REPORTS

Loyalty for Sale – Retail and Hospitality Fraud

October 22, 2020

Letter from the EditorLoyalty for Sale: Retail and Hospitality Fraud

Welcome to Akamai’s State of the Internet / Security report, Volume 6, Issue 3, Loyalty for Sale: Retail and Hospitality Fraud.

Were you prepared for 2020? To be honest, that’s a rhetorical question; almost no one was prepared for this year and what it would bring. It’s been a learning experience for every business, but it could easily be said that retail, travel, and hospitality organizations have been impacted the most.

Our title, Loyalty for Sale, has multiple possible meanings, but we mean it almost literally. While your loyalty to a merchant, airline, or hotel chain might not literally be for sale, there’s a good chance the account associated with a loyalty program you use is. If we’re being honest, there’s also a good chance that each of us has accounts with multiple, competing companies. With each account created, we can take advantage of whichever program gives us the best discount for a specific transaction. It’s not disloyal to shop around for the best deal, though it might dilute some of the power of using loyalty programs.

Criminals aren’t afraid to use our loyalty against us. As we’ve said in previous reports, password reuse is a significant problem in all industries. Loyalty programs have the additional problem with perception, as many consumers don’t think of them as high risk, and are more likely to use weak passwords or mirror accounts they’re using with another organization. Even if your compromised account isn’t used to book travel or your points aren’t spent on products, the accounts themselves are a valuable product that can be sold to other criminals in the dark markets.

It may not be a comfortable thought, but in many ways, criminal enterprises are businesses just like any other and follow some of the same patterns we see in legitimate businesses. “As a service” is just as firmly entrenched in the underground as elsewhere — with DDoS for hire, botnet rentals, and phishing services being just a few examples. So it shouldn’t be any surprise that account lists are for sale and the tools to use them are available for rent.

All businesses need to adapt to external events, whether it’s a pandemic, a competitor, or an active and intelligent attacker. We’ve been watching credential abuse, and the markets that support it, evolve for more than two years. And nearly every time we look at it, we become more convinced it’s not an issue that can be tackled without having a wide view of the problem and the actors involved.

Martin McKeay
Editorial Director

SHARE:
Price: FREE

About the Provider

Akamai Technologies
Akamai Technologies, Inc. is an American content delivery network, cybersecurity, and cloud service provider headquartered in Cambridge, Massachusetts, in the United States.

TOPICS

Cybersecurity, data theft, fraud, Hospitality, Retail