Hackers use loyalty programs to steal points and personal data. This is not as harmless as it may seem — every year retailers lose 2% of revenue due to such fraud. Cardholders not only lose their bonuses but also become the targets of spam attacks.
It is already difficult to find a retail company that does not offer its customers a loyalty program. It is beneficial for both parties: buyers get special offers and discounts, and businesses get interested customers. However, such programs began to attract scammers, because you can buy real goods for points, and then resell them.
Most often, retail suffers from its own employees: criminals often acquire accumulated points and use compromised accounts to launder money.
We decided to tell you about several types of such fraud.
Fishing is the most popular type of attack, which works in 90% of cases.
It is used for various types of fraud, including the fraud against the members of loyalty programs. The cardholder receives a fake email from the company containing a malicious link. One click and the user is caught. This way malware is installed and personal data is stolen if you log in to a fake company website.
The attack can be avoided if you check the site address before clicking the link. It is important to be attentive to each email, even if it does not seem suspicious at first glance.
Fraud with cash registers. Only an unscrupulous store employee can do this. Customers do not suffer from this, but the business loses revenue.
How it happens: a customer comes to the mobile shop and buys equipment for a large amount. The employee remembers the receipt number and makes a refund. The amount appears in hands, but there is a shortage of goods. Then the employee “sells” the same product again, but this time using bonuses, promo codes, and coupons, significantly reducing the price. He takes the difference in his pocket. This scheme only works if the client pays in cash, which happens less and less often. Therefore, often the buyer is a fake and is in collusion with the store employee.
Web vulnerabilities. Large retail chains have their own websites and mobile apps, but they are not always well protected, so they become easy prey for scammers. Hackers break into websites and steal customer data, and then sell the database to spammers, often among them are other scammers.
How to deal with this? It is obvious to increase the security of loyalty programs, for example, to apply multi-steps authentication in applications and websites. And users should pay more attention to data from loyalty programs.