Optimize loyalty fraud prevention to improve member experiences

Fraud comes in many forms—cyberattacks, fake or stolen identities and payments—all of which can impact loyalty programs. Most loyalty fraud involves account takeovers where fraudsters use social engineering tactics, stolen credentials, or malware to gain access to accounts.  

Some industries provide more lucrative opportunities for fraud than others due to vulnerable security, infrequent monitoring of accounts, or value of sensitive data. For example, according to RSA Security and Juniper, the airline industry sees 46% of fraudulent online transactions, with cases surging by 30% in 2022. Earlier this year, Omni Hotels & Resorts reported a significant data breach that included guest loyalty program information. 

Last fall, 65 million Caesars Entertainment’s Caesars Rewards loyalty program members had their names, birth dates, social security numbers, and government issued IDs compromised in a ransomware attack. To mitigate the risk to its members, Caesars reportedly paid about half of the $30 million ransom. Around the same time, MGM Resorts International was also compromised by a ransomware attack that is believed to have originated with a social engineering attack on the company’s IT service desk. While this attack did not affect the loyalty program, it did severely affect customer experience—slot machines, ATMs, digital key cards, POS systems, online reservations, TV and phone lines, and bet management systems were all down.  

When fraud directly affects brands and their customers, it’s more than a breach of sensitive data, it’s a serious breach of trust. In these critical moments, brands must be transparent about the event and clearly communicate plans to improve fraud prevention policies and infrastructure to mitigate ongoing risk.  

Fraud prevention is a delicate balancing act. Brands must protect their assets while ensuring a smooth customer experience. This requires a nuanced approach that goes beyond merely identifying system vulnerabilities. 

A comprehensive fraud strategy should begin by mapping out various forms of fraud, including when members try to ‘game’ the system. It’s essential to distinguish between malicious fraud and customer attempts to maximize benefits, as some participants may not view the latter as fraud. Brands need to carefully introduce fraud screening measures to minimize impact on customers while still maintaining security. 

Brands should also encourage the adoption of security best practices, such as using strong passwords and implementing multi-factor authentication. This can help mitigate risks without adding unnecessary friction to the customer experience. 

When addressing suspected fraud, brands should always consider impacts to the customer experience. False positives, where legitimate transactions are flagged as fraud, can frustrate customers and disrupt their interactions with the program. In these instances, brands should clearly explain the reasons behind additional security measures and their benefits to customers. When dealing with false negatives—actual fraud incidents that are missed and can erode customers’ trust—brands should empathize with affected customers, work diligently to rectify the situation, and outline concrete steps to prevent future occurrences. 

By carefully balancing security measures with customer convenience, brands can create a loyalty program that effectively protects assets while fostering positive and lasting customer relationships. This approach ensures that fraud prevention enhances rather than detracts from the overall loyalty experience. 

Inadequate investment in fraud detection and management is costly—not just in ransom payments, noncompliance fees, and loss in market value, but also in eroded customer trust. Depending on budget and the outcomes of a risk assessment, it can be hard to find a fraud prevention solution that fits your needs. But investing in a robust solution is imperative to protect customer engagement across channels.   

Consider these best practices to optimize loyalty fraud management efforts: 

1. Conduct a risk assessment across the entire customer journey and experience. Note where increased security will likely cause friction and may require explanation and/or expectation management. This transparency will help customers and members understand when and where this might be a part of their experience and how these safeguards are designed for their benefit. 
2. Break down silos that might exist across IT, operations, and marketing teams to address vulnerabilities and the impacts of mitigation holistically. 
3. Assess the effort and impact of aligning on prioritized tasks and implementing improved security solutions—using in-house resources or external consultants and partners. 

Robust loyalty technology should have fraud models running behind the scenes to flag suspicious activity before fraud occurs. Our industry-leading platform, Tally™, holds points in suspense so they cannot be used until the transaction has been verified. Our team of data scientists partners with brands to identify their optimal fraud threshold for records to be flagged and manually reviewed, within the context of the individual client’s capacity and risk tolerance. This platform functionality ensures members have access to their points while minimizing fraudulent behavior. Regardless of your current loyalty technology, these advanced models can be leveraged to reduce the incidence of fraud within the loyalty program while minimizing friction in the customer experience. 

These fraud prevention features help brands benefit from: 

• A comprehensive suite of technology and analytic tools to monitor login attempts, call center activity, and interactions involving integrated client or third-party exchanges to capture the most common forms of fraudulent activity. 

• Enhanced fraud protection via web application firewalls and a proprietary combination of advanced modeling techniques. This includes Tally’s proprietary federated modeling feature, designed to successfully identify and address new fraud that can evade human detection, all in a scalable manner. Federated Modeling is an advanced network of fraud models that allows brands to partner collectively and minimize fraud. This prevents more fraud than can be captured alone, detects new fraud patterns that haven’t occurred in one program but are known based on what others in the industry are experiencing, and doesn’t require sharing data or insights across clients or systems. 

• Reduction in manual reviews and facilitation of decision-making for flagged accounts. The Tally platform has several mechanisms to control temporary or permanent account restrictions. If Tally is being used as a source of identity authentication the platform can control permanent and time restricted account lock status. With incoming transactional behavior, Tally has algorithmic fraud detection based on rules and advanced AI/ML-based fraud detection that can, with statistical significance, temporarily or permanently lock a customer’s account. Additionally, the Tally Customer Care feature allows teams to review members in suspended account hold and determine based on the review tools like tracked changes reports, self-service data portals, and data visualization, to reinstate or permanently close the account.  

As loyalty fraud increases and consumers become savvier about what they can and should expect regarding their rewards and privacy, the right partner can help your brand find the optimal balance. Ready to have a conversation about detecting and preventing loyalty program fraud? Let’s talk.