With so much news about credit card fraud, merchants have been switching to EMV payments to protect customer information, but data thieves are targeting another goldmine: your loyalty program.
Last month, Panera Bread’s MyPanera program suffered from a data breach, forcing the company to announce that customer data had been vulnerable for eight months. KFC suffered a breach of their rewards program in 2016, requiring their customers to change passwords for that programs and any other non-KFC accounts that used similar information.
We don’t often think of loyalty programs as having data that needs to be protected, but the hotel industry already knows that there’s so much more there than the cash value of the rewards points.
Here’s what was taken in the Panera Bread data breach:
- Loyalty card numbers which could lead to theft of money in prepaid accounts
- Customer names
- Customer emails
- Customers’ home addresses
- Customer birthdays
- The last four digits of customer credit cards
There is enough information at risk there to gain fraudulent access to many other customer accounts. Enough information to make the free reward of a sandwich many times more expensive for both the customer and the merchant, if not handled properly. For one, the customers most at risk are your most loyal customers. Not to mention, the bad PR and loss of trust you risk in not protecting your customer data.
Here’s what you can do to protect your customer data:
- Protect your rewards data in compliance with global standards and on par with your payment data
- Require stronger passwords for rewards accounts
- Request less identifying customer data when possible
- Make data security a priority not just for your payments team, but for your marketing team too
- Perform background checks for all employees with access to program data
- Get independent audits of the network and computing infrastructures supporting your loyalty program
- Ensure that any third-party partners that integrate with your infrastructure also comply with global security standards
- Make security audits and monitoring and routine part of your business infrastructure
- Put a plan in place to address data breaches as quickly and openly as possible.
Here at Omnivore, we maintain our status as a Certified PCI/DSS Level 3.2 Service Provider and do not store credit card information ever. It is similarly important that you know the security measures in place for any technology that comes in contact with your system.
Security is expensive, but the loss of trust and reputation due to a data breach costs more. Just ask Equifax.
Reuters reports that the Equifax data breach could be the most expensive data breach in corporate history, with an estimated total cost of over $600 million after government investigations and civil lawsuits are completed.Here's what you can do to protect your customer data: Click To Tweet