April 9, 2019 at 13:00 #2669
Merchants use loyalty programs as a way of encouraging customers to keep on purchasing goods or getting services from their businesses. While this is an excellent business undertaking, many customers do not analyze the repercussions of signing up for loyalty programs that give discounts, loyalty points, and prizes. Lately, there has been a lot of concern about the privacy of information in loyalty cards. Attackers have managed to illegally access the reward points on the cards and using them either for themselves or in the underground economy. Cybercriminals are also using identity theft to connect loyalty cards with debit and credit cards to execute larger crimes.
Which data is collected?
When you sign up for a loyalty card, the company gathers your information like age, gender, and name. Every time you make a purchase in the same retailer and you scan your card at the register; the company records the transaction against your loyalty account. Over time, the retailer can give an account of your purchase habits: what you buy, how much you spend on in a single shopping exercise and how frequently you do your shopping.
In many cases, the information collected through loyalty cards is managed by third-party companies. When these companies face data breaches, the privacy of customers’ information is also put to risk. Attackers target loyalty cards majorly for identity theft. Apart from the basic information found in your loyalty card, they are also linked to debit and credit card information. Attackers combine the information in these cards with other sources and launch a crime spree.
How to stay safe while using loyalty cards
Use a secondary email address
If you are asked for an email address during the sign in the process of a loyalty program, use an alternative email account that is not linked with your business or work. Since it’s not good to lie about your name and address, it is advisable to give out the least amount of information possible.
Be mindful of what you share
You should never include a Social Security number when applying for a loyalty card. Unless it is mandatory, do not give your driver’s license number. You should also inquire why they need some personal information and how they intend to use it.
Use password protection
Different loyalty programs require a password for the account owner to access their details. When choosing the password to use, make it strong and unique. Avoid reusing passwords from other accounts. If the same password is used across multiple platforms, attackers need only one breach to access all of your accounts.
Beware of counterfeits
Many loyalty cards have an associated app. Malicious people might develop fake apps looking like legitimate ones. Attackers use such applications to harvest data from the user’s phone without their knowledge. To avoid such, ensure your phone is protected with an effective anti-malware that guards you against fraudulent apps. Also, ensure the corresponding loyalty program app is always updated. Developers update applications to seal any vulnerabilities they detect during the testing process.May 14, 2019 at 11:13 #3096