Introduction
Loyalty programs can be viewed as a type of ‘bank account’, where members accumulate stored value. With hundreds of billions of dollars of value held in loyalty accounts, they are an ideal target for fraudsters. What makes it particularly easy is that loyalty programs generally do not have the same security levels as banks.
One vulnerability is where loyalty programs that ask new members to fill in a paper form as part of the join process. These forms can capture enough information for a fraudster to commit identity theft, therefore they must be treated with significant security process protocols which may not always be the case. Loyalty consultants typically recommend avoiding using such forms, yet some brands still persist.
Risk of paper join forms
Despite the widespread adoption of digital registration processes globally, some brands still use paper forms as one option for loyalty program registration.
Paper join forms pose a security threat to loyalty program operators and their new member, primarily due to the potential for unauthorised access to discarded or improperly stored documents and information. These forms contain valuable personal information that fraudsters can exploit for various malicious activities. Identity theft, unauthorised account access, fraudulent point accumulation or redemption, and selling personal information on the dark web are among the primary concerns.
Mitigation for paper join forms
To address the risks associated with paper join forms, loyalty program operators should consider several strategies:
- Digitising the join process wherever possible is crucial.
- Implementing secure storage protocols for paper forms and establishing a prompt data entry system can minimise the window of vulnerability.
- Ensuring secure destruction of forms after data entry and implementing a tracking system for paper forms are essential steps.
- Comprehensive staff training on data security and regular audits of the paper form process are also vital components of a robust security strategy.
Case Study: Morrisons
According to their website, UK grocer Morrisons allow customers to register for their loyalty program, Morrisons More, using a paper join form.
The website states, “If you do not have access to a computer or mobile phone, or prefer to sign up via a paper form – you can register for a More Card in store by speaking to one of our helpful colleagues”.
This does not appear to be a main process, but an exception, indicating that Morrison’s would prefer customers register via digital means. It is likely that Morrisons have very strict protocols for processing registrations in instances where a paper join form is used, thus protecting themselves and their members from potential paper join form fraud.
Conclusion
The persistence of paper join forms in certain sectors presents a unique security challenge for loyalty programs. By recognising this risk and implementing robust mitigation strategies, program operators can significantly reduce their exposure to fraud while protecting their members’ valuable personal information.
As the loyalty landscape evolves, it’s crucial for program operators to regularly assess their security measures, adapting to new threats and leveraging technology to enhance protection across all touchpoints, both digital and physical.
Call to Action
Don’t let your loyalty program become the next target for fraudsters. Take proactive steps to secure your program and protect your members’ valuable data. For expert guidance on loyalty program fraud prevention and security, contact the loyalty consultants at Loyalty and Reward Co. Our team of customer loyalty consultants can help you develop a comprehensive security strategy tailored to your program’s unique needs.
As loyalty sales consultants, we ensure that your loyalty program remains a source of value for your business and your customers, not a vulnerability to be exploited. Our expertise in consumer psychology and data-driven insights allows us to provide innovative solutions that drive customer acquisition, spend, and retention whilst maintaining the highest standards of security.
Acknowledgement
Thank you to Michael Smith, co-founder of the Loyalty Security Alliance and contributor to ‘Loyalty Programs: The Complete Guide’, whose expertise helped inform insights presented in this article.
References
- Loyalty Security Association. (2017). Airline Loyalty Program Fraud Report.
- Marriott International. (2018). Marriott Announces Starwood Guest Reservation Database Security Incident.
- Transmit Security Research Lab. (2023). Dark Web Threat Research Report.
- Loyalty and Reward Co. (2024). Best Practices in Loyalty Program Security.
- https://www.morrisons.com/help/morrisons-more/morrisons-more-card/#how-do-i-register-for-a-more-card