Air Transport Publications
Login   |   Register
jobs Jobs
events Events
My bookmarks

Loyalty cash out

Airlines have found themselves in a tricky position when it comes to dealing with loyalty scheme fraud. But as Keith Mwanalushi discovers, some solutions have begun to emerge

Earlier this year, United Airlines said that three dozen of its MileagePlus loyalty card accounts had been compromised as part of an attack that reused login credentials obtained from a third party. This incident was soon followed by a report from the Associated Press that 10,000 customer accounts at American Airlines had also been compromised.


The loyalty reward attacks on both US carriers bore all the hallmarks of a similar incident that occurred late last year against Hilton Hotels’ Honour rewards scheme. This scheme logs loyalty points whenever a customer books a Hilton room.


“The actual size of the problem is not fully known, but it is certainly increasing,” Kristian Gjerding, founder and Chief Executive Officer of CellPoint Mobile tells Low Cost & Regional Airline Business. “The reason why this is happening is that, in reality, taking a passenger’s miles activity does not face the same penalty as stealing cash, so there is less security. This makes it an easy target for professional hackers.”


Gjerding, an industry expert on mobile data integration, payments architecture solutions and fraud mitigation, observes that the industry is seeing an increase in the issue and utilisation of miles, because they create a valuable commodity.


Though the problem of loyalty scheme fraud is increasing, it is difficult to define exactly how big it actually is. “Often, the reason we don’t get a definition of the size of the issue is that most airlines are pretty quiet about any abuse of their loyalty programmes,” Gjerding reveals.


In some cases however, airlines and their loyal customers may not even know that the fraud is happening – when looking at the dispersion of loyalty miles, especially across the airlines, a big portion of the victims are not actually frequent flyers, Gjerding says. “Those that have a relatively small number of miles in their accounts don’t know that they have been stolen, simply because they don’t travel regularly enough.


“This also means that people don’t generally perceive miles as cash. If it was cash, everyone would know that it was missing from their bank account. All of these things combined create a very attractive target for hackers,” explains Gjerding.


Loyalty points and miles can be used in several ways. As Gjerding continues to explain, they can be illegally given away from one account to another, with the recipient making it out to be a legitimate transaction. These miles can then be used for the purchase of tickets or goods. “What they do is turn the [miles] into an active value in someone else’s account, which is typically fictitious. Reward miles and points can also be sold to a broker for real cash.”


Clearly, online accounts used to manage these reward programmes are less secured by both consumers and the companies that operate them. So, has the travel industry really been caught off guard? “Absolutely, there is no doubt about that,” says Gjerding. “And there is an obvious reason for it; these schemes weren’t a hot commodity, they were something that could not be used outside of the specific airlines.”


Today, Gjerding believes that most airlines are working very quickly to remedy this problem, but there is a specific challenge that they all face: “The airlines want to make these miles programmes easy to use. They don’t want to complicate them, making it as difficult as accessing your bank account, for example. This would cause them to lose value and nobody would use them.” Gjerding advises that, in this case, airlines need to do as much as they can whilst being as unobtrusive as possible, “and that’s a difficult balance”.


CellPoint Mobile provides the technology infrastructure, solutions and services to handle mobile payments and mobile transactions from a single, data-integrated platform. Gjerding believes that CellPoint has a solution to the dilemma that airlines face.


“We have a range of both unobtrusive and obtrusive tools, and a sophisticated algorithm and rule base behind it to determine when to transition from one to the other,” he says. Gjerding states that the key differentiator is that the CellPoint software is designed from inside the airline operating environment, and it is therefore recognised by the airline’s internal systems. “This allows us to do things more aggressively, and to do things that are not possible from the outside.”


For instance, Gjerding says that the technology can combine several different pieces of information, “Not just between the loyalty and payment sector, but a lot of other activities pertaining to a particular passenger.”


Typically, according to CellPoint Mobile, this information is combined to validate the authenticity of a user who is logging online – independent of what channel the user is using. “And then, based on a rule base set up by the airlines themselves, we can switch from unobtrusive – which covers everything from sophisticated device fingerprinting to recognition of IP addresses – to an obtrusive mode, where we insert step checks to validate customer’s identity. These are pretty aggressive steps. Ultimately, we can stall a transaction from occurring and flag it for the security team,” Gjerding states.

To download the PDF file for this article, you have to pay the amount by pressing the PayPal button below!

Filename: Loyalty cash out.pdf
Price: £10

Contact our team for more information!

The Airlines channel

Industry blog
Highlights from the Cabin Refurbishment & Repair Conference


You must be logged in to post a comment.

Please login or sign up for a free account.

Disclaimer text: The views expressed in the above comments do not necessarily express the views of Air Transport Publications Ltd. or any of its publications.