Device Intelligence: Prevent ATO and Loyalty Fraud

The Real Threat of Loyalty Fraud

Jeffrey Wixted

Jun 20, 2022

Accertify’s recent webinar on emerging fraud trends highlighted the challenges many merchants are facing this year, as well as ways businesses can address new threats. One of the key areas identified was loyalty fraud.

Loyalty programs can have real value for a business. In fact, according to a 2020 Harvard Business Review study, businesses with active loyalty and rewards programs grew 2.5 times faster1 than other companies in their industry. During lockdown, brand loyalty took a bit of a hit, with consumers taking the opportunity2 to shop around more than ever and in the last couple of years, the number of accrued loyalty points soured thanks to inactivity. Research suggests that there are more than $48 trillion of unspent loyalty points3 globally.

Post-pandemic, loyalty looks set to become big business again, with the global loyalty management market predicted4 to grow from $4.43bn in 2021 to $18.22bn in 2028.   However, these unspent loyalty points are providing fraudsters with an opportunity due to the estimated cost of loyalty fraud to program operators running at more than $1bn5 every year.

Why are loyalty points so appealing to fraudsters?

For a start there is minimal communication between the airline and customer, making the chances of getting caught much lower than other forms of fraud. However, customer loyalty accounts contain personal information, such as addresses and credit card information, which cybercriminals can sell or use to commit other types of fraud.

Businesses often don’t consider loyalty programs as high risk as other aspects of the business, so activity goes undetected and there are often fewer fraud protections in place leaving customer interaction points exposed.

As businesses seek to offer more incentives to customers, the value of accounts increases, and fraudsters can quickly sell these points on for gain.

How do criminals target loyalty programs?

Account Takeover Fraud (ATO) is the most common type of loyalty fraud. This typically occurs when a bot is used to access customers’ accounts using stolen personal information. Once the account is accessed, the criminals can steal the points and convert them to cash or the equivalent.

Business solutions to loyalty fraud.

Any company offering a loyalty or rewards program could utilize an identity fraud management solution to protect both business and customers. A good solution should include the following:

Access to a global network.

Cybercriminals often use multiple accounts and devices to make fraudulent claims or consolidate points in accounts to earn more rewards. Any good identity management solution should have access to a comprehensive global network that can quickly approve purchases for loyal customers and flag any suspicious activity. 

Machine learning and industry models.

Machine learning and industry models6 are used to quickly detect emerging fraud, irregularities, and high-risk activity by monitoring transaction details such as a user’s device type, email and shipping address and products ordered.

Device intelligence.

Device intelligence7 can identify relationships between devices and their users. Customers typically use the same devices, such as desktop and laptop computers and smartphones, to log into their accounts. When businesses identify customers’ trusted devices, they can set policies that challenge logins from non-trusted devices. This enables them to recognize customers or bad actors at login and provide a positive customer experience for legitimate customers while preventing fraud.