Your IP: Unknown · Your Status: Unprotected Protected

Blog In Depth

Can hackers steal your hard-earned loyalty benefits?

May 22, 2019 · 2 min read

Can hackers steal your hard-earned loyalty benefits?

We rarely associate loyalty programs with high fraud risk. Because they rarely involve money transactions, customers tend not to be concerned about their safety. Same for the companies offering them. This creates a perfect space for hackers to snatch your hard-earned bonus points for valuable free goodies.

How you can lose

Fraudsters usually target companies with weak loyalty scheme security. Loyalty fraud expert Laura Hurdelbrink has said that electronic cards are really easy to intercept as they are delivered instantly and require no physical shipping address, allowing fraudsters to steal your data just by using your email.

The damages are also growing more and more extreme. Loyalty fraud prevention groups estimate that about 1 billion dollars a year are lost to loyalty program crimes. Hackers can even steal your sensitive personal data, as some loyalty programs are tied to your credit card.

The New York Times reported that US shopper Daniel Najera lost all of his, which were used to make payments for purchases on Amazon – and that’s just one of many cases.

Types of loyalty fraud

Loyalty fraud can be:

  1. Conducted by customers. This happens when customers find a loophole in the system and exploit it for their own needs. In one of the most famous cases, American civil engineer David Phillips bought 12 thousand pudding cups to exchange them for 1.2 million air-miles. Sometimes, so-called mile brokers even sell their illegitimately obtained miles online.
  2. Conducted by employees. Company staff can claim unused benefits intended for customers, or they could snatch customers’ info by abusing their access to internal systems.
  3. Conducted from the outside by fraudsters. This includes counterfeit accounts, data theft, and other methods of illegally obtaining your loyalty program rewards. Fraudsters can breach your loyalty account, create fake accounts, and assume the identities of legitimate customers.

How to protect yourself

There are a few precautionary measures you can undertake to avoid such fraud:

  • Use strong passwords for your accounts (you can find some tips here). You can also check if your password hasn’t been breached or use this generator to create strong random passwords;
  • Be cautious around unsafe public Wi-Fis. NordVPN can protect you from hackers who use public networks to steal your data;
  • Regularly check your account statements and keep tracking your balance. Loyalty scheme fraud often succeeds because the customer notices the changes too late;
  • Do some research on the company offering the loyalty program. Find out what security measures they apply to their loyalty program databases if this info is available;
  • Avoid scammy websites designed to steal your data. Scammers and hackers can set up websites to steal your login info, financial data, or even your rewards. NordVPN’s Cybersec feature can prevent you from entering malicious websites that can snatch your data.

What can companies do to protect their customers

If you're concerned about the security of your company’s loyalty rewards, you should consider the following measures:

  1. Always inform their customers and employees about breaches or other risks.
  2. Monitor customer accounts to detect suspicious activity.
  3. Implement high-tech security features such as multi-factor authorization, secure password encryption, etc.

Get your data protected with military-grade encryption with NordVPN. We offer a 30-day money-back guarantee.


Paul Black
Paul Black successVerified author

Paul is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.


Subscribe to NordVPN blog