Breaking news and updates daily. Subscribe to our Newsletter

Protecting Australian Loyalty Programs with Multi-factor Authentication

Australian customer loyalty programs have been at risk of leaking customer data and PII for too long, compromising both loyalty and security.

Promoted by AuthSignal
Tue, 14 May 2024
Protecting Australian Loyalty Programs with Multi-factor Authentication
expand image

They have served the retail industry well and are highly effective in driving customer acquisition and engagement, but when a cybersecurity breach occurs, there’s been a substantial lack of basic security hygiene in place. Loyalty programs are well overdue to see tools like Multifactor Authentication made available to users, ensuring both loyalty and security are prioritized.

As the popularity of loyalty programs continues to drive customer engagement, the attractiveness of these newly minted currencies also presents themselves as likely targets for bad actors. With the ever-increasing stored value, including credits, points, gift cards, and rich personal information, loyalty programs have become prime targets for cybercriminals, significantly increasing account takeover incidents globally. According to a report, the payments area, which includes store loyalty accounts generally saw a rise from a 4.07% net fraud rate in 2022 to 6.28% in 2023, a leap of 54%. (Veriff, Identity Fraud Report, 2024) Multi-factor authentication (MFA) is now a mandatory requirement for these store currencies to ensure the security of users' accounts.

The Growing Threat of Account Takeovers

Account takeover (ATO) attacks occur when unauthorized users gain access to customers' loyalty accounts, often using stolen or weak credentials. Once inside, these attackers can redeem rewards, transfer points, make unauthorized purchases, and access sensitive personal information. The repercussions of such breaches extend beyond financial losses; they erode trust and can irreparably damage a brand's reputation.

  • The Australian Competition and Consumer Commission (ACCC) states that there were over 16,000 reports of identity theft alone in 2022 (ACCC 2023). However, these crimes continue to be under‑reported, often because individuals do not self‑identify as victims of identity crime. (Australian Government, Identity crime and misuse in Australia, 2023)

Hackers find it easy to gain access to these accounts as they are often protected by simple passwords, making them an easy target. Adding to the situation, new privacy penalties have been introduced in Australia, which are set to inflict severe consequences for data breaches.

  • Australia has passed legislation to introduce massive new privacy penalties – maximum penalties can now reach the greater of A$50m, three times the benefit of a contravention, or (where the benefit can't be determined) 30% of domestic turnover. Source from ashurst.com.

Why MFA Matters

Multi-factor Authentication adds an essential layer of security, enabling users to protect their identity while simultaneously enabling businesses to mitigate risks like account takeovers and phishing attempts. Furthermore, deploying an MFA vendor that enables risk-based authentication can help teams focus on good customer flows while your risk and product leaders can deploy rules and policies to secure sensitive actions like withdrawals or accessing PII.

Benefits of MFA for Loyalty Programs:

  1. Enhanced Security: MFA makes it considerably more challenging for attackers to breach accounts, even if they have obtained the password, thereby protecting the customer's assets and personal information.
  2. Increased Trust: Customers are becoming more security-conscious. Knowing that their loyalty accounts are protected with MFA can boost their confidence in your brand, encouraging continued engagement with your loyalty program.
  3. Regulatory Compliance: Many industries are subject to regulations that require businesses to protect customer data. Implementing MFA can help comply with these regulations, avoiding potential fines and legal issues.
  4. Mitigating Financial Losses: By preventing ATO attacks, MFA helps avoid financial losses associated with fraudulent transactions and the operational costs of recovering compromised accounts.
  5. Deploying Risk-Based Authentication ensures the best consumer experience while mitigating the risks of attacks.

Implementation Considerations

While the benefits of MFA are clear, its implementation should be approached with care to balance security with user convenience. A process that is too cumbersome may deter customers from using the loyalty program. Here are a few considerations:

  • User Experience: Opt for high-assurance MFA types that integrate seamlessly with your loyalty program's interface. Passkeys and mobile push authentication are both optimized for user experiences and deliver some of the highest assurance authentication available today.
  • Risk-based Step-up Authentication: Implementing adaptive/contextual authentication can help mitigate the inconvenience of MFA by only challenging when risk is present or when compliance is required. This enables businesses to deliver good customer flows and reduce unnecessary authentication experiences.
  • Education and Support: Educate your customers on the importance of MFA and provide clear instructions on how to use it. Offering robust customer support can also alleviate any frustrations during the transition period.

Experience Passkeys Here

As loyalty programs continue to grow in popularity, the importance of securing these digital assets for Australian businesses and their customers cannot be overstated. Implementing Multi-factor Authentication is critical in safeguarding against account takeover attacks, thereby protecting your customers, your brand, and your bottom line.

By implementing MFA in your loyalty program, you demonstrate to customers that you prioritize their security and trust. This commitment to security can, in turn, foster a deeper, more loyal customer relationship in an increasingly competitive landscape.

cyber daily discover
Authsignal is a drop-in authentication platform. Focused on enabling enterprise and mid-market businesses to seamlessly...

Latest articles

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.