Uncovering Bots in eCommerce: Loyalty Point Fraud

Alex McConnell
Alex McConnell
3 Minute read
Uncovering Bots in eCommerce: Loyalty Point Fraud

Article Contents

    On Thursday 14th May, we’re bringing together guest speakers from leading eCommerce organizations to discuss what bots mean for them in 2020, the challenges facing technology leaders and their approaches to managing bot traffic. Ahead of the webinar, we’re giving you a first look at what you need to know about the threat of carding and loyalty points fraud.

    What do eCommerce businesses need to know about loyalty points fraud?

    Loyalty schemes operated by the eCommerce industry have become so popular that they now represent a billion-dollar industry, with customers earning loyalty points when purchasing goods or services from their favourite brands. Yet financial losses from loyalty card fraud are equally significant — with an estimated $1 billion being stolen every year.

    Loyalty programs tend to rely on points or rewards instead of financial transactions and therefore, most loyalty programs don’t benefit from strong data security, nor do customers don’t track their points in the same way that they do their bank balance. Loyalty programs have become an attractive target for cybercriminals and thieves who seek to steal points, that are as good as cash when redeemed where they were earnt.

    Loyalty scheme fraud in eCommerce

    Retailers must be particularly vigilant to the threat of loyalty points theft. In 2019 alone, there was an 89% increase in loyalty program fraud and a 44% increase in fraud against online apparel and accessories retailers.

    Andy Still, CTO at Netacea said:

    People don’t treat loyalty points in the same way as they treat other financial products. When our wallet or purse is stolen or lost, we immediately cancel our credit and debit cards. Our loyalty cards can wait. Retailers tend to treat loyalty points in the same way-logging into an account doesn’t have the same level of security and two factor authentication is rare.

    Andy Still CTO – Co-Founder, Netacea

    Many customers use the same login details to accounts holding loyalty points as their other accounts. It takes just one of these accounts to be breached for the rest to become vulnerable to attack. And it could take months for the customer to discover their points have been swiped, with most paying less attention to protecting their card or account. The question is, where does responsibility lie; with the customer or the business?

    Andy stated:

    “Retailers can’t be blamed for lower levels of security. After all, the point of loyalty schemes is to keep the customer engaged and to encourage repeat business. If logging into an account becomes difficult or requires extra steps, people are far less likely to use it.”

    Fraudsters steal thousands of Nectar Card points

    In 2019, frustrated users of the Nectar Card loyalty scheme found their points stolen and spent. In some cases, customers had lost points to the value of more than £100

    It has been reported that fraudsters managed to illegally acquire a customer’s Nectar card number, change the address in the account, report the card as lost and then get a new card sent to the ‘new’ address and spend the points.

    A Nectar spokesperson said:

    We ask customers to report any points they believe are missing from their account so that we can investigate and refund points where the loss is genuine.We regularly review our security measures to ensure customers are protected and advise customers to regularly update their passwords and be mindful of increasingly sophisticated phishing attempts from fraudsters.

    Nectar Spokesperson

    Stopping the bots to stop loyalty points fraud

    To successfully acquire loyalty points, attackers must gain access to a customer’s account. Typically, this is achieved with a credential stuffing attack, in which hackers utilize automated bots to carry out thousands of login attempts across a site in a matter of minutes, using credentials acquired in legacy data breaches.

    Putting a stop to loyalty points fraud, therefore, requires a sophisticated approach to stopping credential stuffing attacks in their tracks. Your credential stuffing protection must secure login forms on your website, mobile apps and APIs, by detecting and mitigating attacks before they escalate, to prevent the risk of future fraud.

    At Netacea, we provide a smarter approach to bot management with a solution to stop credential stuffing attacks in a scalable, agile and intelligent manner, across websites, mobile apps and APIs.

    Our technology monitors all site visits to a specified path and analyses them in context relative to each of the visitors to the enterprise estate. The technology then automatically learns from the business’ web estate, according to the specified priorities it faces.

    As the threat of loyalty point fraud increases, retailers must protect their customer accounts and treat their loyalty point schemes more like bank accounts. It is vital that eCommerce businesses strive to understand bots to protect their customers. To find out why are bots a threat to eCommerce in 2020, join us for the LIVE webinar:

    How Netacea helps business prevent loyalty point fraud

    Put a stop to loyalty point fraud by detecting and stopping the bots that look to carry out attacks on your ecommerce business. Netacea bot protection software applies defensive AI and real time attack detection and response to ensure your business can counteract and defeat loyalty point fraud attacks as and when they happen.

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.

    Related Blogs

    Knight chess piece
    Alex McConnell

    What is a Sophisticated Bot Attack?

    Learn about the growing sophistication of bot attacks. Find out how to improve defenses and detect these attacks effectively.
    Alex McConnell

    Offensive AI Lowers the Barrier of Entry for Bot Attackers

    Explore the impact of offensive AI and automated attacks. Discover how AI is changing the landscape of cybersecurity.
    Worker helmet
    Alex McConnell

    What is Defensive AI and Why is it Essential in Bot Protection?

    Discover the potential of defensive AI in bot protection. Explore how machine learning can protect against automated attacks.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats
    Book a Demo