Take care of your points or how to resist fraud in loyalty programs
The first loyalty programs for airline passengers appeared in the early 1980s, when American Airlines decided to offer its frequent customers certain advantages. Due to the various benefits and advantages that passengers gain by accumulating points, and also due to the possibilities of accumulating these points using credit cards, the value of these offers is constantly increasing. Often, people manage to score thousands of points, equivalent to thousands of rubles of possible advantages, but many do not even suspect that these accumulated points can be stolen.
Today, cybercriminals are not the only objects of interest, but are banks, electronic payment tools, stock brokers, or e-commerce systems.
The problem is that, although modern users are aware that fraudsters may try to access their banking and personal data using a phone or email, many people are unaware that in a similar way someone might want Get access to their loyalty points.
')
The most common types of attacks are phishing attempts (phishing) —when the user receives, at first glance, a genuine letter from a loyalty program. At the same time, to install malware on your computer or log in with your account details on a fake website, you only need to click a mouse button, but as a result, your accounts may be stolen.
Currently, such a scheme is so effective, and the behavior of users is so well studied by fraudsters that, according to data from Barracuda Networks, up to 90% of such letters work. Such attacks become possible as a result of sharing infected computers with shared access, calls from fake call centers, transferring account information to third parties or even as a result of fraudulent actions by unscrupulous employees of the company that owns the loyalty program.
Anyway, to recognize this type of fraud with the use of accumulated points is very difficult, because hackers have a sufficient amount of information that does not allow them to bring to clean water. Moreover, as a rule, the victim does not immediately see the theft of accumulated points, because very few people check the status of their account in the loyalty program on a daily basis.
Taking into account possible losses, we should take the protection of loyalty programs no less seriously than we take the protection of our money accounts, because, as a rule, the value of points can be very high. Loyalty program providers should implement stronger authentication methods that will increase security. Airlines, for example, can identify potential risks not only by analyzing user IDs and IP addresses.
In particular, loyalty program providers should watch out for:
Points accumulated in loyalty programs are an attractive target for attackers, because with the help of these points they will be able to purchase tickets or receive other goods, and then resell them to other persons. Unsuspecting buyers then risk being denied boarding, or their purchase will be confiscated if fraud is detected. In addition, criminals often acquire accumulated points and use compromised accounts to launder money.
All this indicates that loyalty program providers need to take a more careful approach to security to make sure that they provide their services to legitimate users, for example, using multifactor authentication in their mobile and other solutions .
On the other hand, these same solutions can increase travelers' confidence in the safety of their accumulated points, even if they fall for the tricks of fraudsters, and account information has been compromised. And that means - and to increase their confidence in the loyalty program itself and other services of the companies.
Have a good rest, good flight, and take care of your points!
Today, cybercriminals are not the only objects of interest, but are banks, electronic payment tools, stock brokers, or e-commerce systems.
The problem is that, although modern users are aware that fraudsters may try to access their banking and personal data using a phone or email, many people are unaware that in a similar way someone might want Get access to their loyalty points.
')
The most common types of attacks are phishing attempts (phishing) —when the user receives, at first glance, a genuine letter from a loyalty program. At the same time, to install malware on your computer or log in with your account details on a fake website, you only need to click a mouse button, but as a result, your accounts may be stolen.
Currently, such a scheme is so effective, and the behavior of users is so well studied by fraudsters that, according to data from Barracuda Networks, up to 90% of such letters work. Such attacks become possible as a result of sharing infected computers with shared access, calls from fake call centers, transferring account information to third parties or even as a result of fraudulent actions by unscrupulous employees of the company that owns the loyalty program.
Anyway, to recognize this type of fraud with the use of accumulated points is very difficult, because hackers have a sufficient amount of information that does not allow them to bring to clean water. Moreover, as a rule, the victim does not immediately see the theft of accumulated points, because very few people check the status of their account in the loyalty program on a daily basis.
Taking into account possible losses, we should take the protection of loyalty programs no less seriously than we take the protection of our money accounts, because, as a rule, the value of points can be very high. Loyalty program providers should implement stronger authentication methods that will increase security. Airlines, for example, can identify potential risks not only by analyzing user IDs and IP addresses.
In particular, loyalty program providers should watch out for:
- Do not access accounts from unknown devices?
- Were unknown devices used to view or change credential details?
- Did you log in to different accounts from the same device in a short time?
- Has there been a sudden increase in the number of miles in your account where no such significant activity has previously been observed?
- Is there a significant increase in points spent on an account compared with previous periods?
- Are there numerous tickets purchased for names other than the account holder?
Points accumulated in loyalty programs are an attractive target for attackers, because with the help of these points they will be able to purchase tickets or receive other goods, and then resell them to other persons. Unsuspecting buyers then risk being denied boarding, or their purchase will be confiscated if fraud is detected. In addition, criminals often acquire accumulated points and use compromised accounts to launder money.
All this indicates that loyalty program providers need to take a more careful approach to security to make sure that they provide their services to legitimate users, for example, using multifactor authentication in their mobile and other solutions .
On the other hand, these same solutions can increase travelers' confidence in the safety of their accumulated points, even if they fall for the tricks of fraudsters, and account information has been compromised. And that means - and to increase their confidence in the loyalty program itself and other services of the companies.
Have a good rest, good flight, and take care of your points!
Source: https://habr.com/ru/post/333980/
All Articles