It’s not just your credit card number that hackers want anymore. It’s your points. Marriott International’s disclosure on Friday that it’s investigating how hackers siphoned data from 500 million guests is the latest example of fraudsters targeting the USD 238 billion loyalty industry. Hackers have found it’s increasingly easy to access rewards portals and quickly redeem consumers’ hard-earned points and miles for gift cards or hotel stays. Marriott joins the ranks of airlines and hotel chains, such as Hilton Worldwide Holdings Inc. and British Airways, that have had to deal with the fallout from data breaches of their loyalty programs. In the U.S., consumers maintain 3.3 billion memberships in such programs, earning roughly USD 48 billion worth of points and miles each year, according to Chargebacks911, a risk mitigation firm that helps merchants handle fraud. About 72% of loyalty programs have experienced fraud. The data associated with these programs has become increasingly valuable to criminals: on the dark web, a consumer’s Social Security number often sells for USD 1, while loyalty-account information can fetch 20 times that, according to data from Experian Plc. Hotels, airlines and retailers often operate at a disadvantage when it comes to combating fraud because they want to make it easy for customers to redeem their rewards — meaning hackers can have an easier time accessing accounts too. Customers also check their loyalty accounts less frequently, meaning they’re less likely to notice if their points are stolen. The rise in loyalty fraud has led to changes in insurance coverage. Some insurers have been adding coverage to help their corporate clients mitigate the financial pain caused by the loss of customers after a hack, according to Lindsey Nelson of CFC Underwriting Ltd.
|