Tuesday, January 26, 2021
  • How to Protect Your Business From Supply Chain Attacks
  • Jump Into 2021 With a Unified Approach to Remote Monitoring
  • Standard SNMP Device Monitoring
  • Is Biden’s Peloton Bike an IoT Cybersecurity Risk?
  • ZTNA and CASB: Combining Key Pieces of the SASE Puzzle

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Protecting Loyalty Accounts and Rewards Programs

Protecting Loyalty Accounts and Rewards Programs

by Enzoic on October 3, 2019

According to LoyaltyOne, a loyalty advisory company, in the US, there are at least 3.8 billion rewards memberships, which equates to about 10 per consumer. Companies create loyalty programs for their customers because it decreases customer attrition while also giving the company more information on each customer for data mining and partnerships. One key challenge for companies is protecting those rewards and loyalty accounts from increasing account takeover attacks.

Not just the typical rewards programs

The industries that offer loyalty or rewards programs is growing.   Retail is catching on fast. At Nordstrom, 10 million members of the loyalty program’s outspent non-members 4 to 1. The rewards program at Starbucks accounts for 40% of US purchases and membership has surged more than 25 percent in the past two years. From gas stations to cigarette manufacturing, most consumer-facing industries either have or are considering starting a loyalty program. Even gaming, hospitals, wineries, utilities, automobile companies, and pizza chains have rewards or loyalty programs.

With the proliferation of loyalty
programs being set up, there is also a significant increase in account takeover of those loyalty program accounts.  

When people think of loyalty programs, they frequently think of their hotel programs or airline rewards programs. Individual loyalty accounts associated with travel rewards programs are regularly taken over by criminals and there have also been some significant travel-related data breaches like the Marriott breach in 2018. Compromised airline accounts are frequently found on the dark web. But other loyalty rewards programs that you would not think would be a target are also repeatedly attacked.  

How are loyalty programs attacked?

The conventional method of the attack
is through a user’s own credentials that have been exposed and are for sale on
the dark web. And loyalty programs are a rich target.  They all have
some form of value that sells on the dark web.  According to the New York
Times, are a “Honey Pot for Hackers,” and TotalRetail states that
loyalty programs are a gold mine for hackers. 

There are two important factors here:

  1. Most people use more secure passwords for their financial and
    banking accounts because the perceived risk is high if someone is able to
    access their account. Conversely, they tend to insecure credentials for their
    loyalty program accounts because there is less value associated with these
    accounts.  But because they use less secure passwords, their accounts are
    more vulnerable to attack.
  2. Loyalty program accounts are frequently penetrated by hackers
    using compromised credentials (username and password combinations). 
    Because most people reuse passwords across most of their online accounts,
    criminals can gain
    credentials from another site
     and use them on the loyalty
    program site. 

What can a consumer do to protect
their loyalty accounts? 

  1. Stop reusing passwords across multiple sites. Use a password manager, like LastPass, if you have too many passwords to remember.
  2. Monitor your username and password for each online account you have to make sure they are not for sale on the dark web. An identity theft protection product like IDShield allows you to enter your username and password for all of your loyalty program accounts and your other online accounts.  You get an alert when your username and password are found on the dark web so that you can change your password on that account to a safer one.  

What can a company do to protect its loyalty accounts? 

  1. Encourage customers to be more security conscious as part of joining the loyalty program. Educate them on loyalty fraud and the importance of frequently tracking their points.
  2. Add credential screening to your loyalty program, so your customers can be notified if their loyalty account credentials have been compromised.  This informs your customers and enables them to take action before their points are fraudulently redeemed.

There is no single solution that can
entirely protect a retailer from the threat of attack. However, it is critical
that retailers take loyalty fraud seriously because it can cause them financial
loss, customer attrition, and damage to their reputation. Credential screening
is an affordable way for companies to take a proactive approach to their
program’s security. 

Learn more: https://www.enzoic.com/account-takeover-prevention/

The post Protecting Loyalty Accounts and Rewards Programs appeared first on Enzoic.


Recent Articles By Author
  • A Chronic Illness: Why Healthcare Industry Needs an Update
  • Pride and Passwords: Top Hacking Methods & How to Prevent Them
  • Cybersecurity and What’s Not Working from Home
More from Enzoic

*** This is a Security Bloggers Network syndicated blog from Enzoic authored by Enzoic. Read the original post at: https://www.enzoic.com/protect-loyalty-programs-rewards-accounts/

October 3, 2019October 3, 2019 Enzoic account takeover, credential screening, Loyalty Programs, Rewards Accounts
  • ← Classic Facebookery: Zuckerberg, Harms Suffered
  • Avoid BYOD Headaches By Offering A Secure And Automated Onboarding Solution →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

FBI to Investigate Parler, New Russian Host will be Revoked
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Trump Hates Cloud, Because China Cyber?
What Are the 5 Elements of Trustworthy Digital Transformation?
Remote Workforce Security a Top Priority for 2021
FBI to Investigate Parler, New Russian Host will be Revoked
API Security in a Digitally Transformed World
Human Hacking Conference 2021 Goes Virtual!
IT security under attack: Credential dumping attacks in Windows environments
Top 10 Best Practices for Zero Trust IoT Manufacturing

Upcoming Webinars

Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 16

Security Policy Management in Hybrid Cloud Environment

February 16 @ 11:00 am - 12:00 pm
Feb 16

How Vertical Change Secures Sensitive Data Using Open Source Tools

February 16 @ 1:00 pm - 2:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Insider Risk Threatens Digital Enterprise
CISO Suite Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Security Boulevard (Original) 

Insider Risk Threatens Digital Enterprise

January 25, 2021 Joe Payne | Yesterday 0
Building Cognitive Resilience for Crisis Response
Cybersecurity Incident Response Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Building Cognitive Resilience for Crisis Response

January 25, 2021 Rebecca McKeown | Yesterday 0
What Are the 5 Elements of Trustworthy Digital Transformation?
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Identity & Access Industry Spotlight Security Awareness Security Boulevard (Original) 

What Are the 5 Elements of Trustworthy Digital Transformation?

January 22, 2021 Tom Kellermann | 3 days ago 0

Top Stories

FBI to Investigate Parler, New Russian Host will be Revoked
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Uncategorized 

FBI to Investigate Parler, New Russian Host will be Revoked

January 22, 2021 Richi Jennings | 3 days ago 0
Trump Hates Cloud, Because China Cyber?
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence 

Trump Hates Cloud, Because China Cyber?

January 21, 2021 Richi Jennings | 4 days ago 0
Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | Jan 18 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Allow Captcha’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.