Protect Your Rewards Points and Miles From Theft

(Image credit: © Jonathan Gayman Photography)

Kiplinger's interviewed Barry Kirk (pictured above), who creates and consults on consumer loyalty programs for Maritz Motivation Solutions. Read excerpts from our interview below.

Yahoo recently disclosed a 2013 breach that exposed personal information from more than 1 billion user accounts. Are loyalty rewards accounts vulnerable to hacking, too?

Fabulous Travel Freebies

Consumers tend not to see loyalty accounts as housing sensitive data. But points and miles are currencies that have a real dollar value, with $48 billion worth at stake among U.S. consumers, according to an industry study conducted a few years ago. That number is probably significantly higher now. Criminals recognize that the store of value sitting in unprotected loyalty programs is ripe for the picking.

From just $107.88 $24.99 for Kiplinger Personal Finance

Become a smarter, better informed investor. Subscribe from just ~~$107.88~~ $24.99, plus get up to 4 Special Issues

CLICK FOR FREE ISSUE

https://cdn.mos.cms.futurecdn.net/flexiimages/y99mlvgqmn1763972420.png

Sign up for Kiplinger’s Free Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

How do crooks steal points and miles?

Criminals attempt to hack loyalty accounts daily. Sometimes they focus on a single account to, say, exchange rewards for airline tickets, usually redeeming them outside the U.S. Other attacks target hundreds or thousands of accounts at once. In such large-scale compromises, hackers often redeem points for gift cards, which they sell on the black market. We’ve also seen hackers use credit card accounts not only to make fraudulent purchases but also to rack up points, which they then move out of the account. Loyalty managers have kept a low profile with regard to breaches that have occurred, but it’s just a matter of time until there’s a well-publicized breach of a large program—most likely in airline or hotel rewards because members accrue significant value in those programs.

How can customers protect their loyalty rewards?

Treat your loyalty accounts, especially the ones that hold the most value, as you would your bank accounts. Set aside time once a month, at a minimum, to review activity in your loyalty accounts. If you’re earning rewards daily with a program, check it multiple times a week. Don’t use the same passwords for your loyalty programs as you do for your e-mail, bank or credit card accounts. If hackers breach one account, they have a skeleton key to the sensitive data in other accounts. Take advantage of a password manager—software that generates, stores and encrypts passwords.

What should you do if points or miles have been stolen?

Immediately contact the loyalty program’s call center. By and large, programs are generous in refunding points or miles because it’s usually not a fuzzy situation. For instance, if points in the account of a customer who lives in Chicago were redeemed and sent someplace in Russia, it’s pretty clear that it wasn’t the owner accessing the account.

Lisa has been the editor of Kiplinger Personal Finance since June 2023. Previously, she spent more than a decade reporting and writing for the magazine on a variety of topics, including credit, banking and retirement. She has shared her expertise as a guest on the Today Show, CNN, Fox, NPR, Cheddar and many other media outlets around the nation. Lisa graduated from Ball State University and received the school’s “Graduate of the Last Decade” award in 2014. A military spouse, she has moved around the U.S. and currently lives in the Philadelphia area with her husband and two sons.