Hospitals, utilities, wineries and publishing houses are experimenting. As a share of fraud not involving a physical payment card, such schemes more than doubled from 2017 to 2018, according to the Javelin Strategy & Research firm. They tend to be, he said, “the path of least resistance”: easy to sign up for, shielded by flimsy passwords and often neglected by users. She said loyalty programs needed to do the same because “they have real currencies with real values.”. “It kind of makes you wonder whether you still want to do this, whether it’s safe,” he said. If, two minutes later, a clothing store account registered to the same person shows activity from an Android phone in Florida, Sift flags the transaction as suspicious. He said he had not taken those steps, and he feared that his Hilton account information, including his credit card number, might have been stolen. The programs, and their appetite for data, have grown, but security has not kept pace. As consumers hand over more data, many of them fail to monitor their accounts closely. Some brands have hooked their rewards to other companies. ... Buffalo Wild Wings uses cookies to improve our site and provide content and ads that might interest you. According to BWW’s Blazin’ Rewards site, that’s enough for nine free lunches (not counting tax and tip) and one free order of street tacos. On March 23, Mr. Holcombe woke up at home to a 3 a.m. notification from his Domino’s loyalty account: His pizza was ready for pickup in Santa Clarita, Calif. Last week, we asked you to fill us in on your favorite password managers. If you can’t remember the last time you changed the passwords on your loyalty program accounts, it’s time to make some password updates—or risk being hacked. Some criminals use stolen credentials to impersonate customers, breach loyalty profiles and then tap into separate accounts. ... Buffalo Wild Wings uses cookies to improve our site and provide content and ads that might interest you. After combing through…. Before Nordstrom started its Nordy Club last fall, the 10 million members of the program’s previous incarnation outspent nonmembers four to one, the retailer said. In the past year, Exxon Mobil, PetSmart, Victoria’s Secret and Uber have started or revamped loyalty programs. The NYT reports that one man had 9,700 Buffalo Wild Wings points stolen. Last month, Starbucks added tiers of rewards that can be redeemed more quickly than in the past. A McDonald’s spokesman said that the company was aware of “some isolated incidents” involving fraudulent purchases but was “confident in the security of the app.”. The programs, and their appetite for data, have grown, but security has not kept pace. Loyalty programs are “almost a honey pot for hackers,” said Kevin Lee, a risk expert for the digital security firm Sift. You’ll get 10 points every time … One loyalty-fraud prevention group estimates, conservatively, that $1 billion a year is lost to crime related to the programs. Many companies are also hiring digital security firms like Sift. “Of course, that’s the one place I got hacked,” he said. Companies use the programs to tailor deals and services to faithful patrons willing to divulge birth dates, payment card numbers, location data — even shoe sizes and favorite vacation spots. Nicole Dieker has been writing about personal finance for nearly a decade. The NYT reports that one man had 9,700 Buffalo Wild Wings points stolen. XPG SPECTRIX DT50 RGB PC Memory: 32GB (2x16GB) DDR4. This year, several McDonald’s customers in Canada complained that criminals had breached their accounts on the chain’s loyalty app, My McD’s, and placed unauthorized orders, some totaling more than $1,000. How much are stolen rewards worth? “That’s where the ballgame is heading,” he said. “It kind of makes you wonder whether you still want to do this, whether it’s safe,” he said of the loyalty program. How is someone going to take a flight or rent a hotel room using my reward points? One hacked Southwest Airlines rewards account with at least 50,000 miles was advertised for $98.88, according to the cloud security company Armor. How much are stolen rewards worth? In March, Chipotle briefly promoted a new loyalty program with cash prizes for consumers who also used the social payments app Venmo. There are at least 3.8 billion rewards memberships in the United States, more than 10 per consumer, according to research from LoyaltyOne, a loyalty advisory company. About 34,000 websites and apps use the company’s services. Walgreens offers points to shoppers who connect their accounts to Fitbit fitness trackers. Sift has access to troves of data its clients collect on loyalty programs and can track the individual customers’ behavioral patterns across multiple accounts, analyzing them for possible fraud. More than half of the rewards memberships in the United States are inactive, and more than $100 billion a year in rewards points go unredeemed, according to the marketing firm Bond Brand Loyalty. Sift’s omniscience might feel invasive, as if consumers were pledging loyalty at the expense of privacy. When someone orders a latte from a cafe chain’s app, Sift can tell that the person is in New York using the same iPhone linked to past purchases. Hilton said it had “the appropriate security and fraud protection measures in place.” The company also said it had reinstated Mr. Najera’s points after he reported the intrusion. Participants submitted the phone number associated with their Venmo accounts on a website created by Chipotle. In a data breach revealed last year as one of the largest ever, thieves attacked Marriott’s Starwood unit, stealing the personal information — including five million unencrypted passport numbers — of more than 350 million customers and Starwood Preferred Guest members. McDonald’s said its app replaced payment card information with a series of randomly generated numbers that protect accounts from data theft, but not from fraudulent purchases. Loyalty programs are “almost a honey pot for hackers,” said Kevin Lee, a risk expert for the digital security firm Sift. It is data protection fueled by data. … A Hilton app on Mr. Najera’s phone. Companies are collecting so much data that it is often “more than they can actually use,” said Emily Collins, an analyst with Forrester Research. Must present original coupon, which expires 11/30/2020. His Buffalo Wild Wings rewards account was also looted this year, with all 9,700 points used in Fresno, Calif. After all, you don’t want someone else enjoying that flight, hotel room, or plate of street tacos you rightfully earned. Although some loyalty programs will replace your rewards if you report them stolen, it’s still a good idea to use strong passwords every time you sign up for a rewards program and change those passwords on a regular basis—or install a password manager that’ll handle a lot of the work for you.