What Is Loyalty Fraud?

March 20, 2023


Loyalty fraud is becoming a common way of deceiving customers, and merchants are also suffering. As the world entered its second year of lockdown back in 2021 and more people turned to ecommerce, loyalty fraud spiked by 80%.

Current statistics say that as many as 75% of customers participate in one or more loyalty programs, proving they are an essential strategy for customer retention. For this reason, merchants should take loyalty fraud seriously and increase their efforts to protect their customers’ and their own information.

In this article, learn about different types of loyalty fraud, its consequences, and best practices for protecting your customers and your business.

What is loyalty fraud?

What Is Loyalty Fraud?

Loyalty fraud (sometimes referred to as loyalty point or reward point fraud) occurs when a malicious actor abuses a merchant’s loyalty program for personal gain. It comes in several forms, but typically the fraudster first performs account takeover and then uses or sells the customer’s loyalty points.

Loyalty fraud was previously most common in the travel industry. However, in recent years other industries have been targeted as well, including online retail, SaaS companies, ride-sharing apps, and iGaming platforms.

Note: Some consumers actively participate in loyalty fraud, too. This happens when they use loopholes in the merchant’s terms and conditions to gain more loyalty points. An example of this is opening multiple accounts or dividing purchases to inorganically accumulate rewards.

How Does Loyalty Fraud Work?

Loyalty program fraud begins with an account takeover or another form of identity theft. The fraudster obtains account information through hacking, a data breach, or by tricking the victim into sharing the information. Considering that most people use the same password for multiple accounts, breaking into one enables criminals to potentially access all the accounts a person owns.

Loyalty fraudsters mainly target inactive accounts with unused loyalty points since these attempts usually go unnoticed. Most people participate in more than one loyalty program, so they do not keep a close watch on each individual one. If a customer loses a certain number of loyalty points, they will most likely consider them expired rather than stolen. All of this means that loyalty programs are an easy target for fraud.

The criminals then use the customers’ rewards and points for their own gain by cashing them in themselves, reselling them online, or even using them as currency in the dark corners of the web.

Types of Loyalty Fraud

Loyalty fraud can broadly be divided into three types:

  1. External fraud. Outside perpetrators not related to the merchant or the customer commit this type of loyalty fraud. They circulate the internet to find vulnerable accounts to gain unauthorized access and clear out accrued loyalty rewards.
  2. Internal fraud. Employees who have access to customers’ accounts perform this type of loyalty fraud. Internal fraud happens when a company fails to implement internal security practices and can be harder to detect since it is an inside job.
  3. Customer fraud. Customers often purposely go around the terms and conditions of a merchant’s loyalty program to acquire more loyalty points. An example of this is several family members using the same account to accrue loyalty rewards. This type of loyalty fraud can also happen when customers request and obtain a chargeback or refund but keep the loyalty points.

Note: Merchants should do everything in their power to decrease chargeback rates. This way they avoid incurring additional charges or becoming deemed a high-risk merchant.

The Repercussions of Not Protecting Customers

The repercussions of not protecting customers form identity theft

The effects of loyalty fraud on customers eventually ends up hurting the merchant as well. Here is a list of repercussions businesses experience:

  • Loss of revenue. When a customer becomes a victim of loyalty fraud, the merchant has two options. They can either replace their loyalty points or potentially lose the customer if they do not. Both cases negatively impact the merchant’s bottom line.
  • Loss of customers. Customers affected by loyalty fraud will hesitate to do business with the merchant again. With so many choices in ecommerce today, it is not hard for them to find another merchant to whom they can give their trust and money.
  • Lawsuits and loss of trust. Customers targeted by fraudsters might sue the merchant. This is not only costly for the business but can also result in permanent reputation damage that deters future customers.
  • Loss of sensitive data. Customers use the same information on ecommerce websites and in banking. Consequently, losing their data through loyalty fraud can lead to money being stolen from their bank accounts.
  • Regulatory fines. If a data breach occurs, merchants pay fines imposed by the regulatory bodies that make sure customer information is protected (the EU’s European Data Protection Board, the United States Federal Trade Commission).
  • Chargebacks. Customers will often file for a chargeback after falling victim to loyalty fraud. Despite the merchant not being at fault, they still must pay chargeback fees.

Note: Card associations impose strict rules on merchants in order to protect cardholder data and prevent fraud and other security risks. Learn more about Payment Card Industry Data Security Standards (PCI-DSS) and how these regulations benefit you as a merchant.

How to Prevent Loyalty Fraud Attacks?

There are several ways merchants and customers can work together to prevent loyalty fraud.

  • Enforce strict authentication protocols. Merchants must remind customers to change their passwords frequently, not to use the same password for more sites, not to share them with anyone, and to make them as unique as possible. They should also implement two-factor authentication and CAPTCHAs as additional protection.
  • Educate customers. Merchants should frequently inform and remind customers about the most common attempts of loyalty fraud. By learning to recognize them, customers work together with merchants to improve online safety.
  • Limit spending. By limiting spending on customers’ accounts, merchants help prevent loyalty fraud attempts. This includes restricting both the frequency and the spending amount.
  • Implement fraud prevention tools. Merchants should implement solutions that detect irregularities in customer accounts and spot suspicious behavior. This includes a sudden increase in spending and accruing loyalty points, frequent reward redemptions, etc.
  • Monitor inactive accounts. Aside from keeping an eye on all account activity, merchants should also watch out for dormant accounts that have suddenly become active again. This is especially important if the account re-activation is followed by increased reward redemption.
  • Set up activity notifications. Merchants should send their customers email or text confirmations after they redeem rewards. This is one of the best ways to prevent confusion regarding spent loyalty points.


Loyalty fraud is increasingly hurting both customers and merchants. Fraudsters frequently target ecommerce businesses and their customers through loyalty programs to cash in rewards or resell them to other parties.

Luckily, there are many ways to prevent loyalty fraud attempts, including enforcing strict login protocols, regular account monitoring, and educating merchants and customers about loyalty fraud issues. Protect your revenue, reputation, and customers by ensuring you stay ahead of loyalty program fraudsters.

About the author
Anastazija Spasojević
Anastazija Spasojevic is a content specialist with expert knowledge of finance, ecommerce and payment processing. After graduating in journalism and international relations, she took interest in topics of fintech, world economics and online banking.
Talk to a Merchant Support Specialist