Loyalty Programs and Privacy Risks

September 14, 2022

Who doesn’t love free stuff? And who doesn’t want to be rewarded for spending money? Gas, groceries, airline miles, lattes, and luxury goods – everyone is offering loyalty programs, and most people don’t think twice about signing up for them. On the surface, it seems like a win-win for both parties. The company gets repeat customers for a low retention cost, and the customer gets freebies, discounts, and giveaways. But is there a hidden cost to the customer? How much are your privacy and personal information worth? In recent years, loyalty card and reward apps have become high-value targets for identity thieves and cybercriminals. Many of these loyalty programs collect your personal data, requiring your name, date of birth, address, and email as part of their sign-up process. While you think you’re providing this personal data to the large, secure company you trusted with your initial purchase, many retailers actually outsource the management of these programs to third-party companies. As a result, your personal information is often stored in less secure databases susceptible to breaches. Rewards cards not only have your name, address, and phone number but are often linked to credit card information. If a bad actor has access to this combination of data, it can make you an easy target for identity theft and financial fraud.  

  • For example, in 2021, a security breach at the airline technology company SITA compromised over 1.8 million members of two major airline loyalty programs.  
  • Similarly, after a 2014 hack of the Hilton Honors program, one member’s account was used to pay for six hotel stays at Hilton properties. The corporate credit card associated with the account was then used to buy more reward points for the hacker.

Your email address is a valuable commodity in the world of digital marketing, particularly when it is tied to information about your purchasing habits and product preferences. Loyalty programs often sell your personal information to other companies, which then target your email and home address with advertising and spam. Not only does this fill your inbox with junk mail, but it also significantly increases the risk that your personal information will be compromised. Don’t want to give up the spoils of smart spending? That’s OK – there are ways to keep yourself safer and still earn rewards:

  1. Never include your Social Security number on a loyalty program application. If a driver’s license number is requested, leave that space blank. Most programs will approve you without your license information.
  2. Consider creating an email address just for loyalty programs and other commercially related correspondence, such as discounts, newsletters, and other email marketing campaigns.
  3. If the loyalty program or app requires a password, create a unique password. Do not use the same password across multiple accounts. You should practice this important security measure across all your accounts and passwords. If you repeat passwords, it takes only one breach to give cybercriminals the ability to hack into your other accounts with the same password.  
  4. Many loyalty programs utilize an app. Before downloading it, ensure it is the correct app – there are fake apps designed with the same look and feel as the real app used to hack your personal information. Not all apps need access to your contacts, location, photos, and microphone. Limit the permissions for any loyalty app you add to your phone, granting it only the access it needs to perform its primary function.

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Three Reasons You Should Delete Your Old Online Accounts

How much do your outdated and likely forgotten online accounts reveal about you? What kind of data do they store? Delete old accounts and remove your personal information from unwanted sites.
April 8, 2022

Recent Attacks on Substations and Emergency Preparedness

Over the past several weeks multiple disruptive attacks on critical electrical infrastructure such as the substations connected to the US power grid have reemerged in headlines. On November 30, 2022 the Department of Homeland Security described the vulnerable infrastructure as possible targets for groups or individuals seeking to exploit soft targets, cause significant financial losses, or disrupt society.
January 31, 2023

Child Safety Online - Important Things to Know

Child safety online is a concern for every parent. Learn what is important to know in 2023 when it comes to your child's online navigation.
February 15, 2023

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.