What Is Loyalty Account Fraud and How Can You Protect Yourself?

Quick Answer

Loyalty account fraud is when someone accesses and uses your rewards without your permission. You can put several measures in place to help keep your accounts protected.

A man wearing white shirt is leaning on his hand as he looks at his computer screen.

While most people understand the importance of keeping their financial accounts and personal information safe, you might not put as much thought into protecting your frequent flier miles or supermarket rewards points. However, points, miles and other loyalty bonuses can have a lot of value, and fraudsters may be out to steal your rewards.

What Is Loyalty Account Fraud?

Loyalty account fraud is when someone accesses and uses your loyalty rewards without your permission. Imagine saving up your miles and points for a special vacation, only to find your accounts have been drained. It happens, and the thieves may quickly sell your rewards on the dark web or cash them out for a gift card or merchandise that they can resell. Some thieves may even sell flights or hotel stays to unassuming buyers and then book the travel using your points.

Any rewards program with points or miles that can be redeemed for cash, gift cards or something of value could be a target, including:

  • Frequent-flier programs
  • Hotel loyalty programs
  • Gas station rewards programs
  • Dining and supermarket rewards programs
  • Retailer rewards programs

Credit card rewards points and miles could also be at risk, although those types of accounts might have extra security measures in place, as the rewards are generally tied to your credit card account. On the other hand, if you have a co-branded card, such as an airline or hotel credit card, the miles and points usually accrue within the program's account, which may not hold the same protections.

How Loyalty Fraud Happens and What You Can Do About It

Loyalty account fraud can happen in different ways. Sometimes, it's a type of account takeover fraud, which could result from:

  • Hackers breaking into your account
  • Fraudsters guessing or using your login information that they got from a data breach
  • An employee fraudulently using your rewards
  • Someone tricking you into sharing your account's username and password

Loyalty account fraud can also refer to customers or employees who game a loyalty program—for example, someone who opens up multiple accounts to get sign-up bonuses, limited-use coupons or discount codes.

Here are a few measures you can take to protect yourself from loyalty fraud attacks:

  • Use unique passwords. Avoid using common words or sequences that could be guessed. A password manager can make this easier by creating and keeping track of your passwords for you. Also, use separate passwords for all of your accounts so if a fraudster gains access to one of your passwords, your other accounts will still be safe.
  • Enable multifactor authentication. Multifactor authentication (MFA) can keep someone from accessing your account without a second piece of information, such as a code sent to your email or generated by an authentication app. It may not be available on all of your accounts, but enable it when you can.
  • Set up activity alerts. See if you can get an alert emailed or texted to you whenever your rewards are redeemed. Programs like AwardWallet may also offer account balance notifications, but there may be an additional subscription cost.
  • Don't link loyalty programs to retailers. Some rewards programs let you pay for purchases at partnered companies. However, this can also be an easy way for fraudsters to quickly use your rewards if they get into your account. (It also might not be a good way to get the most value from your rewards.)
  • Be wary of social engineering. There's no technological solution to preventing social engineering, because it occurs when scammers trick people into willingly sharing information. For example, someone might email, text or call you claiming to be from customer support and asking you to "verify" your information. It's always best to look up the company's contact information and initiate the conversation yourself rather than provide the information on the call.

Many of these approaches are also best practices for securing other types of accounts and making these a regular habit can help protect you from common scams and identity theft.

What Happens if You're a Victim of Account Loyalty Fraud?

If you notice someone has used your rewards, contact the company right away. They may need to transfer you to the fraud department and open an investigation. While federal regulations limit your liability if someone steals your credit cards, they won't necessarily limit your liability if someone steals your loyalty rewards. However, companies may reinstate them, especially if you act quickly to tell them about the security breach and help them stop the theft.

Monitor and Protect Your Identity

Your personal information can be even more valuable than your loyalty rewards, as fraudsters may be able to use your information to help them gain access to financial accounts or open up new accounts in your name. Experian offers free credit monitoring and subscriptions to identity theft protection services. The latter comes with dark web surveillance, identity theft insurance and access to U.S.-based fraud resolution specialists who can help you recover from identity theft.

The purpose of this question submission tool is to provide general education on credit reporting. The Ask Experian team cannot respond to each question individually. However, if your question is of interest to a wide audience of consumers, the Experian team may include it in a future post and may also share responses in its social media outreach. If you have a question, others likely have the same question, too. By sharing your questions and our answers, we can help others as well.

Personal credit report disputes cannot be submitted through Ask Experian. To dispute information in your personal credit report, simply follow the instructions provided with it. Your personal credit report includes appropriate contact information including a website address, toll-free telephone number and mailing address.

To submit a dispute online visit Experian's Dispute Center. If you have a current copy of your personal credit report, simply enter the report number where indicated, and follow the instructions provided. If you do not have a current personal report, Experian will provide a free copy when you submit the information requested. Additionally, you may obtain a free copy of your report once a week through December 31, 2022 at AnnualCreditReport.