Cost of living4:46Points earned
When April Canavan’s inbox suddenly flooded with emails in December, she knew something was wrong.
A woman in Vancouver found herself signing up for an email list she never signed up for. She also received an email saying she redeemed her PC Optimum points at a grocery store halfway across the country.
Canavan said the scammers siphoned about $1,000 worth of points from her account within about 25 minutes, and that the mailing list tactic was aimed at distracting her from the theft.
But as she said, panic had already begun Cost of livingShe was saving up points to pay for Christmas.
“And I was like, ‘Okay, so how am I going to afford Christmas now?'”
While cheating has plagued point collectors for years, PC Optimum faced a particularly high prevalence of fraud in 2018. —The issue recently resurfaced after Scene+ notified its points program members in January that there would be new ID requirements for redeeming points at grocery stores.
Data breaches are causing more people to have their online account credentials compromised, making it a difficult problem to solve, according to one expert. And since loyalty points have real cash value, they represent a potential source of profit for thieves.
“We’re definitely seeing growth in the loyalty points space,” said Kevin Lee, vice president of trust and security at fraud management firm Shift.
Lee points to his phone. There are hundreds of apps on this phone, many of which offer unique points-for-you programs for everything from airline tickets to groceries to burgers.
“Its increasing affluence makes it a prime location for fraudsters and criminals to exploit in the form of account compromise.”
how it happens
There are two main ways malicious actors can obtain points.
The first is to take advantage of the fact that many people reuse the same very simple passwords across multiple sites, Lee says. For example, using a password like “Password1234” allows a thief to access your profile across multiple companies by understanding the password in one place, he said.
“Fraudsters essentially do credential stuffing. They just try to brute force a bunch of different password substitutions to finally crack the code.”
Another way is through data breaches.
“So you, the consumer, may have the strongest password on the planet that you only use with a specific company,” Lee said. “But if there was a data breach at that company and personally identifiable information like passwords, usernames, email addresses, etc. were compromised, all of a sudden you would be exposed.”
A spokesperson for Loblaw, which runs the PC Optimum program, said in an email to CBC that fraud cases have actually declined in recent years “largely due to the efforts customers have taken to protect their information.” Stated.
“It is important for customers to remember that PC Optimum points are an actual cash value, so they must protect the information in the same way as bank account details. We also recommend that you keep an eye on emails that are stolen by other hackers, as email and password credentials that are stolen by other hackers are one of the biggest risks of fraud. ”
Fraud prevention tips
The statement goes on to warn you about scams, including enabling two-step verification on your email account, never clicking on links in emails that claim your account has been compromised, and using a password manager like LastPass or 1Password. Provides tips for prevention.
Two-step verification requires users to sign in to their accounts using not only a password, but also a security code, typically sent via text or push notification. The extra layer of security makes it even more difficult for hackers to gain access.
Rosalind Ash isn’t sure how thieves got access to her Scene+ points last fall. A woman in Toronto was busy with work and hadn’t checked her email address associated with her loyalty program in a while.
Then I noticed an email saying I had redeemed over 11,000 points at Montana’s. “I don’t really go to chain restaurants,” Ash says.
She immediately called Scene+, and while on the phone with the loyalty program, she logged into her Scene+ account and noted a series of benefits that started two months ago at businesses around the Greater Toronto Area. She never took advantage of any of them.
“They were probably redeeming about $100 worth of money on average at a time. And they went to the movie theater. They also went to the grocery store. At the grocery store, they spent $500.”
Refunds can be an issue
Ash says when she first escalated the issue to Scene+, she was told the investigation would be completed within two weeks. However, a few weeks later, in an email from her Scene+, Ms. Ash was asked if she had shared her credentials with anyone. she didn’t. In another call, she was told it was too late to receive a refund because the 60-day fraud reporting deadline had passed since her first fraudulent charge occurred.
The Scene+ program is a joint venture between Cineplex and Scotiabank, so Ashe took her concerns to the bank she’s been with since she was a teenager.
“Because of this situation, I said I would like to know the steps to close all my accounts, including my credit card accounts.”
Her lost 84,000 points were recovered a few hours later.
But Ash says she’s concerned about what the theft of points could mean for people who don’t have the ability to hold onto them until they’re recovered.
“Everything is getting more expensive, and when you have $800 in points to spend on groceries, that makes a lot of sense.”
A spokesperson for Scene+ Rewards said in an email to CBC that the company cannot comment on individual cases for privacy reasons, but added, “We take incidents of fraud seriously and we take appropriate steps to protect our members. We are confirming that we are taking measures.”
“We always encourage our members to practice good password hygiene and monitor their accounts regularly.”
Empire, which owns Sobeys, Safeway, and other grocery chains where Scene+ points are collected and redeemed, conveyed the same message.
“Protecting our customers and their points is a top priority for Empire. We always encourage our customers to practice good password hygiene.”
AI solution?
Kevin Lee says AI has the potential to provide solutions that don’t put all the burden on customers.
“Many of the companies we work with deploy our technology and software to look for anomalous behavior from a user perspective.”
This means that if you’re redeeming points in another part of the country, like April Canavan, or at a store you’ve never shopped at before, a store employee may ask you to show your ID or your account may be blocked. This means that there is a possibility that it may be frozen.
Canavan said her PC Optimum points eventually recovered around the new year, but in the meantime she ended up having to put money on her credit card for her daughter’s Christmas present.
She said the app never asked her to set up two-step verification, but she has now set it up and encourages others to do the same.
“Anything where you earn points or have a credit card. [number], check your security features and enable them all. ”
