How Loyalty Memberships Are Making You a Target for Hackers

With all the hype about protecting your social security number to prevent identity theft, it’s easy to think loyalty accounts aren’t a likely target for hackers. What could someone possibly do with such limited information? If they steal your points, can’t you just call the company and replace them?

The truth is, when hackers target loyalty membership accounts, they’re looking for more than just points. Redeeming your points is just a bonus for them.

You should think twice about what information you provide to any loyalty programs you join, because you don’t know what third parties have access to the company’s database of personal information, including customer passwords.

Hackers have been targeting loyalty memberships for years. In 2015, usernames and passwords were stolen from the frequent flyer membership databases of two major airlines, and miles were cashed in for flight credits and merchandise. One customer reported unauthorized credit card charges as a result. Around the same time, Hilton Hotel members were targeted and thousands of Honors points were stolen.

Dispelling the myths about what hackers want

Hackers aren’t after just social security numbers. They’re after every bit of personal data they can get to gain control over as many accounts as possible. They might get a full name and address here, a birthdate and email address there. Once they get a loyalty membership password, they’ll use it to log into someone’s email. If it’s a match, look out.

With access to someone’s email address, a hacker can gain access to just about any account that doesn’t require two-factor authentication. They do this by searching for passwords saved in emails, and requesting lost passwords.

Why loyalty memberships are attractive to hackers

Loyalty membership databases provide hackers with access to full names, birthdates, credit card numbers, billing addresses, and sometimes passwords. All of this information can be used to hack other accounts, like online banking and email.

Your data isn’t being securely collected

When you sign up for a loyalty program account, the data might not be collected and stored securely. If it’s not encrypted in transit and on the hard drive, it’s not secure. If you don’t know whether your information is encrypted, you should find out as soon as possible.

Hackers gather data from everywhere

Hackers are continually building large databases of personal information, adding to each entry when new data arrives. In addition to hacking databases, they use packet sniffers to capture unencrypted data in transit. This includes verbal conversations. Yes, your conversations over the internet can be hijacked just as easily as data!

Is it safe to discuss account information over the phone?

What if a hacker is listening to your conversations? Can they extract data that way, too? The answer is yes – sometimes. Any digital transmission is susceptible to being hijacked, and the only way to protect it is through encryption.

Provided you’re communicating over the internet through VoIP and not a regular phone line, you can encrypt your own conversations to get an extra layer of security, by using a secure system such as the secure VoIP phone system from Dialpad.

Consider not providing personal data for rewards

If you don’t provide companies with your personal information, you won’t be putting yourself at risk if their database gets hacked.

If a rewards program requires you to enter sensitive information, ask yourself if saving a few bucks by earning points is worth the risk.

If you’ve already given out your personal data, consider revising your stored data and only enter the information they absolutely need for your account to remain active. If they’ve collected data you don’t want them to have, delete it or change it. Be diligent with the data you provide to corporations; you can’t control where it ends up.