How to Prevent Loyalty Program Fraud

Editor’s Note: This blog entry was originally published on October 18, 2017, and was updated on April 24, 2020. 

What are Loyalty Programs?

Many companies offer loyalty or rewards points programs as a way to engage their customers and keep them coming back. These loyalty programs are very popular with purchasers - 69% of consumers say their choice of retailer is influenced by where they can earn customer loyalty/rewards program points.

Benefits of Offering Loyalty Programs

Loyalty programs help companies with customer retention and engagement, which translates into higher revenue. 83% of surveyed consumers said loyalty programs make them more likely to continue doing business with certain companies. On average, loyal customers are worth up to ten times their first purchase. 

What is Loyalty Program Fraud?

While loyalty programs have become popular with customers, they’ve also become popular with fraudsters. As more traditional payment methods such as credit cards have strengthened their security, criminals have started eyeing non-traditional markets like loyalty programs.

Thieves target loyalty and rewards accounts because they’re a high-value item - worth $48 billion in the U.S. alone.

Unlike their credit card balance, most customers don’t track their rewards points on a regular basis - they likely don’t even know how many they have until they’re ready to use them. This makes loyalty program environments more susceptible to fraud.

Criminals commit loyalty program fraud in a number of different ways. Often, they will simply redeem stolen rewards points for cash or other items of value such as flights or hotel stays. Other times, they will sell them on the dark web.

Further than just stealing points, criminals can also hack into loyalty program websites and steal consumers’ personally identifiable information (name, date of birth, mailing address, etc.) - which they can then use to commit identity theft. 

Effects of Loyalty Program Fraud

While you might not hear about loyalty program fraud in the news as often as you hear about credit card fraud, it can have a huge impact on businesses. It’s estimated that loyalty program fraud costs $1 billion a year.

In addition to the financial loss, loyalty program fraud can also cost a business their customers’ trust. And with an abundance of customer review sites available online, these customers will likely share their negative experience.

How Can Companies Prevent Loyalty Program Fraud?

To protect their loyalty program data and prevent fraud, some businesses are utilizing methods that the payment industry already uses to protect credit card data. Here are a few ways to prevent loyalty program fraud:

  • Limit Employee Access to Data - In the same way that network segmentation limits access to credit card data, limiting the employees who can access loyalty program data helps prevent fraud.
  • Use Tokenization - While the term tokenization is most often used to refer to protecting payment data such as credit card numbers, any info can be tokenized - in the case of loyalty programs, this includes data such as email addresses, usernames, and passwords.
  • Strengthen Login and Password Security - Ensure all employees use a strong password. Also use two-factor authentication for all employee and customer logins. That way, even if a criminal accesses someone’s password, there is a second step they aren’t likely to be able to complete (such as confirming on a mobile device).


The rise in the popularity of loyalty programs has also been accompanied by a rise in loyalty program fraud. Offering loyalty programs to consumers has many benefits, but companies must make sure they set these programs up to be secure in order to be successful. Independent software vendors (ISVs) who have loyalty program capabilities in the solutions they offer also need to ensure they’re implementing appropriate security measures.