Detecting loyalty fraud among frequent flyers

detecting loyalty program fraud

When fraud is mentioned, our minds usually jump to a few well-known categories: identity theft, credit card fraud, facility takeover, etc. But new kinds of fraud emerge all the time. In this post, we take a closer look at loyalty fraud.

Find out more about fraud use cases

What is loyalty fraud?

Loyalty fraud is when loyalty program designed to encourage brand loyalty are abused or manipulated for unfair gain.

It can range from friends sharing supermarket reward cards to the manipulation of computer systems to reallocate air miles. Loyalty fraud is a real crime that costs businesses hundreds of millions of dollars a year, but it has been largely ignored by technology vendors.

Managing fraud white paper
FREE: Managing fraud

The ultimate guide to fraud detection, investigation and prevention using data visualization


So, how big is the loyalty fraud problem?

It’s hard to know specifically, but these numbers shed some light on the scale of the issue:

  • $48bn of loyalty credit is sitting unclaimed.
  • Fraudsters have exploited 72% of airline frequent flyer programs.
  • 80% of frequent flyer fraud is discovered by accident.

How does loyalty fraud happen?

There are broadly three ways loyalty fraud happens:

  • The insider threat – when a member of staff charges their own account with customer credit or manipulates IT systems to collect credit. One IT analyst at a UK supermarket managed to fraudulently collect millions of points before being detected (read the news story: “Man jailed over Sainsbury’s Nectar point scam”)

  • Organized crime – criminals use phishing or social engineering methods to collect membership data and empty loyalty accounts. Often these are cashed in for goods or tickets that can be sold on to unsuspecting individuals.

  • Customer fraud – when customers share or pool loyalty credits against the terms of their scheme, or simply break the rules to gain more points than they are entitled to – for example, claiming air miles twice for a shared-revenue ticket.

And here’s the real kicker: the customers most likely to be affected by loyalty fraud – either as victims or misidentified as offenders – are those with the most credit and the highest levels of account activity: in other words, your best and most loyal customers.

How can we tackle loyalty fraud?

Loyalty fraud detection is a complex problem. Most transactions are genuine, so a process to find the small percentage that’s fraudulent requires a robust and large-scale approach to data analysis.

That said, with the right technology and approach to data analysis, we can recognize signs of loyalty fraud.

Loyalty fraud as a graph visualization problem

Fraud almost always involves the fabrication of a link – between an individual, a transaction, an account, etc. – so it makes sense to model data in a way that emphasizes those links.

Using graph visualization, we can find indications of fraud, including:

Unrecognized devices – this is especially telling if account details are changed or a large transaction happens on a new device.

Small transactions followed by larger ones – this can be a sign of testing the waters before trying to cash in a large number of credits.

Account access from multiple locations – a tough criterion to check for a frequent flyer program (you expect customers to move around!) but if a customer is accessing their account from Mumbai and London within an hour of each other, it should raise a flag.

Buying tickets with multiple names – or changing the name on a ticket purchased with points. Often fraudsters will sell ill-gotten airline tickets using online message boards or auction sites, changing the name afterward.

Unusual access patterns to the customer loyalty database – if a staff member is manipulating the system, you should be able to find evidence in server logs.

Repeated unsuccessful login attempts to the rewards website – this could be individuals or phishers trying to crack an account.

Visualizing loyalty fraud

Using some mock data for a frequent flyer program, we built an application for visualizing and detecting cases of loyalty fraud.

There are three entities we’re interested in:


  • Account ID


  • Transaction time
  • Transaction value
  • Transaction IP


  • Ticket ID
  • Ticket departure airport
  • Ticket arrival airport

Which we can map to the following data model:

Our loyalty fraud detection visual data model
Our loyalty fraud detection visual data model

When we take data from a ‘clean’ account and apply this model, this is the sort of structure we see:

a visualization of a typical loyalty program account activity - one device, three tickets, flights between four cities
a visualization of a typical loyalty program account activity – one device, three tickets, flights between four cities

What does this show?

The time bar here is showing two metrics: the grey histogram is the volume of transactions (both credits and debits), the red series link is the value of debits from the account.

The flow of transactions is steady, the value of debits is unsuspicious: two small debits in February and June, a larger one in December.

In the chart, we can see this account always travels from London Heathrow to busy business hub airports – Paris, New York, Frankfurt.

So far, so uneventful.

Frequent Flyer Fraud

Some unusual airline loyalty program activity
Some unusual airline loyalty program activity

Just a quick glance shows that this account doesn’t match the norm.

Firstly, take a look at the spike of transactions in October. If we zoom in, the majority of them took place on one day in under 20 minutes, including two small transactions in quick succession followed by 6 much larger ones:

Possible loyalty fraud? Six transactions in in 20 minutes
Possible loyalty fraud? Six transactions in in 20 minutes

We can also see two IP addresses at play here. The first one associated with four tickets between LAX and PDX, as well as a steady stream of credits:

One IP address in this dataset purchased four tickets between LA and Portland
One IP address in this dataset purchased four tickets between LA and Portland

The second IP was used to purchase 8 tickets, mostly for journeys outside of the US:

Another IP address used this account to purchase 8 tickets, mostly for international travel
Another IP address used this account to purchase 8 tickets, mostly for international travel

Clearly this is just a simple example of detecting loyalty fraud using a small amount of synthesized data, but it shows the potential.

Despite the significant potential for financial loss and reputation damage, loyalty fraud remains an area of low priority for fraud technology vendors.

To find out more about how our graph visualization toolkits can be used to help companies detect loyalty fraud and reduce financial losses, get in touch or request a free trial.

A screen showing a hybrid graph and timeline visualization created using ReGraph and KronoGraph
FREE: Start your trial today

Visualize your data! Request full access to our SDKs, demos and live-coding playgrounds.


How can we help you?

Request trial

Ready to start?

Request a free trial

Learn more

Want to learn more?

Read our white papers


Looking for success stories?

Read our case studies

Registered in England and Wales with Company Number 07625370 | VAT Number 113 1740 61
6-8 Hills Road, Cambridge, CB2 1JP. All material © Cambridge Intelligence 2022.
Read our Privacy Policy.