoppers in a Connexions Loyalty survey said they’ve never signed in to their loyalty accounts. And most only sign in every few months.
Customer inactivity leaves the window of opportunity open for fraud. And bad actors know that, typically, businesses don’t exercise the same scrutiny over loyalty programs as other transactions. Less scrutiny makes it easier for bad actors to access digital accounts through phishing scams, social engineering attacks, and identity theft.
But it’s not just bad actors at work. Average shoppers can perpetuate loyalty fraud, which can also come in the form of friendly fraud, rewards fraud, and promo abuse. For example, a customer may exploit a loyalty program or try to redeem rewards on high-value items.
Or a business may ask for product reviews in exchange for rewards without specifying the quality of the review or verifying that customers purchased the products they’re reviewing.
Beyond lost revenue, loyalty fraud damages a brand’s reputation and customer trust. Ultimately, businesses can protect customer loyalty and reward programs by protecting the entire customer journey and implementing fraud analytics solutions.
Where loyalty fraud and account takeover occur in the customer journey
Rewards programs are a powerful way for companies to invest in and engage with customers. Essentially, rewards and loyalty programs carry the same weight as cash transactions. And every year, $160 billion in rewards and loyalty points go unredeemed, PYMTS estimated.
Customers have a lot to lose, and bad actors have a lot to gain. So businesses need to understand that loyalty fraud can happen throughout the customer journey, not just at payment.
Account creation: Account creation is the first step on the customer’s path to payment. Any business that offers rewards for opening an account needs to watch for attacks at this point. A bad actor may create accounts using stolen or fake email addresses to amass loyalty or referral points.
Loyalty and coupon redemption: Businesses that reward customers with coupons or promo codes need to watch for ATO attacks and loyalty fraud at this point. Bad actors or customers may attempt to exploit policies for greater rewards.
A bad actor may also use social engineering to get more use out of coupons or promo codes. Or they may launch an ATO attack to steal loyalty points and redeem them on high-value items.
Checkout and payment: Businesses that only detect fraud at the point of payment are missing opportunities to stop attacks at earlier stages in the customer journey. At this point, a bad actor or customer may attempt to use shared or stolen promo codes or loyalty points.
4 ways Kount prevents loyalty fraud, protects the customer journey
When businesses protect the complete customer journey, they can establish a baseline of normal behavior and quickly identify abnormal, high-risk behavior.
Kount’s digital identity solutions reduce digital payments fraud and provide industry-leading fraud protection for the entire customer journey. It helps businesses fight loyalty fraud by detecting malicious login events, fake or fraudulent email addresses, stolen payment information, and more.
1. Its global network of fraud signals informs identity trust levels
Kount’s fraud solutions function in the Identity Trust Global NetworkTM, a global network of trust and fraud-related signals from billions of annual interactions across industries and geographies. This data helps establish the level of trust for the identity behind every payment, account creation, and login event.
For example, bad actors may use multiple accounts and devices to make hundreds of fraudulent redemptions or combine points into accounts to earn high-value rewards. On their own, businesses don’t have enough data to connect events to fraud at scale in real time. Accessing a global network is critical for protecting loyalty accounts.
2. Its advanced AI detects past and current high-risk activity
Kount Command’s AI fraud prevention quickly detects anomalies, risks, and unusual activity. And it evaluates purchasing details such as device type, email address, shipping address, and product type. This advanced AI enriches global network data and helps businesses automatically approve or decline transactions using supervised and unsupervised machine learning.
Unsupervised machine learning detects emerging fraud and anomalies faster, more accurately, and on a more scalable basis than a human fraud analyst. Supervised machine learning analyzes historical transactions to identify patterns and behaviors from past fraud events.
3. Its Email Insights add confidence to account creation events
Fake or fraudulent email addresses are key in loyalty fraud. For example, bad actors may try to earn referral rewards by generating and sharing fake email addresses.
Kount’s Email Insights analyzes email addresses to evaluate past behavior, determine risk, and predict a user’s expected behavior. It provides deep insights into the risk, safety, and value of an email address for online transactions, adding confidence to account creation events.
Email addresses can establish identity trust through their risk and usage trends, associated transaction volumes, associated chargebacks, and dates first and last seen. Businesses can use this data to predict and stop fraudulent transactions. Or they can use it to learn more about a customer’s lifetime value and likelihood of repeat purchases.
For example, a business may avoid sending upsell campaigns to email addresses that are associated with a high number of chargebacks. Meanwhile, an email with an age of zero indicates that someone may have created it for fraud. These insights can signal additional friction is needed to authenticate the user’s identity.
4. It uses device intelligence and machine learning to prevent ATO attacks
Kount Control uses machine learning to evaluate user behavior, device, and network anomalies. Its capabilities link device intelligence, IP risk detection, and anomaly detection. This linked analysis can detect high-risk login activity from bots, credential stuffing, and brute-force attacks.
Device intelligence capabilities identify the relationship between a device and a customer. Typically, customers use a few devices to log into accounts. When businesses can see a customer’s trusted devices, they can set policies that challenge login attempts from non-trusted devices.
As a result, device intelligence and machine learning can help businesses recognize customers or bad actors as soon as they attempt to log in. It can help them deliver customized and frictionless experiences, and it can improve retention and customer loyalty.