The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
As credit card loyalty programs have gained popularity, they have inevitably become targets for scammers. Once hackers gain access to your account, it’s all too tempting to cash out your rewards balance while they’re at it. You’ve worked hard to earn those credit card rewards, and the last thing you want is for some scammer to enjoy a trip to the Caribbean on your dime.
So how do these data breaches happen, and what should you do to protect yourself? Here’s a look at how hackers can steal your rewards balance and tips to protect yourself against these data breaches:
First, assess the damage and secure your card
If your rewards account has been compromised, you’ll want to take note of the type of fraud that’s occurred and how much has been stolen. Hackers may have used your points for flight bookings and transferred them out of your account. Whatever the issue, you’ll want to carefully review your account for any discrepancies so you can fully inform your loyalty program administrator about the extent of the fraud.
Report the theft to your issuer
If your credit card has been compromised, you’ll want to report unauthorized charges as soon as possible. The same is true for unauthorized rewards redemptions. Whether it’s a bank loyalty program or a frequent flyer account, you’ll want to call your issuer and tell them your account has been compromised.
To facilitate this, contact your loyalty program’s customer service number and ask to speak to a representative. Sometimes you’ll get the option to select the fraud department from the main menu. If not, then simply dial zero and a customer service representative will direct you to the correct department.
In most cases, proving your account was compromised will be fairly easy. The thieves might transfer your points to another account or use them to book travel in someone else’s name. Things like this can easily prove fraud has occurred, and the customer service agent should be able to restore your points after a brief investigation period.
Years ago, someone hacked into my JetBlue account and used the points for several flights between Detroit, MI, and New York. The traveler’s name and address didn’t match mine, so JetBlue restored my points balance within a week of the fraud occurring.
Another time my Radisson Rewards balance was emptied by hackers who redeemed my points for gift cards. The fraud team was able to confirm that the account was accessed from abroad and not from my usual IP address. My balance was quickly restored and my account was secured so it didn’t happen again.
Understand how it happened
Rewards can be stolen when hackers get access to your loyalty account passwords. With how common data leaks have become, scammers can easily access your login credentials and empty out your rewards balance. The website Have I Been Pwned can tell you if your information has been compromised in a recent data hack. Regardless of whether it has or not, you should still make a habit of regularly updating your passwords in case of a data breach.
By understanding how fraudsters can access your reward s accounts, you’ll be better equipped to secure your account against future attacks.
Prevent future theft
Once you’ve reported the theft and secured your account, it’s important to take steps to prevent future credit card fraud. Here are five measures to reduce the likelihood of your credit card rewards being compromised:
Change your password
One of the first steps you’ll want to take to prevent future theft is to change your password. Not just for the compromised account, but all others too. If one of your passwords has been compromised, chances are others have too. Change all your account passwords immediately to something secure.
Experts recommend using a combination of letters, numbers and characters while excluding personal information that hackers can easily guess, including your name and date of birth. The more random and elaborate, the better. For extra security, you should use a different password for each account.
Set up two-factor authentication
While changing your passwords, you’ll want to set up two-factor authentication for extra security. Cyber security expert Bahman Hayat recommends using Microsoft or Google Authenticator, which are free to use. Some loyalty programs offer text-based authentication services, but Hayat advises against using these since they’re less secure.
Use a password manager
You might dread the prospect of remembering multiple complex passwords. Luckily, you don’t have to. With a password manager such as 1Password, you can securely store them all in one place. The service starts at just $2.95 per month for individual users or $4.99 for up to five. For a free alternative, try Norton Password Manager. It’s a trusted name in online security and offers a Google Chrome extension.
Be careful when shopping online
Providing your personal information (name, address, credit card number) when shopping online comes with risks. In the past, hackers have secured personal information from millions of people by targeting the databases of major retailers. You can protect your data while online shopping by using a virtual credit card number and shopping with secure sites only. Secure sites start with “https” as opposed to “http” addresses.
You’ll also want to avoid using public Wi-Fi networks to shop online, as those are susceptible to hacker attacks. Using a VPN is also a good way to protect yourself when shopping online, as it provides a more secure connection.
Check your rewards balance each month when you pay your bill
While you’re reviewing your monthly statements for credit card fraud, you’ll want to do the same for your rewards balance. Head over to your rewards tab and ensure that your points balance hasn’t dropped drastically and that no points have been transferred out of your account without your knowledge. Doing this can be a huge hassle if you have multiple rewards accounts.
The bottom line
We live in a world of increasing cybercrime and staying ahead can seem overwhelming. Most of us are bound to fall victim to fraud at some point. By understanding how these hacks occur, you can do more to protect yourself. Regularly tracking your rewards balances, using password protection tools and being careful with sharing your personal information can help you avoid losing your hard-earned points. It takes some legwork, but with a bit of vigilance, you can enjoy the benefits of loyalty points while keeping fraudsters at bay.