Hackers Target Loyalty Programs
You're likely not as vigilant in protecting your rewards points and miles as you are with your bank and credit-card accounts—which is why they're vulnerable.
When it comes to guarding against fraud, you may not pay as much attention to your frequent-flier miles or retail rewards points as you do to your bank account. But the points and miles in loyalty accounts are worth tens of billions of dollars, and crooks are catching on.
In 2017, 11% of attacks on existing financial accounts (not involving payments on credit and debit cards) were on loyalty accounts, compared with 4% in 2016, according to Javelin Strategy & Research. Protections on loyalty accounts may not be as robust as those on your bank or credit card accounts. Criminals may intercept user names and passwords of other accounts to break into loyalty accounts. One scheme fraudsters use is to buy digital gift cards with stolen points, then sell the gift-card codes on the black market, says Barry Kirk, vice president of loyalty strategy at Maritz Motivation Solutions.
To prevent theft, create unique user names and passwords for your loyalty accounts, and change your passwords regularly. (A password manager such as LastPass can help you generate and store passwords.) Use two-factor authentication if your loyalty program's site offers it.
If the site is not encrypted, don't log in to it (the web address of a secure site starts with "https"). Watch out for phishing e-mails that mimic correspondence from your loyalty program. And to help spot fraud quickly, sign up for any available alerts of account transactions, such as an e-mail notice each time points are redeemed, and check the balances in your loyalty accounts at least monthly.
If your points or miles are stolen, the loyalty program will likely refund them to you. But loyalty accounts do not have legal protections in the event of theft.