Three Types of Loyalty Frauds That Could Cost Your Business Millions

Loyalty marketers looking to protect their brand’s bottom line need to be well acquainted with each of these cyber-threats

In 1793, a merchant in Sudbury, New Hampshire, started handing out small copper tokens to customers with every purchase. While not legal tender, customers could spend them just as easily, but only with this business. The merchant found that this kept customers coming back more often, and with that, the first loyalty marketing program was born.

As technology evolved, so did loyalty marketing, and adoption rates suggest modern shoppers have found immense value in it. In the US alone, 3.8 billion consumers’ memberships take part in loyalty programs. Combined, they maintain point balances worth an estimated $48 billion USD. But for as long as loyalty programs have existed, there have been those willing to exploit them.

During his time as an executive at the Allied Stamp Corporation in the 1930’s, Oklahoma businessman Carl Willis often encountered fake S&H Green Stamps, which at the time traded as easily as dollar bills. In 2009, fake coupons for free five dollar bags of Doritos began showing up in grocery stores, leading PepsiCo to offer a $2,500 bounty for any information leading to the capture of the scam’s originators. In 2016, a 31-year-old UK bakery chain worker “enjoyed countless sausage rolls and steak bakes” for free by stamping his own loyalty cards.

Today, as the majority of loyalty programs move over to digital platforms, fraud is less overt but no less pervasive. Seventy-two percent of program managers report experiencing fraud.

Laura Hurdelbrink is a loyalty fraud product manager at Connexions Loyalty. An eight-year veteran of the loyalty marketing space, Hurdelbrink explains that most fraudsters fall into one of three groups: customers, insiders, and hackers. Each exploits vulnerabilities in loyalty marketing systems for personal gain, and in extreme cases can end up costing businesses millions of dollars in appropriated loyalty points.

  1. Customers themselves drive a fair amount of the fraud seen by loyalty program managers, but most don’t know it. Points brokers are illegal commercial outfits that purchase unused loyalty points, using them to re-sell products at substantial discounts. Most exist exclusively online and don’t openly advertise transactional specifics. SellMilesNow.com, a digital broker of unused airline miles, asks that customers call them directly to discuss sales, assuring them that “We are dedicated to maintaining our reputation of service and reliability.” Ed Perkins from Smarter Travel explains how this can backfire on customers. “Selling frequent flyer miles is against airline rules, and airlines enforce them at least some of the time—meaning your ticket could be voided.” On top of customer fraud, many businesses also, unfortunately, end up the victims of fraud originating from within.
  2. Some employees, given the opportunity, have no problem claiming points or benefits intended for others. The proprietors of Harrods, a London luxury department store, took action after owners noticed a large loyalty point balance under a variation of one customer-facing employee’s name. “A Harrods employee has been found guilty of fraud and theft after she accumulated 280,000 pounds worth of loyalty card points from customers who failed to collect them,” explains Vivian Hendriksz for Fashion United. “Chomchanok Hongsakuulvasu admitted to undertaking a three-year scam during which she acquired close to 850,000 Reward Card points.” Hongsakuulvasu was able to take advantage of point-of-sale hardware, scanning her own card instead of those belonging to customers. It’s an unfortunately common vulnerability that business owners can address by reevaluating their systems, either independently or with a third-party security firm. The most dangerous loyalty fraudsters, however, aren’t so easily rebuffed.
  3. Determined hackers have repeatedly exploited vulnerabilities in digital loyalty marketing systems, often forcing businesses to choose between hefty financial losses or a PR nightmare. When Canadian grocery chain Loblaws merged its loyalty program with that of another chain, its system was left vulnerable. Hackers wasted no time stealing millions of points that they then spent anonymously. Irate customers, some of which had lost thousands of dollars worth of points, held the brand accountable. “What are they doing moving forward to prevent these security issues?” asked Justin Lim, a Toronto customer who lost $650 worth of points, adding “I want answers.” Opting to minimize negative publicity, Loblaws reimbursed all losses and in some cases gave customers additional points in apology. While the brand neglected to disclose exactly how many accounts were hacked or points were stolen, at least six million Canadians participate in the program and thousands have vocalized their anger, doing lasting damage to the brand’s reputation.

As loyalty marketing migrates into the digital world, marketers have an obligation to develop the skills and knowledge necessary to protect their customers from bad actors. While some businesses may be put off by upfront costs, investments in secure systems and capable engineering teams can help prevent these sorts of incidents. While no system is ever 100% secure, taking the necessary precautions can help ensure your brand doesn’t become a target for fraudsters of any kind.