Recently the New York Times ran a story about the risks of loyalty programs. Loyalty programs include everything from the virtual punch card at the coffee shop to larger programs like those offered by hotels and airlines. We tend to hear about the problems with travel-related loyalty programs like the Marriott/Starwood breach and Delta Airlines.
What’s the Risk?
Your first thought when you hear about these breaches is what about your credit card and personal information like phone number and address? While that stuff is important, you can always change your credit card numbers. Most of the time, you aren’t liable for unauthorized purchases from bank accounts or credit cards.
The risk of these loyalty program breaches isn’t just the points, after all, you worked hard to accumulate that free coffee or a free trip around the world. It’s also about the details these programs can reveal to create more sophisticated hacks.
As an example right here in Lawrence, KS, when we sign up clients for internet service through AT&T, some of the security questions they get asked are:
- What is your favorite restaurant?
- Where is your favorite place to go on vacation?
- What is the name of your youngest sibling?
These are the same type of questions Apple and dozens of other companies ask. I was asked the same time of questions when signing up for phone service with T-Mobile. Even if these questions aren’t used directly by hackers, they can be used for targets attacks called spear phishing. For example, if hackers see that I have a reservation at a hotel, they might call me and say there’s a problem with the card and I need to provide a different credit card.
I’ll admit until I read this article I had “soft” passwords for some of these programs. I figure Starbucks doesn’t have my credit card, and who would steal a coffee from me? Cybercrime is cybercrime so they might steal that. Then I realized my credit card is on file with them and someone could order themselves a gift card. Ouch. I’m secure with my Apple iTunes account because it’s a big target for hackers and Apple protects it with things like two-factor authentication. My Starbucks account is wide open!
What can you do to protect yourself?
First, create unique passwords for absolutely everything. If it contains personal data, it needs to be protected. Use a password manager or ask us about the password books we sell (or give away if you ask us nicely and mention this post!)
Second, consider enabling two-factor authentication everywhere you can. That’s the system where they text you or call you to verify who you are. If you aren’t sure how to do that, please ask us!
Finally, read your statements and emails. Sure, you get tons of those, but the only way you can catch a breach is to be vigilant. Take for example those Starbucks emails. Those always go into my junk email because I don’t go there that often. I always shop local for coffee, but sometimes Starbucks is all they have, especially at airports. After reading this article, I’m now working to unsubscribe from promotional emails from loyalty programs, but make sure emails about account balance and activities don’t go into spam. Again, if you need help setting this up for yourself, we do email management all the time for clients.
Although it doesn’t make the nightly news, your free pizza, coffee, and airline trips are the latest thing hackers are attacking. They’re not just stealing your points, but stealing information they can use for more sophisticated attacks.