URGENT UPDATE: Cybercriminals are increasingly targeting loyalty programs, revealing a shocking 89% surge in digital fraud, according to the newly released Digital Trust Index 2025 by Sift. This alarming trend underscores the vulnerability of loyalty rewards, which are becoming a prime avenue for fraud as they can be easily converted into cash or goods.
Experts warn that loyalty programs have become a critical area of concern as their value is now treated like digital currency. Igor Litovsky, Founder and CTO of Mastermind Loyalty, highlights that these programs, which often operate under minimal security, are enticing targets for cybercriminals.
With loyalty points, bonuses, and miles functioning as currency, the risks have escalated. “Most loyalty programs operate on bonus points that can be exchanged for goods or cash back. Yet, reward accounts are not monitored as rigorously as financial accounts,” says Litovsky. This gap in security has made loyalty points easier for criminals to exploit.
The problem is compounded by the complexity of modern loyalty systems, involving numerous players such as issuing banks, program providers, and fulfillment centers, creating multiple entry points for attacks. “The speed at which loyalty programs evolve often outpaces the security measures in place,” Litovsky adds. Just after a purchase, attackers can exploit synchronization gaps, initiating rapid redemptions or balance manipulations.
Authorities confirm that digitization has inadvertently lowered barriers for fraud, with attackers leveraging AI and bots to automate their schemes. “Processes have become more sophisticated, but speed often comes at the expense of security,” Litovsky explains.
Fraud tactics include account takeovers, where attackers drain customer accounts, leaving businesses with significant reputational and financial damage. Credential stuffing—where leaked credentials are tested across various services—has become a common method of attack.
In a revealing statistic, global annual losses from loyalty fraud are estimated between $1 billion and $3 billion. In the US alone, companies face severe repercussions, often needing to reimburse customers while absorbing the losses themselves.
As the digital landscape continues to evolve, Litovsky emphasizes that proactive measures are essential to combat this growing threat. “The biggest challenge is staying ahead. Companies must shift from reactive responses to proactive strategies,” he asserts. His innovative methodologies have shown a significant reduction in fraud exposure, achieving losses cut by 30–60% year over year for clients.
The urgency for robust security in loyalty programs has never been clearer. As billions in unused points linger, the reality is that all assets representing value are vulnerable. “Loyalty rewards are financial infrastructure now, and they require protection equivalent to any financial asset,” Litovsky concludes.
With these developments, vigilance is critical. Consumers and companies alike must adapt quickly to safeguard against the escalating risks of loyalty fraud. As this story unfolds, expect further updates on measures being implemented to combat these threats.
