Three steps against cyber attacks on loyalty

Hacker attacks have become an integral part of the news, mainly about companies and their customer data. Customer loyalty programs are also under attack. Those who check logic take external protection seriously and ensure that unusual behavior is noticed, preventing legal and illegal data misuse.

Undetected attacks on customer loyalty programs cause financial damage, but can also damage the image, for example when bonus programs need to be restricted, temporarily unavailable or even customer data is lost. This is what Zofia Woźniak says, Business Solution Manager responsible for loyalty programs at the global Comarch company Provider of business software and related consulting.

In order to protect himself from attacks and recognize them, Woźniak proposes three measures. They are the essence of their experience with the loyalty programs of large and international retailers. Artificial intelligence methods play a major role in this.

Logic of the test process
A thorough test of the process logic in a loyalty program excludes the obvious, namely customers and possibly criminals legal use of errors in the system. Not all possibilities are tangible in tests, after all, clients are very different and criminals are very resourceful. Anyone who changes logic should carefully observe how this affects customer behavior, i.e. whether it creates vulnerable gaps.

Woźniak advises introducing strict rules when certain processes or patterns practically do not change. Such rules may be that not all reward points can be redeemed at once, or only certain point balances can be used. Or that the number of bonus points that can be earned or the number of purchases that earn points are limited in the day. Rigid rules limit the scope of manipulation.

“Here, AI evaluation can provide quick information about the normal behavior patterns of program participants, so that rules can be properly set and lasted as long as possible,” he says. “Conversely, it forms the basis for AI to recognize unusual behavior and raise an alarm accordingly.”

Keep your customer data safe from the outside world
Just as logic must be right and must not offer any attack points, the entire system with all information must be protected externally against theft and unauthorized access. Losing trust makes customers wary, especially when it comes to personal information. The data then becomes less valuable or, at worst, even worthless.

Firms should visibly support their clients in protecting their own data. Woźniak therefore recommends “two-factor authentication is best, also when logging in to the loyalty program”, with strong passwords that are absolutely necessary. There is a balance between comfort and safety. But security is also an image factor.

recognize patterns
Anyone who infiltrates the system and tries to use it, can be known through their behavior. Here, Zofia Woźniak pulls the AI ​​rabbit out of her hat again: “Machine learning helps to recognize unusual patterns of behavior very quickly,” she says. “Configurable actions automatically respond to suspicious behavior, such as preventing suspicious transactions, blocking an associated account, or sending a transaction for manual verification.”

For a comprehensive overview of all data and processes related to loyalty programs, for example, you can evaluate system log files as well as general statistics and metadata. The data transmission on the interfaces to other parts of the program can also be filtered.

“Anyone who hears these three tips,” says Woźniak, “can protect the greatest Achilles heel and reduce the target area of ​​the loyalty program.”

Leave a Comment