In November 2014, many members of Hilton's HHonors loyalty program reported having their accounts hacked. These hackers didn't just steal points to be redeemed for free hotel rooms. Instead, many travelers who store credit card information in their loyalty accounts found their accounts were used to buy hotel rooms and additional loyalty points.
The "hacking" of loyalty programs, much like bank account attacks, is becoming an increasingly worrying problem as programs grow.
According to Ai Group, 72% of airline loyalty programs have reported problems with fraud, and more travelers believe that this type of "travel hacking" is becoming a much bigger problem.
Are you at risk when it comes to hacking attacks on your frequent traveler accounts? If you have any type of information or points balance, you may a bigger target than you realize.
What Information is "At Risk" from Loyalty Program Hacking?
Many frequent travelers may think that when their accounts are broken into via cyberattack, the biggest target is their points balance. Although thousands of miles (which can be treated the same as cash) may be at risk, many hackers are looking for much more valuable information.
Every traveler loyalty program collects a certain amount of common information from travelers, including name, address, phone number, and e-mail address. In addition, many frequent travelers also elect to keep additional information in their accounts, such as their favorite hotel locations, and preferred credit card information for booking hotel rooms.
Many travelers don't think twice when storing this information in their accounts, making them a very easy target for hackers.
Having a name, address, and complete credit card information is all a hacker needs to create problems for a traveler. With this information in hand, a hacker can rack up thousands of dollars in fraudulent charges well before you are alerted by your bank. In addition, with the right combination of information, hackers may be able to use the information stolen from your loyalty account to potentially steal your identity and open fraudulent accounts.
How Can I Monitor my Loyalty Programs for Hacking?
Monitoring loyalty programs for fraud is a major point of contention for both frequent travelers and travel providers alike. According to Ai Group, as much as 80% of loyalty program fraud is discovered completely by accident. And once it is discovered, it may be too late to recover the lost points.
Many frequent travelers use a service to monitor all of their accounts in one place, like AwardWallet. Many points tracking services can send out alerts when points are earned and used. Should your points be used without your permission, AwardWallet would send an e-mail to you alerting you to the drop in points, thus allowing you to take action sooner rather than later.
However, using a service like AwardWallet can also open you up to a different kind of risk as well. Award tracking services often require you to store passwords in their website in order to continually monitor your points balances. And should your account get hacked, a hacker could potentially have access to all of your loyalty accounts.
How Can I Protect Myself from Loyalty Program Hacking?
While there is no sure-fire way to protect yourself from cyberattacks against travel loyalty programs, there are certain measures you can take to reduce your risk of being attacked. For every loyalty program you have, here are three things you can do right now to protect your accounts.
- Set up strong passwords for your accounts
Simply put: you wouldn't put your pet's name, favorite food, or anything else trivial as your bank account password. So why would you do the same thing for your award accounts? By setting up strong passwords for each of your accounts, including numbers, symbols, and a mixture of capital and lower case letters, you can create a strong first line of defense against would-be loyalty program hackers.
- Set up e-mail alerts for your accounts
Many loyalty programs (especially credit card loyalty programs) allow you to setup e-mail alerts when points have been redeemed for rewards. If your loyalty program offers e-mail alerts, be sure those are set up from the start. Should your points be used without your permission, you'll get an alert as it happens.
- If you must store a card in your account - store a credit card
For most loyalty programs, storing a payment card in your account is an optional feature. However, many frequent travelers still elect to store payment cards in their accounts, in order to streamline the booking process. If you decide to keep a payment card in your account, make sure it is a credit card, and not a debit card. By storing a credit card, you will have more protection and resources to recover fraudulent purchases than with a debit card.
As the threat of loyalty programs being hacked looms, much of your unsuspecting data can be at risk. However, by understanding the threat and mitigating your risk, you can minimize your exposure to risk and keep your travels moving forward - possibly for free.