The temptation is often too easy to pass up: join a company’s rewards program to get great discounts, miles, points, coupons, notifications of deals, or other benefits.
Rewards programs are ubiquitous. A 2015 Colloquy census reported earlier this year that consumers in the U.S. have 3.3 billion memberships to customer loyalty or rewards programs. That’s a 26 percent increase above a Colloquy survey two years ago.
These rewards programs are so popular because they play on the desire of consumers to feel like they’re getting a good deal. Or it may help some consumers justify their spending and purchases based on the argument that they are building credit toward a reward, freebie, or good discount.
Whatever the consumer’s psychology, the problem with rewards programs is criminology: They are too good to pass up — for cyber thieves.
It’s why we say the reward isn’t worth the risk.
Cyber thieves target rewards programs
Sera-Brynn’s EVP Heather Engel recently spoke with a consumer who had her Starbucks account compromised.
“She had tied her debit card to automatically reload when the balance dipped, and she admitted using the same password on multiple accounts”, said Engel.
Her password was compromised elsewhere, and she noticed several $25 and $50 charges back to Starbucks. Around this time, cracked Starbucks accounts were for sale on several underground sites.
Brian Krebs, a widely read and quoted cybersecurity blogger, has written recently about account holders with Starwood Preferred Guest and Hilton Honors rewards programs having their accounts hacked and emptied.
Krebs described these compromises as “part of a larger trend that’s been worsening for years as more companies offer rewards programs.”
Whether it’s American Airlines, United Airlines, Hilton Honors, Starwood Preferred Guest, or many other programs, they have become targets for cyber thieves.
While cyber thieves may be hacking rewards programs simply to steal rewards account balances and sell them cheaply on the black market for cash, the danger goes beyond that.
It’s one thing to lose your hard-earned rewards points you were planning to turn in for a motel stay, plane flight, or other freebie. It’s another thing to let cyber thieves have access to your personal data.
Easy access to personal information
Rewards or honors programs can contain the personal information of members to include birthdates, email addresses, addresses, phone numbers and even credit card information. Other information may include income and household data and marital status.
Rewards or honors programs also often have relatively unsophisticated login information and protection methods that are easy to penetrate.
Our advice is to steer clear of these programs, but we understand wanting to earn points or rewards – especially for frequent travelers. With that in mind, here are some guidelines to stay safe:
-Limit your participation to only a few that you’ll really use and benefit from. Do you really need a free pastry on your birthday? Or more coupons from a store where you shop only occasionally?
-Provide the absolute minimum amount of information necessary to maintain the account. If you aren’t required to provide a full address or multiple phone numbers, don’t.
-Commit to managing the programs you have – log in regularly to view your balances and change your password frequently.
-Many programs invite you to store your credit card information to for ease in re-loading the card or booking travel. Opt out of this feature.
-Don’t ever use duplicate identities or passwords, which makes it simple for cyber thieves to compromise multiple personal accounts, including banking and other financial information.
Colloquy’s survey reported that American households hold memberships in 29 loyalty programs that include retail, financial and travel companies. Although American households may be active in only 12 of them, according to Colloquy, each membership in a rewards or honors programs increases a consumer’s vulnerability to being compromised by cyber thieves. That means a significant amount of personal, financial and household information could be within easy reach of cyber thieves.
Losing points, rewards, or honors to cyber thieves is one thing. But having your bank account emptied, or charges run up on your credit card, or in a worst-case scenario having your identity stolen, is too big of a risk for a relatively small reward.