Canadians love their loyalty reward points. Whether it’s points at our favourite coffee chain or points at your neighbourhood grocer, Canadians can’t seem to get enough of them. Until recently loyalty reward points were relatively safe. Your biggest concerns were losing them to account inactivity or the reward program devaluing them. But that was then and this is now.
When it comes to fraud and theft, criminals used to primarily target credit cards. You rarely heard about theft of a loyalty reward programs. But as the security of credit cards has evolved, criminals have been looking for new ways to commit fraud. One of those new ways is the theft of loyalty reward points.
Theft of Gift Cards, Loyalty Points and Other Non-Cash Transactions Trending Upward
The increase in the theft of loyalty reward points isn’t just anecdotal. There are hard numbers to back it up. A 2018 report on cybersecurity by Aon found that criminals are increasingly targeting gift cards, loyalty points and other non-cash transactions. Since reward points are sometimes almost as valuable as cash, this is putting the reward point industry on the defensive. Airlines, retailers and hospitality sectors are feeling the pressure to introduce new security measures to protect the hard-earned points of their loyal members.
Since the theft of loyalty reward points is a relatively new phenomenon, it remains to be seen if loyalty reward programs are protected by business insurance policies. The elephant in the room is, who are the criminals stealing from and what are they stealing? If reward point theft is considered a loss of something owed by the reward program, then it might be protected by a standard commercial crime policy – or not. Otherwise, it could be considered a loss of confidential information and be protected by a cybersecurity policy. It all depends on how the theft occurs and the coverage of the reward program’s insurance policy. And it could be neither, leaving the reward point program out of luck to pay the losses out of its own pocket.
In many industries, the onus is on the business to prove that they’ve taken the necessary precautions to protect themselves from breaches. Since this is a relatively new type of fraud, the jury’s still out of what companies have to do to prove that they’ve taken the necessary steps to protect themselves. Does IT have to keep patching the system? Does the reward program have to offer a “bug bounty” for so-called good guy hackers, white hat hackers, to points out flaws?
Protecting Yourself from Loyalty Reward Point Theft
Lenders may offer zero liability protection on credit cards that are compromised, but it’s a bit more of an uphill battle when it comes to loyalty reward point theft. If the theft isn’t widespread, the onus might be on you, the cardholder, to prove that you took all the necessary precautions to protect your reward points.
Some advice to avoid loyalty reward point theft is to take many of the same precautions that you’d take with your credit card. Regularly change your loyalty reward program password and choose a password that’s difficult to guess. Furthermore, don’t carry a wallet full of loyalty reward cards. Only bring them with you when you intend to use them. That way if your wallet is lost or stolen, your loyalty reward points will be safe and sound at home.
The Bottom Line
It seems like there’s a never ending game of cat and mouse going on between IT and cyber criminals. In the digital age, it’s more important ever to take the necessary precautions to keep your personal data safe. Theft of your loyalty reward points could lead to other fraud down the line, so it’s best to avoid it in the first place.
