Kiplinger's interviewed Barry Kirk (pictured above), who creates and consults on consumer loyalty programs for Maritz Motivation Solutions. Read excerpts from our interview below.
Yahoo recently disclosed a 2013 breach that exposed personal information from more than 1 billion user accounts. Are loyalty rewards accounts vulnerable to hacking, too?
Consumers tend not to see loyalty accounts as housing sensitive data. But points and miles are currencies that have a real dollar value, with $48 billion worth at stake among U.S. consumers, according to an industry study conducted a few years ago. That number is probably significantly higher now. Criminals recognize that the store of value sitting in unprotected loyalty programs is ripe for the picking.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
How do crooks steal points and miles?
Criminals attempt to hack loyalty accounts daily. Sometimes they focus on a single account to, say, exchange rewards for airline tickets, usually redeeming them outside the U.S. Other attacks target hundreds or thousands of accounts at once. In such large-scale compromises, hackers often redeem points for gift cards, which they sell on the black market. We’ve also seen hackers use credit card accounts not only to make fraudulent purchases but also to rack up points, which they then move out of the account. Loyalty managers have kept a low profile with regard to breaches that have occurred, but it’s just a matter of time until there’s a well-publicized breach of a large program—most likely in airline or hotel rewards because members accrue significant value in those programs.
How can customers protect their loyalty rewards?
Treat your loyalty accounts, especially the ones that hold the most value, as you would your bank accounts. Set aside time once a month, at a minimum, to review activity in your loyalty accounts. If you’re earning rewards daily with a program, check it multiple times a week. Don’t use the same passwords for your loyalty programs as you do for your e-mail, bank or credit card accounts. If hackers breach one account, they have a skeleton key to the sensitive data in other accounts. Take advantage of a password manager—software that generates, stores and encrypts passwords.
What should you do if points or miles have been stolen?
Immediately contact the loyalty program’s call center. By and large, programs are generous in refunding points or miles because it’s usually not a fuzzy situation. For instance, if points in the account of a customer who lives in Chicago were redeemed and sent someplace in Russia, it’s pretty clear that it wasn’t the owner accessing the account.