This is exactly what happened to thousands of Hilton Honors rewards accounts members near the end of 2014, after hackers stole millions of the programs rewards points and began selling them online to other takers. United, American, and Japan Airlines experienced similar thefts in their respective awards programs in 2015. Hilton reimbursed its account members who reported that their points were stolen, but the damage had been done and inevitably, some of those account members experienced disruptions in their travel plans.
The hackers’ modus operandi for travel point thefts has been as unsophisticated as the security that the company had erected around reward accounts. One analysis of travel rewards programs revealed that hotel and airline companies had little more than four- to six-digit passwords for their sites, with no other user authentication. Consumers also tend to be more complacent about their travel awards accounts, and frequently use the same sign-in information for each of those programs. This allows a cyberthief to gain access to multiple accounts as soon as one account is cracked.
Hackers are also thwartingreward program security systems with simple spoofing schemes that fool those systems into thinking that a request to redeem airline or hotel miles is coming from a legitimate rewards program member. With a spoof, the hacker replicates the network address of a legitimate rewards member and fools the rewards computer into believing that the hacker’s sign-in is originating with that user.
The Incentive to Steal Rewards Points
Reward points are high-value, low-risk targets that are protected with minimal security. Points can be sold to brokers for cash. They can be exchanged for products or gift cards. Some hackers have gone so far as to use stolen points to book their own air travel and hotel stays.
More dangerously, rewards card points can be a stepping stone to a user’s more secure data, including addresses, financial account numbers, and social security number. More than 3 billionuser-loyalty rewards accounts have been opened by U.S. citizens. This vast trove of data is an enticing target for cybercriminals that have a further goal of stealing identities.
How to Respond if Your Points are Stolen
As suggested by the Hilton Honors situation, if you see that points have been stolen from any of your rewards accounts, your first order of business is to notify the company of the theft. This lays the groundwork for the company to reimburse points that may have been lost.
Because of the cross-pollination of passwords among a user’s rewards accounts, if you lose points from one account you should check all other accounts to confirm that they have not been targeted as well. Changing and varying passwords among accounts is also a good strategy to prevent further losses.
A company that runs a rewards program has different concerns and liabilities in the event of a data theft or breach from those rewards accounts. That company will likely incur substantial direct costs to recover lost data and to rebuild affected servers and databases. It may also incur liabilities to rewards account members whose points and data have been lost or compromised as a result of the breach. The company might be able to absorb these direct and third-party losses associated with the breach, but those losses can be substantial and have a direct effect on the company’s bottom line. Cyber insurance is a better option for all companies that manage rewards accounts.
Cyber insurance can make compensation available to cover a company’s cybertheft losses. Cyber insurance companies can also help their clients to establish better security to prevent losses in the first instance. Rewards account members who know that they are dealing with a company that provides stronger protection will be more likely to continue with the program and to remain loyal to the brand.
Four Things You Need to Check on Your Car Before...
The Top Five Telecommunication Companies in 2018!
New Essential Materials in the Automotive Industry
New Technology Aims to Make Motorcycles Safer
How to Build SEO Back Links That Work?
Getting The Most Out Of Your Washer And Dryer
Best Breakthroughs Technology has had
Downtime and dollars: the true cost of a DDoS...
What Organisations Must Learn from Wannacry Debacle?
Bounce Rate Metric – An Important Indicative...
New Photo Booth Lets You Eat Your Photos
What you need to know about rollback Acer drivers?
|What to Fix When Selling Your Home: 7 Things You Should Check and Repair Before Listing Your Property|