Protect your reward program points from hackers

Loyalty programs benefit both customers and businesses. Such programs persuade shoppers to stick with a specific brand because the customer gets rewarded with cash back, points, or other collateral when they make purchases from the business they align with.

The travel sector, which includes hotels, resorts, flights, and car rental companies, especially loves loyalty programs. Forbes reported that in 2022, American Airlines earned $5.8 million, just from its frequent flier programs.

What this means for everyday travelers is that there’s a ton of money poured into getting you to sign up for loyalty programs. And when you do, your data spreads further across the internet, sometimes via less secure channels and platforms.

Such wide (and perhaps easily compromised) exposure makes your personal information attractive to hackers. However, the reasons criminals target travel loyalty programs can range beyond the mere abundance of the data and its resell options.

How hackers cash in on your loyalty points 

In addition to selling your personal data—such as your loyalty login credentials and subscriber profile—to data brokers and on the dark web, hackers can also steal your loyalty points, cash-back rewards, and other perks.  In other words, they hack your account and walk away with the very rewards you signed up for. Here’s how these scams typically unfold:  

• Scammers use your points to book trips for others. Some loyalty programs allow third parties to redeem points, making it easy for criminals to take advantage. With access to your login credentials, a hacker can transfer your points to another account or apply them to a purchase. Because the transaction appears to be authorized by you, the fraud often goes unnoticed. These stolen points can be used to book flights, hotels, rental cars, and more for the hacker’s accomplice—or an alias. 

• Hackers turn your loyalty program details into cash. Cybercriminals can also use your loyalty information for a quick payday in several ways: Selling your credentials on the dark web, where other criminals buy and exploit them; redeeming points for cash equivalents, such as credit card statement credits or prepaid gift cards; converting points into tickets, then reselling them on the black market or sketchy travel sites—sometimes for thousands of dollars. By the time you notice the fraud, your rewards may already be long gone. 

How to protect your reward program points

Most people don’t travel so frequently that they monitor their loyalty points on a regular basis. Usually, people check on the tallies only when they plan a vacation. And how often does that occur?

Thieves bank on this benign neglect. Besides keeping tabs on your travel loyalty accounts (just as you would a bank account), you can implement other safeties to make your profile less likely to get hacked.   

• Change your passwords at least once a year, suggests Mastercard’s data and services department.  

• Use strong passwords. 

• Don’t share your login credentials. 

• Enable multifactor identification.  

What to do if your loyalty program gets hacked

First, report the problem to the business where you racked up the points. Then, contact their fraud department directly. (Rectifying the problem usually entails talking to a human being, so if you get stuck in an automated loop, try dialing “0.”)

Since loyalty program fraud leaves a clear trail (someone had to redeem the points), the investigation is usually straightforward, and companies may be able to restore your stolen rewards once the fraud department establishes a crime was committed.

After that? Follow the above recommendations to best protect yourself from future fraud. And if the fraud escalates into identity theft, we’re here to help you recover.