The dematerialization of loyalty cards offers a new field of action for fraudsters in the digital world.
For Leonard Moustacchis, CIAM and I-Tracing Identities offer director, cybersecurity services specialist, “the dematerialization of the loyalty card has been an underlying trend for many years for the greatest benefit of customers, brands and… fraudsters”. So, last December 6, large-scale retailers noticed that their loyalty cards were being trafficked by hackers. Hackers tried to recover user ID and password, especially via phishing, then sold the information to buyers via encrypted messaging on the Internet. Once in possession of the contact details, the buyer connected to the brand's application and then spent the prize pool in store. Mass distribution is a prime target, because it combines a large number of users (therefore potential targets) and a market value of easy-to-use loyalty prize pools.
3,4 million compromised accounts in France
There is little risk for hackers, because these are fairly simple frauds to implement. Simply retrieve the username and password of loyalty card holders and log in to their account to collect the prize pool.. And these identifiers are not difficult to find, because customers often use the same credentials on many sites (around 75% of e-commerce site users use the same identifiers for all or part of their customer accounts). All it takes is one site to be hacked — data breach (data breach) or brute force, or simply attacked by credential stuffing (credential stuffing) — so that the user's account ends up for sale on the darknet. Today, it is estimated that there are several hundred million accounts compromised around the world., including nearly 3,4 million in France !
The second authentication, an effective solution
“All is not lost, solutions exist ! nevertheless reassures Léonard Moustacchis. for example, we see that the implementation of a second authentication stops 99% of access to compromised accounts. It is possible to call on IT partners so that they can detect, analyser, remedy, but also put in place all measures to protect companies and their customers from this type of fraud, without compromising on the user experience of legitimate users. »
