With access to rewards being the core motivator for members to join a loyalty program, it should not be surprising that redemption fraud is a consistent threat for loyalty program operators around the world.

Fraudsters can exploit vulnerabilities to steal points, create fake accounts, or even manipulate physical cards.

This blog explores various types of redemption fraud, including counterfeiting, a tactic that ultimately brought down Subway’s Sub Club program.

Whilst redemption fraud is possible, there are various mitigation tactics that loyalty program operators can implement to reduce the risk.

Redemption Fraud Risk

Redemption fraud can take many guises:

• Double dipping is where fraudsters exploit system vulnerabilities to redeem points or miles multiple times.
• Stolen points occur when criminals gain unauthorised access to member accounts, redeeming points without the rightful owner’s knowledge.
• The creation of fictitious accounts to accumulate and redeem points fraudulently is another common tactic.
• Employee fraud presents an insider threat, where staff members with system access illicitly redeem points for personal gain.
• Hacking involves cyber attacks aimed at breaching program databases to steal and redeem points en masse.
• In simpler loyalty systems, punch card fraud may occur, where counterfeiters manipulate physical cards to claim unearned rewards.
• Time zone exploitation takes advantage of system time differences to redeem points multiple times or bypass redemption restrictions.
• Third-party sales involve the unauthorised selling of points or miles, violating program terms and conditions.

Mitigations for redemption fraud

To address redemption fraud, loyalty program operators can implement a range of strategies.

• Implementing strong cybersecurity measures to protect member data and prevent unauthorised access is paramount.
• Requiring additional verification steps for high-value redemptions ensures transaction legitimacy.
• Deploying systems to detect unusual redemption patterns or suspicious activity allows for quick intervention.
• Setting caps on the frequency and value of redemptions mitigates the impact of potential fraud.
• Educating staff on fraud detection and prevention emphasises the importance of adhering to security protocols.
• Conducting frequent system checks and audits identifies and addresses vulnerabilities. Informing program members about the risks of sharing account information and the importance of maintaining account security is crucial.
• For programs still using physical cards, implementing anti-counterfeiting measures such as unique stamps or digital validation enhances security.
• Ensuring all program systems operate on a unified time standard prevents exploitation of time zone differences.
• Explicitly prohibiting the resale of rewards or points to third parties in program rules and actively enforcing these policies further safeguards against fraud.

Case Study: Subway Sub Club

Subway’s Sub Club program provides a cautionary tale about the risks of redemption fraud.

In the past, Sub Club utilised a straightforward stamp-based system, allowing customers to accumulate stamps on cards for complimentary sandwiches. However, this system was terminated in 2005 due to widespread counterfeiting of stamps and cards.

Fraudsters were actively selling counterfeit stamps and fully stamped cards on online platforms such as eBay. The ease with which stamps could be replicated using the newly invented colour photocopier made fraud control exceptionally challenging.

Subway spokesperson Kevin Kane stated, “Someone informed us that our stamps were available for purchase on eBay. We were sceptical at first, but upon investigation, we discovered they were indeed being sold.” This fraudulent activity significantly impacted Subway’s franchisees, who were accepting these stamps in good faith.

In response to this security breach, Subway transitioned to a more secure, magnetic card-based reward system, which has now further evolved into an app system.

This case study underscores the vulnerability of simple punch card systems to fraud and emphasises the importance of implementing technology that is difficult to counterfeit. It also highlights the necessity for continuous monitoring of potential fraud channels, including online marketplaces.

Learn how to protect your loyalty from redemption fraud

As loyalty program fraud continues to evolve, staying informed and proactive is crucial for program operators and members alike. Loyalty and Reward Co, as leading loyalty consultants, offers a comprehensive series of articles on various aspects of loyalty program fraud, providing valuable insights and strategies for safeguarding your program.

For personalised advice on protecting your loyalty program from redemption fraud and other security threats, we encourage you to contact our team of customer loyalty consultants. Our tailored solutions can help you implement robust security measures, mitigate risks, and ensure the long-term success of your loyalty program strategy.

Don’t allow fraud to compromise the integrity of your loyalty program. Reach out to Loyalty and Reward Co today and take the first step towards a more secure and resilient loyalty ecosystem by talking to one of our loyalty consultants.

Acknowledgement

Thank you to Michael Smith, co-founder of the Loyalty Security Alliance and contributor to ‘Loyalty Programs: The Complete Guide’, whose expertise helped inform insights presented in this article.

References

1. Loyalty Security Association. (2023). Best Practices for Loyalty Program Security.
2. Smith, M. (2022). Navigating Fraud Risks in Modern Loyalty Programs. Journal of Loyalty Marketing, 15(2), 78-95.
3. Loyalty and Reward Co. (2023). Comprehensive Guide to Loyalty Program Fraud Prevention.
4. Loftus, P. (2005, September 21). Fraud Sinks Subway’s Sub Club. Wired. https://www.wired.com/2005/09/fraud-sinks-subways-sub-club/