in ,

Can Hackers Steal Your Hard-Earned Loyalty Benefits?

It Is Estimated That About 1 Billion Dollars a Year Are Lost to Loyalty Program Crimes

Photo by Ilya Pavlov on Unsplash

Loyalty fraud prevention groups estimate that about 1 billion dollars a year are lost to loyalty program crimes. Hackers can even steal sensitive personal data, as some loyalty programs are tied to credit cards.

“We rarely associate loyalty programs with high fraud risk. Because they rarely involve money transactions, customers tend not to be concerned about their safety. Same for the companies offering them,”

says Daniel Markuson, a digital privacy expert at NordVPN.

“This creates a perfect space for hackers to snatch your hard-earned bonus points for valuable free goodies.”

According to him, fraudsters usually target companies with weak loyalty scheme security. The electronic loyalty cards are really easy to intercept as they are delivered instantly and require no physical shipping address, allowing fraudsters to steal your data just by using your email.

“The damages are also growing more and more extreme,”

explains NordVPN’s digital privacy expert.

The New York Times reported that US shopper Daniel Najera lost all of his, which were used to make payments for purchases on Amazon – and that’s just one of many cases.”

Can hackers steal your hard-earned loyalty benefits?

Navigate the article

Types of loyalty fraud

Loyalty fraud can be conducted by customers themselves, employees or outside fraudsters. Usually, according to Daniel Markuson, this happens when a loophole is left in the system or Terms of Service of the loyalty program.

Conducted by customers

This happens when customers find a loophole in the system and exploit it for their own needs. In one of the most famous cases, American civil engineer David Phillips bought 12 thousand pudding cups to exchange them for 1.2 million air-miles.

Conducted by employees

Company staff can claim unused benefits intended for customers, or they could snatch customers’ info by abusing their access to internal systems.

Conducted from the outside by fraudsters

This includes counterfeit accounts, data theft, and other methods of illegally obtaining your loyalty program rewards. Fraudsters can breach your loyalty account, create fake accounts, and assume the identities of legitimate customers.

How to protect yourself

Daniel Markuson from NordVPN says that there are a few precautionary measures you can undertake to avoid such fraud:

  • Use strong passwords for your accounts. You can also check if your password hasn’t been breached online or use a generator to create strong random passwords.
  • Be cautious around unsafe public WiFis. Public WiFi users are easy prey for cybercriminals, so you could end up exposing not only loyalty points but even banking details. However, you can use a reliable VPN, like NordVPN, to hide your data.
  • Regularly check your account statements and keep tracking your balance. Loyalty scheme fraud often succeeds because the customer notices the changes too late.
  • Do some research on the company offering the loyalty program. Find out what security measures they apply to their loyalty program databases if this info is available.
  • Avoid scammy websites designed to steal your data. Scammers and hackers can set up websites to steal your login info, financial data, or even your rewards.


NordVPN is the world’s most advanced VPN service provider, used by over 12 million internet users worldwide. NordVPN offers double VPN encryption, malware blocking and Onion Over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide and is P2P friendly. For more information:


This post contains affiliate links. Affiliate disclosure: As an Amazon Associate, we may earn commissions from qualifying purchases from and other Amazon websites.

Written by Hassan Ahmed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.