Key takeaways

  • Hackers may be able to access your rewards account and steal your points and miles to book their own trips or cash them in by selling your rewards to others.
  • If your rewards account is hacked, carefully review the damage and report it to your card issuer.
  • Take precautions against fraud by changing your password and opting for two-factor authentication to prevent your account from future hacks.

As credit card loyalty programs gain in popularity, they’re inevitably becoming targets for scammers. If a hacker successfully gains access to your account, it’s all too tempting for them to cash out your rewards balance while they’re at it. You’ve worked hard to earn those credit card rewards though, and the last thing you want is for a scammer to enjoy a trip to the Caribbean on your dime.

So how do these data breaches happen, and what should you do to protect yourself? Here’s a look at how hackers can steal your rewards balance, and tips to protect yourself against data breaches.

1. Assess the damage

If your rewards account is compromised, take note of the fraud that occurred and how much has been stolen. Hackers may have used your points for flight bookings and transferred them out of your account. Whatever the issue, you’ll want to carefully review your account for any discrepancies so you can fully inform your loyalty program administrator about the extent of the fraud.

Report the theft to your issuer and loyalty program

Whether it’s a bank loyalty program or a frequent flyer account, report the fraud to your card issuer as soon as possible. Note that while credit cards provide robust consumer protections, these protections tend to cover unauthorized charges, rather than rewards redemptions you didn’t authorize.

After you contact your issuer, call your loyalty program’s customer service number and ask to speak to a representative. If you can’t select the fraud department from the main menu, simply dial zero and a customer service representative will direct you to the correct department.

In most cases, proving your account was compromised is fairly easy. The thieves might transfer your points to another account or use them to book travel in someone else’s name. Actions like this can easily prove fraud has occurred, and customer service should be able to restore your points after a brief investigation. Another ploy is for the hackers to sell your points on the dark web.

Years ago, someone hacked into my JetBlue account and used the points for several flights between Detroit, MI, and New York City. The traveler’s name and address didn’t match mine, so JetBlue restored my points balance within a week of the fraud’s occurrence.

Another time my Radisson Rewards balance was emptied by hackers who redeemed my points for gift cards. The fraud team was able to confirm that the account was accessed from abroad and not from my usual IP address. My balance was quickly restored and my account was secured so it didn’t happen again.

Understand how it happened

Rewards can be stolen when hackers get access to your loyalty account passwords. Considering how common data leaks have become, scammers can more easily access your login credentials and empty out your rewards balance than before. The website Have I Been Pwned can tell you if your information has been compromised in a recent data hack. Regardless, you should make a habit of regularly updating your passwords in case of a data breach.

By understanding how fraudsters can access your rewards accounts, you’re better equipped to secure your account against future attacks.

Prevent future theft

After you’ve reported the theft and secured your account, take steps to prevent future credit card fraud. Here are five measures to reduce the likelihood of your credit card rewards being compromised.

Change your password

A first step to preventing future theft is to change your password. And don’t change your password for only the compromised account, but for all others too. Change all your account passwords immediately to one that’s more secure.

Experts recommend using a combination of letters, numbers and characters while excluding personal information that hackers can easily guess, such as your name or date of birth. The more random and elaborate, the better. For extra security, use a different password for each account.

Set up two-factor authentication

While changing your passwords, sign up for the security method two-factor authentication — or 2FA. This method requires two forms of ID to access an account, an app or a platform. The first factor is typically your password, while the second is a text or email to your phone or computer. More recent 2FA procedures include biometrics, like your fingerprint or face scan.

Use a password manager

You might dread the prospect of remembering multiple complex passwords. And luckily, you don’t have to. With a password manager such as 1Password, you can securely store them all in one place. Individual service starts at $2.99 a month, with families of up to five a low $4.99 a month. For a free alternative, try Norton Password Manager, which also offers a Google Chrome extension.

Take care when shopping online

Providing your personal information — like your name, address and credit card number — when shopping online comes with risks. In the past, hackers have secured personal information from millions of people by targeting the databases of major retailers. One way to protect your data while online shopping is by using a virtual credit card number.

Also make sure the site you’re shopping at is secure. Look for a URL that starts with https, and not http. You can also remove your card information from a website after completing your transaction.

When away from home, avoid using public Wi-Fi networks to shop online, as these networks are susceptible to hacker attacks. Using a VPN is also a good way to protect yourself when shopping online.

Check your rewards balance each month when you pay your bill

When reviewing your monthly statements for credit card fraud, do the same for your rewards balance. Head over to your rewards tab and ensure that your points balance hasn’t dropped and that no points have been transferred out of your account without your knowledge.

The bottom line

We live in a world of increasing cybercrime, and staying ahead may feel overwhelming. Most of us are bound to become a victim to fraud, and by understanding how these hacks occur, you can do more to protect your personal and financial information. Regularly tracking your rewards balances, using password protection tools and being careful with sharing your personal information can help you avoid losing your hard-earned points. With a bit of vigilance, you can enjoy the benefits of loyalty points while keeping fraudsters at bay.