CNP Expo: Loyal Subject — The Growing Problem of Fraud in Loyalty, Rewards and Couponing

May 19, 2015

CNP Expo: Loyal Subject — The Growing Problem of Fraud in Loyalty, Rewards and Couponing Moderator Nikhil Joseph of Mercator Advisory Group began this morning’s session on fraud in loyalty, rewards and couponing programs by asking the panel why loyalty fraud is important, and how it is different from credit-card fraud in general.

Kristin Boorse, senior product manager at Experian Fraud & ID Solutions, responded that while loyalty programs were seen as small potatoes even just a few years ago, “right now over $48 billion is locked up in loyalty programs.” And of course, these programs represent a relationship between a business and its customer that the business does not want to jeopardize. Said Boorse: “Consumers expect the same level of protection on these programs as they do on a payment.”

Discover’s Senior Manager of Payments Security Adam Taylor pointed out that “there’s lots of security in place to prevent credit-card fraud, but loyalty programs are often run by marketing or business development with little thought to the risk.” For this reason, he recommended that loyalty programs and coupons should be developed in conjunction with the risk management team from the get-go.

In terms of best practices for preventing this sort of fraud, Jane Beauchamp, president of Brand Technologies, who focuses mainly on couponing fraud, highlighted the importance of watching social media. If your program or coupon is suddenly trending on social media, it could be just that it’s a good deal, but it could also mean that there’s a mistake or loophole that consumers are being alerted to by a savvy blogger. While this alerting isn’t illegal in itself, fraudsters will often find ways to widen these loopholes further.

Taylor reminded the audience that fraudsters tend to be lazy, so businesses should make it difficult for fraudsters to set up and track multiple rewards program accounts. “Don’t allow the numeration of account names (jdoe1, jdoe2, etc.). Force a more difficult password.” He observed that “the companies that [integrate security into these programs] best are those who treat a loyalty program as they would treat a payment program.”