Loyalty points are equivalent to currency. They can be used for real world financial transactions ranging from retail to travel and even a slight carelessness on the part of individual users as well as organizations provides a fertile ground for perpetrators.
‘Loyalty Fraud’ is when a customer or an employee finds a loophole in the system and exploits it for personal gain. Excessive or fraudulent redemption of reward points accumulated through a loyalty program is considered a ‘loyalty fraud’.
The damage due to such a breach negatively impacts the organization hampering its reputation. Shockingly, most loyalty program breaches go undetected because individuals as well as companies often fail to realize the occurrence of these wrong doings. Most organizations are unaware of the fraudulent activities taking place unless a complaint is raised. And by then the damage is already done and the perpetrator is untraceable.
Compromise of the Loyalty Points Program offered by Air India revealed that these programs are not secured. Loyalty Points help the aviation companies to get the repeat business from the satisfied customers, however these companies are the most likely targets of the hackers.
Loyalty programs have several million registered users worldwide, and the fraudster has a lot to gain just by manipulating a few settings. Most loyalty programs follow a similar pattern and once a fraudster is able to penetrate through one of them, repeating the modus operandi elsewhere, is no big task for him.
These loyalty frauds are not just committed by individual customers, employees may also indulge in them. Employees swiping their own cards on transactions for customers and thus accumulating points on their own cards and then using them to make personal purchases is a prevalent scenario. Loyalty program cards can be counterfeited and internal staff may steal these cards to sell them without proper authorization. Customer information can be stolen and the risk of identity theft frauds is significantly high.
Access to technical data combined with social engineering tactics and unsuspecting authorities, makes an employee potent enough to conduct fraudulent acts which often go un-noticed. Loyalty program companies often fail to keep up with the constantly evolving face of employee fraud.
Employees such as call center agents, airline desk attendants and technical department staff may manipulate customer details and forward the gains to their personal accounts. Many a times, travellers are unaware of frequent flier miles and may fail to redeem them but a vigilant airline company staff may take advantage of this and divert the rewards to his own account. The individual member has little to lose but the organizations face huge losses due to such fraudulent employee actions. Employees of an organization have complete knowledge of the functioning of the internal systems, as well as access to user data which enables them to manipulate the system and extract personal benefits. Such fraudulent acts not only cause losses to the customer but also taint the organization’s repute causing a long-term damage.
Certified eCommerce Fraud Specialist program offered by Indiaforensic center of studies discuss this issue in detail. This is one of the first training programs on the eCommerce frauds in India.
Investigating these frauds pose a challenge to fraud investigators because there is no real money involved in the whole transaction. It’s a grey area and fraudsters often take advantage of this lacuna in the framework of legal technicalities.
To prevent fraudsters from discovering loopholes and exploiting them for dishonest personal gains, organizations ought to be extremely cautious. The occurrence of loyalty program fraud may seem like isolated incidences but the risk of fraud is real and rapidly increasing. Financial institutions, retailers as well as individuals should begin to implement preventive measures before a surge in Loyalty Program Frauds takes place.