Share this article on:
Australian customer loyalty programs have been at risk of leaking customer data and PII for too long, compromising both loyalty and security.
They have served the retail industry well and are highly effective in driving customer acquisition and engagement, but when a cybersecurity breach occurs, there’s been a substantial lack of basic security hygiene in place. Loyalty programs are well overdue to see tools like Multifactor Authentication made available to users, ensuring both loyalty and security are prioritized.
As the popularity of loyalty programs continues to drive customer engagement, the attractiveness of these newly minted currencies also presents themselves as likely targets for bad actors. With the ever-increasing stored value, including credits, points, gift cards, and rich personal information, loyalty programs have become prime targets for cybercriminals, significantly increasing account takeover incidents globally. According to a report, the payments area, which includes store loyalty accounts generally saw a rise from a 4.07% net fraud rate in 2022 to 6.28% in 2023, a leap of 54%. (Veriff, Identity Fraud Report, 2024) Multi-factor authentication (MFA) is now a mandatory requirement for these store currencies to ensure the security of users' accounts.
The Growing Threat of Account Takeovers
Account takeover (ATO) attacks occur when unauthorized users gain access to customers' loyalty accounts, often using stolen or weak credentials. Once inside, these attackers can redeem rewards, transfer points, make unauthorized purchases, and access sensitive personal information. The repercussions of such breaches extend beyond financial losses; they erode trust and can irreparably damage a brand's reputation.
Hackers find it easy to gain access to these accounts as they are often protected by simple passwords, making them an easy target. Adding to the situation, new privacy penalties have been introduced in Australia, which are set to inflict severe consequences for data breaches.
Multi-factor Authentication adds an essential layer of security, enabling users to protect their identity while simultaneously enabling businesses to mitigate risks like account takeovers and phishing attempts. Furthermore, deploying an MFA vendor that enables risk-based authentication can help teams focus on good customer flows while your risk and product leaders can deploy rules and policies to secure sensitive actions like withdrawals or accessing PII.
While the benefits of MFA are clear, its implementation should be approached with care to balance security with user convenience. A process that is too cumbersome may deter customers from using the loyalty program. Here are a few considerations:
As loyalty programs continue to grow in popularity, the importance of securing these digital assets for Australian businesses and their customers cannot be overstated. Implementing Multi-factor Authentication is critical in safeguarding against account takeover attacks, thereby protecting your customers, your brand, and your bottom line.
By implementing MFA in your loyalty program, you demonstrate to customers that you prioritize their security and trust. This commitment to security can, in turn, foster a deeper, more loyal customer relationship in an increasingly competitive landscape.