Businesses should make logging into customer loyalty accounts as secure as possible to raise the barrier to entry for adversaries trying to gain access. Businesses must treat loyalty points with the same level of stringency as ‘legitimate’ currency fraud.
The first step is to monitor traffic across loyalty programs and ensure you have an overview of who is using them, and whether the traffic is from malicious bots or human users.
Implementing multi-factor authentication on loyalty reward login pages alerts customers to suspicious login activity on loyalty accounts, and separating username and password fields with a two-step process makes it harder for adversaries to gain access. Securing third-party systems, e-wallets and plugins further decreases the surface area available to attackers.