Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



How bonus programs can make fraudsters more loyal to your business

September 2019 by Claire Hatcher, Global Lead, Kaspersky Fraud Prevention

As companies strive to become more successful than their competition, they can find it a struggle to secure new clients and retain their current customers. Loyalty programs are often seen as an answer to solving these difficulties and have become one of the most popular ways to improve customer engagement and retention. To put it simply, these programs give either a welcome bonus or a reward for constantly buying something from the same retailer. Such campaigns are well received amongst consumers and, according to a Kaspersky survey, 53% of customers have purchased something with their bonus points. Loyalty programs first appeared at the end of the 19th century in the form of copper tokens and special stamps, which could be exchanged for bonus points.

By the 1990s loyalty cards were become familiar amongst consumers – these plastic cards with a barcode or magnetic line helped customers top up their loyalty points quickly and stored them in one place. However, today, these cards are becoming redundant as people prefer to shop online, with 70% of consumers worldwide purchasing goods via the internet.

Bonus points takeover

There are different ways malefactors can gain access to the accounts of reward program participants. They can brute force the password for a certain email. The task can be even simpler as an attacker can try to use credentials which were previously compromised in a breach or data leak. It increases the chances of success, as people tend to use the same passwords for different accounts. Malicious programs that covertly collect passwords and usernames (password stealers) can also help an attacker attain valid credentials.

Welcome gifts for fraudsters

Accounts of existing users are not the only target for cybercriminals. It’s even easier for fraudsters to jeopardise and take advantage of welcome points given to new customers. They can register multiple fake accounts to accumulate points. On one occasion, Kaspersky’s fraud analytics team discovered a case in which fraudsters had created almost 3,000 accounts registered with just a single email address. It was possible because Gmail and the e-commerce platform involved have a different approach on how to identify emails. Gmail doesn’t distinguish dots in emails making and the same address for an email service, which guarantees that addressee will receive a message even if someone used a dot by mistake.

A loyalty program can be an effective marketing tool, but fraud can turn it from a benefit to a burden. If a company’s loyalty scheme is exploited, the business will not only lose potential clients and profit, but also face the negative reaction of those who it is trying to attract if one day bonuses suddenly start to disappear.

See previous articles


See next articles