Logo Alt Text Logo Alt Text
  • About Us
  • Trust Center
  • Schedule a Demo
  • Resources & Blog
  • ID Theft Protection
    • IdentityForce.com
    • Breach Risk Intelligence
  • Mobile Security
    • Mobile Defense Suite
  • Identity Restoration
  • Breach Response
  • Small Business
    • Small Business Suite
  • Explore a Partnership
    • Tailored Programs
      • Resellers
      • Affiliate Marketing Program
    • Industries
      • Financial Institutions
      • Employee Benefits
      • Government Agencies
    • Continuous Support
    • Schedule a Demo

Reward Risks: Hackers are Targeting Your Loyalty Points

Posted on May 21, 2020 by Steve Turner | Information Security Expert in Children & Families, Personal, Personal Resources

woman holding up loyalty card

Loyalty programs are big business for retailers and fraudsters alike. From airline miles to hotel stays to free coffee, consumers are extremely willing to share personal information with their favorite stores for rewards. Fraudsters are increasingly targeting these loyalty programs because consumers often don’t treat it as real money. The end result — $1 billion a year ends up in the pocket of these scammers.

Fraudsters Love Loyalty Points

Currently, in the U.S. consumers average 14 loyalty accounts per person, while racking up $140 billion in unspent loyalty points – demonstrating the massive popularity and available resources for fraudsters to pounce on. Loyalty programs are an easy target for cyberthieves to score consumer data and cash-like rewards. Typically, these programs store sensitive Personally Identifiable Information (PII), including your birth date, email or home address, and a phone number.

As we engage in these loyalty programs, we should all be thinking about the security of our information. It’s pretty straightforward for a hacker to access our information within these reward programs. They can leverage previously compromised credentials from prior data breaches to log in to an account, known as “credential stuffing”. From there, they can place orders using the victim’s points and credit card information. They can also sell the rewards and information for a profit in the Dark Web, or to gain access to even more PII.

Mobile Vulnerabilities Fuel the Fire

Consumers crave convenience and are willing to accept certain risks to make life more convenient. The adoption of mobile rewards cards — where the cashier can scan a phone to capture the user’s profile and apply it to the transaction instantly — creates additional risk through mobile vulnerabilities for rewards.

Loyalty apps are often unsecure and easy to access, especially if we use the same passwords for multiple accounts. Make sure your phone is protected from rogue apps by downloading only from the approved app stores. Be sure to use a different password for each reward program you join and change them regularly just as you would with financial or credit account logins.

Start Using Your Points Before the Hackers Do

Stay current with the number of points you have in your rewards accounts. Be suspicious of emails that ask you to log in to your account to change your information. Phishing emails like this are often a gateway for cybercriminals to record your information and perform account takeovers. Do not click any links within the email. Instead, go directly to the retailer’s website and log into your account directly to see if something is wrong.

Check your loyalty points often. Treat your rewards like the cash in your wallet. Make sure fraudsters are not using your hard-earned loyalty bucks or worse — your personal information.

Tips to Protect Your Personal Information

  1. Report your missing rewards. If you think your loyalty account may have been hacked, report it to the appropriate company and compile any documentation they may need to restore your balance.
  2. Update all passwords. Use difficult-to-crack passwords, unique to each of your accounts and that have not been used in the past. Use a secure Password Manager if you have a hard time keeping track.
  3. Add two-factor authentication. Adding another layer of protection to the accessibility of your accounts helps protect against hackers infiltrating your accounts with your credentials.
  4. Update your privacy settings. Privacy settings on web browsers, mobile devices, and social networks can be changed to share the minimum amount of information. Learn more about where to update your settings here.

 

Meet the Author

Steve Turner | Information Security Expert

Steve, former Chief Information Security Officer (CISO) at Sontiq, the parent company of the EZShield and IdentityForce brands, has over 30 years of extensive experience managing security teams and continuous improvement initiatives around the security of IT systems, including disaster recovery, security, and PCI Compliance.


Related Insights

Sontiq Teams Up with Feeding America to Support Feeding Families & Children During COVID-19

Sontiq, the parent company of IdentityForce, is partnering with Feeding…

See more


15 Min Webinar | Are you prepared for the next wave of 2021 scams?

Are you prepared for the next wave of 2021 scams?   In this…

See more


Sontiq Teams Up with Project Bread to Support Feeding Families & Children During COVID-19

Sontiq, the parent company of IdentityForce, is partnering with a…

See more

Sontiq
  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • ID Theft Protection
  • Mobile Security
  • Identity Restoration
  • Breach Response
  • Small Business
  • Explore a Partnership
  • About Us
  • Trust Center
  • Press Room
  • Contact
  • Terms of Use
  • Privacy Policy
  • EU-US Privacy Shield Privacy Policy
  • EU GDPR Fair Processing Notice
  • Do Not Sell My Information

© 2021 Sontiq. All rights reserved.

Questions?
Call 1-888-6-SONTIQ
Send Us An Email
Live Chat