Business owners love loyalty programs because they build rapport and engagement with customers and increase their business’ bottom line, but agile business owners should be aware that hackers are a threat to loyalty relationships. CNET pronounced last year the “worst year on record for security breaches” and customer loyalty programs are no exception. Hackers are stealing loyalty points and monetizing them by selling the rewards. Criminals log on to loyalty accounts, impersonate real customers and sell their rewards and information in places like the Dark Web. An estimated $1 billion is lost each year to crime related to the programs.
Loyalty Programs are Vulnerable
Why are loyalty programs an easy target? They are simple to sign up for, many times have easy to recognize passwords, and the account data is often neglected by users after sign-up.
All types of customer reward programs are at risk, but airline frequent flier and hotel reward programs are recurring targets of these schemes. Privacy researcher Comparitech searched the Dark Web and found that stolen rewards points were being sold for more than a dozen airline frequent flier programs for anywhere from $500-1,000 for 100,000 miles. As each airline mile is valued at 1-2 cents, the stolen miles are being sold at a considerable discount. The same is true of hotel rewards points. Hackers either transfer the miles or points to another user or sell access to the account username and password. The process is similar for any business’ reward program, whether it’s a rewards coupon or a free pizza. If it is a valuable reward that customers desire, there is a resale market for it.
Breaches Hurt Businesses of All Sizes
Data breaches not only hurt consumers, but businesses. Marriott and Dunkin Donuts loyalty programs well-publicized data breaches last year cost them millions in retribution, lawsuits and costs associated with relaunching and rebranding their programs.
It’s not just big businesses who suffer. A Bank of America study found that 21% of small businesses reported a data breach within the last 2 years, up 17% from two years prior. The same study reported that 41% of small businesses said it cost them more than $50,000 to recover. Most importantly, 30% of the consumers surveyed said they would never again support a small business that suffered a breach.
Web-Based vs. Mobile Security
So where are the vulnerabilities and how can proactive business owners protect their customers and themselves?
Retailers can fall short in securing the input platforms of their rewards programs. As a whole, web-based applications are not as secure as are mobile apps. Researchers at Northeastern University found that in 40 percent of cases, websites leak more types of information than do apps.
Here’s a checklist to make sure your business is safe:
□At a minimum, businesses need to have an SSL certificate to keep customer data safe
□Ensure communication between the tablet and servers is via SSL
□All passwords are hidden
□Mobile numbers stored are hidden
The Bespeak Difference
It is vital for business owners to have the best possible security in place when it comes to their rewards programs. With Bespeak, mobile application and tablet system secure communication between the tablet and servers via SSL, passwords are hashed and salted and stored mobile numbers stored are masked from merchants. With Bespeak, business owners can maximize and grow returns at every stage of the customer journey in a safe manner. Reach out today to learn more.