Loyalty Fraud & Security – are your points secure?

SeaMountain Logo

Loyalty Program Breach and the link to Loyalty Fraud

The more things change, the more they remain the same.  Or so our French cousins say!  And, just reading about the latest “data security incident” as Enrich, the loyalty program of Malaysian Airlines, calls it where there has been a “compromise” of member data.

Well, just over a decade ago, right here on the SeaMountain blog, we were sharing information about loyalty fraud.  And a new type of loyalty fraud too.  That particular fraud, where a member of Qantas’s loyalty program had their account cleared out, showed that fraudsters were ahead of the game.

Yes, your points can be stolen!

Loyalty Accounts were easier to hack in to and steal points.  And fraudsters had figured that out.  It was easier than hacking a bank account.  The QF member from all those years ago, looks like he had been the victim of a malware fraud rather than a data breach at a corporate level.  But, as the news from Malaysian Airlines shows, the fraudsters are still out there stealing your information on an industrial scale.

MH are not the only people in the loyalty space to have fallen victim.  British Airways, Marriott and Hilton are just a few to name where there have been breaches.  And, often this information ends up for sale on the dark web.  Not only is it the miles/points value in your account, but, that you might have used the same password elsewhere.  Meaning they have, potentially, the key to lots of your money in other accounts.  It’s called credential stuffing.

Lessons to be learnt

The tale of the QF Member led to a presentation on the topic at the Airline and Travel Payment Summit in, of all places, KL almost 10 years ago.  That presentation led to some 30 workshops around the world, numerous webinars and what is now the Loyalty Security Association.

So….what’s the lesson from the news from Malaysian?  Well, it is two fold.  The first is at a business level, are you doing enough to protect the data of your members?  And, the second is more personal.  Are your own points secure?

Want to know more?

If you want more information, drop me a line WhatsNext (at) SeaMountain.co.uk or go check out the Loyalty Security Association.