The implications and consequences of loyalty fraud: interview with Peter Maeder, LFPA

Tuesday 3 December 2019 08:40 CET | Editor: Simona Negru | Interview

The Paypers interviews Peter Maeder from the Loyalty Fraud Prevention Association to find out more about the implications and consequences of loyalty fraud 

What are loyalty programmes? Can you please describe how loyalty programmes work?

Loyalty programmes are structured marketing strategies designed by merchants to encourage customers to continue to shop at – or use the services of – businesses associated with each programme. These programmes cover most types of commerce, each one having varying features and rewards-schemes.

Besides rewarding repeat customers, they offer additional benefits: getting an understanding of customer’s needs, segmentation of customers, increasing the target audience and others. 

Initially, a loyalty programme rewards a customer points for frequency, often for every dollar spent. The points are recorded in the customer’s loyalty accounts. The accumulated points may then be used to ‘purchase’ items published in a ‘rewards’ catalogue. 

Expanding on this, the airlines first realised that by working with financial institutions, there is a win-win. Flying is a very attractive offer, therefore banks reward customers with miles for every dollar spent on a ‘co-branded credit card’. The airlines sell the miles to the banks, thus increasing occupancy on their flights, and co-brands have now the opportunity to spread into other sectors such as travelling, retailing and more.

Accounting requirements changed in 2011, obliging loyalty programmes to report the issued - but not yet redeemed - points/miles in their books. There are no official figures, but according to industry experts, the total value of points/miles is estimated at above USD 400+ Billion. To encourage redemption of the points/miles (i.e. to reduce the outstanding liabilities), and to make their programmes ever more attractive, points/miles can be used for purchases in establishments of other industries – use miles for hotel stays. Of late, gift cards and in particular eGift cards have enjoyed an increased popularity. 

Why the increased fraud in the loyalty industry?

Given the huge value of the points/miles accumulated in the loyalty accounts and the attractiveness of the rewards (flying for free etc.), professional criminals and other opportunists realised that defrauding in the loyalty industry was much easier then committing credit card fraud. In addition, loyalty programmes provide a commodity that criminals are very interested in – customer data.

We differentiate various types of fraud in the loyalty industry: 

Gaming: using loopholes in the Terms and Conditions of the programmes to accumulate more benefits than permitted/intended. However, is this fraud? Different programmes view this distinctively – ‘in law, fraud is intentional deception to secure unfair or unlawful gain’.

Brokering: the selling of points/miles or rewards (airline tickets, hotel stays). Again, is it fraud? 

Employee or third-party fraud: unauthorised accrual or redemption of points/miles by employees, who book points to their account rather than the one of the legitimate customers. 

‘Friendly fraud’: For example, ‘double dipping’ collecting miles from a flight from two different programmes.

Account Takeover/Account Compromise: Criminals are targeting loyalty programmes to takeover/or compromise accounts for two reasons: steal the points/miles accumulated in the accounts and get customer data. Both ‘commodities’ can be sold on the Internet for significant profits (loyalty accounts can be bought starting at USD 20 as compared to a credit/debit card number which are offered for as little as USD 5).

What could airlines/loyalty programmes do better to prevent loyalty fraud?

1) Consider the impact of loyalty fraud as the cost of loyalty fraud is completely underestimated or not taken seriously by many brands. Experts estimate the annual fraud costs to rise to 1% of the points/miles issued, i.e. USD 2 to 3 billion annually. Moreover, the cost of negative customer experience – according to surveys 26% of customers would cancel the programme – results in loss of life-time revenue to the brand. However, we hope that the announced fines by the UK courts for data breaches will serve as a wake-up call (BA USD 240 mln, Marriott USD 90 mln). 

2) Align the objectives of marketing and security – find the right balance between a frictionless customer experience and adequate protection of customer/account data. 

3) Have one fraud department for loyalty, credit card and baggage fraud, as they have the same ‘customers’.

4) Be prepared:

a.     Ensure that your IT systems are protected; implement security procedures – penetrating testing, vulnerability scanning, deny access after a number of log-in attempts;

b. Develop and test recovery plans, media plans;

c. Educate your customers – they must accept certain security procedures to protect their data (e.g. multi-factor authentication or other tools);

d. Provide the fraud department with adequate resources (staff and technical tools), modern technology and procedures: 

  • Account management: 

i. Know your customer – background check of the account holder;
ii. Protect access to the account (multi-factor authentication, biometrics, etc);
iii. Monitor customer behaviour (screening of transactions).
  • Educate your staff to prevent phishing attacks;
  • Attend and participate in forums/webinars to keep abreast of fraud trends.

What new technologies and developments to use to combat loyalty fraud?

The challenge is to find the right balance between a ‘frictionless’ customer experience and adequate security measures at a reasonable cost to limit fraud. Clearly, legacy systems that require significant manual involvement can’t be the response. There are now numerous companies offering fraud prevention solutions using rule based detection as well as machine learning/artificial intelligence tools that can analyse huge amount of data within seconds.

About Peter R. Maeder

Peter R. Maeder has an international career in car rental, developing and running a credit card centre. Before helping to set-up the Loyalty Fraud Prevention Association, he focused on fraud prevention and the introduction of the PCI standards at IATA (International Air Transport Association). 



About The Loyalty Fraud Prevention Association

The Loyalty Fraud Prevention Association was set-up in 2016 with the objective to fill the void in providing a platform for Loyalty Programmes to meet and learn from one another in order to stop fraud. To find out more and register for our events and complimentary webinars:  

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Peter R. Maeder, The Loyalty Fraud Prevention Association, loyalty fraud, fraud prevention, rewards, merchants, banks, credit cards, friendly fraud, gaming, account takeover, biometrics
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime