When fraud is mentioned, our minds usually jump to a few well-known categories: identity theft, credit card fraud, facility takeover, etc. But new kinds of fraud emerge all the time. In this post, we take a closer look at loyalty fraud.
What is loyalty fraud?
Loyalty fraud is when loyalty program designed to encourage brand loyalty are abused or manipulated for unfair gain.
It can range from friends sharing supermarket reward cards to the manipulation of computer systems to reallocate air miles. Loyalty fraud is a real crime that costs businesses hundreds of millions of dollars a year, but it has been largely ignored by technology vendors.
So, how big is the loyalty fraud problem?
It’s hard to know specifically, but these numbers shed some light on the scale of the issue:
- $48bn of loyalty credit is sitting unclaimed.
- Fraudsters have exploited 72% of airline frequent flyer programs.
- 80% of frequent flyer fraud is discovered by accident.
How does loyalty fraud happen?
There are broadly three ways loyalty fraud happens:
The insider threat – when a member of staff charges their own account with customer credit or manipulates IT systems to collect credit. One IT analyst at a UK supermarket managed to fraudulently collect millions of points before being detected (read the news story: “Man jailed over Sainsbury’s Nectar point scam”)
Organized crime – criminals use phishing or social engineering methods to collect membership data and empty loyalty accounts. Often these are cashed in for goods or tickets that can be sold on to unsuspecting individuals.
Customer fraud – when customers share or pool loyalty credits against the terms of their scheme, or simply break the rules to gain more points than they are entitled to – for example, claiming air miles twice for a shared-revenue ticket.
And here’s the real kicker: the customers most likely to be affected by loyalty fraud – either as victims or misidentified as offenders – are those with the most credit and the highest levels of account activity: in other words, your best and most loyal customers.
How can we tackle loyalty fraud?
Loyalty fraud detection is a complex problem. Most transactions are genuine, so a process to find the small percentage that’s fraudulent requires a robust and large-scale approach to data analysis.
That said, with the right technology and approach to data analysis, we can recognize signs of loyalty fraud.
Loyalty fraud as a graph visualization problem
Fraud almost always involves the fabrication of a link – between an individual, a transaction, an account, etc. – so it makes sense to model data in a way that emphasizes those links.
Using graph visualization, we can find indications of fraud, including:
Unrecognized devices – this is especially telling if account details are changed or a large transaction happens on a new device.
Small transactions followed by larger ones – this can be a sign of testing the waters before trying to cash in a large number of credits.
Account access from multiple locations – a tough criterion to check for a frequent flyer program (you expect customers to move around!) but if a customer is accessing their account from Mumbai and London within an hour of each other, it should raise a flag.
Buying tickets with multiple names – or changing the name on a ticket purchased with points. Often fraudsters will sell ill-gotten airline tickets using online message boards or auction sites, changing the name afterward.
Unusual access patterns to the customer loyalty database – if a staff member is manipulating the system, you should be able to find evidence in server logs.
Repeated unsuccessful login attempts to the rewards website – this could be individuals or phishers trying to crack an account.
Visualizing loyalty fraud
Using some mock data for a frequent flyer program, we built an application for visualizing and detecting cases of loyalty fraud.
There are three entities we’re interested in:
- Account ID
- Transaction time
- Transaction value
- Transaction IP
- Ticket ID
- Ticket departure airport
- Ticket arrival airport
Which we can map to the following data model:
When we take data from a ‘clean’ account and apply this model, this is the sort of structure we see:
What does this show?
The time bar here is showing two metrics: the grey histogram is the volume of transactions (both credits and debits), the red series link is the value of debits from the account.
The flow of transactions is steady, the value of debits is unsuspicious: two small debits in February and June, a larger one in December.
In the chart, we can see this account always travels from London Heathrow to busy business hub airports – Paris, New York, Frankfurt.
So far, so uneventful.
Frequent Flyer Fraud
Just a quick glance shows that this account doesn’t match the norm.
Firstly, take a look at the spike of transactions in October. If we zoom in, the majority of them took place on one day in under 20 minutes, including two small transactions in quick succession followed by 6 much larger ones:
We can also see two IP addresses at play here. The first one associated with four tickets between LAX and PDX, as well as a steady stream of credits:
The second IP was used to purchase 8 tickets, mostly for journeys outside of the US:
Clearly this is just a simple example of detecting loyalty fraud using a small amount of synthesized data, but it shows the potential.
Despite the significant potential for financial loss and reputation damage, loyalty fraud remains an area of low priority for fraud technology vendors.
To find out more about how our graph visualization toolkits can be used to help companies detect loyalty fraud and reduce financial losses, get in touch or download our white paper about fraud detection with graph visualization: