If you’ve heard about recent national data breaches, you may be wondering, what does this mean for my financial assets, and how does this impact me? As loyalty fraud experts who have been in the business of helping our clients protect their most loyal customers from fraudulent activity for 10 years, we know a thing or two about how impactful large breaches can be, and what needs to be done when a breach occurs. In this post we’ll share with you our best tips on what you should do to protect yourself and your customers from loyalty fraud after such breaches.
How does this impact loyalty customers? After a breach, hackers typically take the information collected and either use it for personal gain or sell it on the Dark Web. The impact to consumers is in the form of future instances of identity theft and credit card fraud, to name a few use cases.
But there are also direct implications for loyalty programs and program managers. After a breach occurs, fraudsters will sometimes share loyalty program specific data publicly (to improve their reputation), sell program data online to other criminals (to turn a profit), or cash-in the account’s reward points and fraudulently redeem for physical merchandise to either keep for themselves or sell online. The bottom line: compromised personal data from any large breach means fraudsters have all the information they need to administer an account takeover attack by posing as a valid customer and logging in to access loyalty member points and miles.
How can you help your customers protect themselves?
- Update your log in credentials and account passwords: It is recommended you frequently update and modify your account log in credentials and passwords. After a breach, this is an important step that is sometimes overlooked. Your passwords should be complex and unique. Use a password management app such as LastPasson your computer's browser and on your phone, advises Russell Vines, Consumer Reports' Director of Information Security. Don’t forget about your other financial assets including, 401k, mutual funds and loyalty accounts. Be sure you are monitoring their activity and are up to date on your programs’ fraud policies.
- Activate two-factor authentication on your email account. Consider the information that would be available if a fraudster was able to access the information within your email account. Two factor authentications help to harden the target for fraudsters. Fraudsters need both your password and secondary code to then access your email. Most email providers will text you a secondary code to your phone before allowing access to your account.
- Secure your phone: Most two-factor authentication utilize codes sent via text to your phone. However, you need to ensure that your phone is secure before opting in to this type of communication. In order to secure your phone, access the FCC smart phone security checker: https://www.fcc.gov/smartphone-security. An additional layer of protection is to download an authenticator app such as Google Authenticator or Microsoft Authenticator, which generates these codes without the need for texts, which can be intercepted.
Unfortunately, in this digital age, information is stored virtually and breaches can happen. And when you become a victim, it can be scary. While your information is out there now, taking these 3 steps can help protect you from further impact – now and into the foreseeable future. If you’d like more information on how you can take further action to prevent fraud attacks on your organization, you may be interested in our fraud checklist and fraud white paper. And if you’re wondering what an instance of loyalty fraud could cost your organization, try our free fraud calculator.