Last updated: 18 October 2019
Airline loyalty programs emerged in the early 1980s when American Airlines decided to offer benefits to frequent flyers. And with so many benefits coming from points and the ability to earn them through credit cards, their value increased. People often have thousands of points saved but many never think their frequent flyer points are at risk of being stolen.
Cyber crime isn’t restricted to banks, electronic means of payment, securities brokers or eCommerce. Virtual currencies are just as much at risk, and we’ve all seen how tempting Bitcoin is to hackers.
The problem now lies with the fact that people are wary of email and telephone scams that target their banking and personal details. But they never think anyone would want access to their points.
The most common attack is a phishing scam that looks just like a genuine email from the frequent flyer program. One click is all it takes for malware to be installed on your PC or for you to login to a fake website where your login details are stolen.
The scheme is currently so effective that it deceives on average 90% of users, according to data from Barracuda Networks. The attacks can come from using infected shared computers, a fake call center attendant, the sharing of account information with others, or even internal fraud from within the loyalty program company.
This type of fraud is hard to identify, since the hackers get enough information to prove they are the real users. Further, the victim won’t realize they lost their points immediately as very few people check their loyalty points daily.
We have to start treating the security of our loyalty programs as seriously as we treat our money, because usually the value can be very high. Program providers need to implement stronger authentication methods that will improve security. Airlines can analyze much more than just user IDs and IP addresses to reveal potential red flags:
Loyalty program providers should check whether:
- the loyalty account has been accessed from an unrecognized device
- an unrecognized device has changed or viewed account details
- one device is accessing multiple accounts during a short period of time
- there has been a sudden influx of miles to an account with a previously consistent history
- the use of mileage is much higher than the past
- multiple tickets have been purchased with names differing from the account holder
Fraudsters are keen to target loyalty points because they can buy flights and other goods for free and then sell them on to others. Unsuspecting buyers are then at risk from being denied boarding or having their goods confiscated if the scam is detected.
Also, criminals like to buy loyalty points and use compromised accounts to launder money. So, it’s imperative that program providers adopt a more rigorous approach to security. Our authentication solutions that use biometric technology are a great asset in the war against fraud.
Biometric authentication also gives travelers peace of mind, as they will know that their points are secure even if their login details are compromised by a phishing scam.
The next time you receive an email from your frequent flyer or loyalty program, please be cautious! You may be a fraudster’s next target!