What is it, when might it occur and how can you stop it?

Loyalty fraud isn’t a new phenomenon, but in our 12 years’ experience of working in B2B loyalty we have had very few instances. Having attended a course on Fraud with the Loyalty Academy recently, we wanted to highlight how you can minimise risk in your loyalty programmes. 

We recently uncovered a case of loyalty fraud on one programme and worked with the client to provide all the evidence and data required to prove the case. At the same time we went through a thorough risk assessment of the programme to ensure that we had the strictest controls and encryption in place. Fortunately, and as we expected, our programme stood up to the scrutiny and nothing was deemed to be lacking. This particular case was found to be a member of staff who was redeeming points from a customer’s account.

If you don’t have the right monitoring processes in place, this type of activity can easily go unnoticed for years.  Why not have a look at your data and think about whether you would notice spikes or unusual activity? If not, then you need to work out what you need to have in place to get these types of behaviours reported in real time. One of the benefits of a loyalty programme is the vast quantities of data you can get from it, so you should be able to get a good idea of what normal looks like and then set your parameters at which you are going to monitor (e.g. 10% leeway either way).

In B2B programmes we have seen many cases where internal sales reps have helped the customer to manage their loyalty programme, whether that is redeeming their points, or even setting up the account for them. Why do members of loyalty programmes not give their loyalty account the same level of secure access that they would their bank account? OK, so points normally can’t be converted into cash whilst sat in the account, but members have earned them and they can redeem those points, often for a physical product. Too often loyalty programmes are just seen as perks or promotions internally and it is imperative that any business provides the right training and highlights the important role that loyalty can play in growing a business. Used correctly, a loyalty programme should be a win-win for both customers and the business. 

External fraud (e.g. hackers) is commonplace across all digital platforms. Make sure that you are using best practice security protocols and restricting access only to those people who need it. Make use of the correct security protocols when creating accounts, but get the right balance in making the process frictionless. You don’t want to turn customers away before they have created an account because it seems too much like hard work. Hackers are most likely to try and ‘take over’ accounts to spend the points or to harvest data. It can be easy for hackers to gain access, particularly as customers are not using the same secure passwords as they would for their banking platforms. To combat some of this, make sure that you are assessing your accounts regularly. It is estimated that over 46% of loyalty accounts are inactive and there is no benefit in having thousands of inactive accounts cluttering up your platform. Create a re-activation campaign to entice those accounts back to spending with you and if they don’t, then don’t be afraid to remove them. 

The other type of fraud is not necessarily fraud but ‘playing the game’! This is when a customer, or member of staff, figures out how to use a loophole or bend the rules in a promotion or campaign to benefit them. If a customer isn’t breaking the terms and conditions then there isn’t a lot you can do, even if you all know that the rules are being manipulated. In this instance it is best to analyse the campaign or promotion and see what you could do to mitigate this happening again and whether you need to change the rules immediately. 

Dealing with loyalty fraud can be likened to having a German Shepherd in your house; your house is much less likely to be burgled than the neighbour’s house with no dog. As we have recently added a German Shepherd (or land shark as they are often described) to our family, this analogy resonated particularly well with me. 

Firstly ensure that you have the following in place:

• High level encryption at rest and in transit.
• Robust security measures on data capture, storage, retention and deletion.
• Relevant, up to date and accurate permissions for all of your programme users.

Secondly, and just as importantly, check that you have the right levels of monitoring happening throughout your programme so that any unexpected activity is picked up and the relevant people alerted.

So, be that German Shepherd, guard your loyalty programmes points and data and, to back it up, have the surveillance cameras in place to allow you to analyse what is happening in real time.