Skip to content

View Navigation

Latest News

You are here: Home > News > Loyalty Card Scams

Counter Fraud Specialist Rinsed of Loyalty Card Points! 

It was December 22nd, my mind full of festive planning, when an email popped up in my inbox from my regular supermarket to tell me that I had spent £5 worth of points from their loyalty scheme that I’m signed up for. I knew I hadn’t spent any points, so my first thought was that the email itself was a scam. It’s a common tactic of fraudsters to send an email like that, encouraging you to click on the link hoping that you will then input your log in details into a dummy site. So, I ignored the email.

The following day and I received another email telling me that I had spent yet more points. In fact, I had apparently drained my balance to next-to-nothing. This second email made me realise that this was more than just phishing as the amount spent was pretty much what I knew I had saved up.

Time to phone the call centre. I checked the phone number on the loyalty scheme’s website. This was the same as the one quoted on the emails, further lending to my suspicion that my points had been stolen rather than this being a phishing scam.

The helpline told me that my card had been used at local shops in London and Liverpool. I assured them that I hadn’t left York in the last 24 hours and that my loyalty card was just mere inches away from me. Fortunately, the store sent me a replacement card and also refunded my stolen points.

How do loyalty card scams work?

This could have been a result of either my password being breached – from the store, or if I had used the same password elsewhere, from that site.

Although I didn’t click on any links in an email, this could have been another way that a fraudster could have got my log in details. Once access has been gained into an online account, they can steal the points and take control of the account by locking the real account holder out.

Card cloning is also on the up. Only a few basic details are needed to duplicate a card.

How to protect yourself

  • Treat card schemes like your bank account – they have a value after all.
  • Use a strong password which you have not used for any other site.
  • Use multi factor authentication if available.
  • If you can sign up for email alerts for when points are spent, do so.
  • Keep an eye on your card balance to spot unusual activity.
  • If you receive letters or print out emails from the loyalty scheme, destroy them before disposing, making sure that your details and the card / membership number are not visible.
  • Don’t post pictures of your card on social media.

On the back of this, one of my New Year’s resolutions is to set up a password manager to enable me to use strong, unique passwords for each site I access. I have also decided that I will not treat my loyalty cards like a pension pot. I’ll use the points to treat myself rather than save them indefinitely. Must go now, I have some shopping to do….

Other useful articles can be found in our Counter Fraud Newsletters on the Publications page.