by

In recent years, it has become clear that cybersecurity is an issue that many companies struggle with. Unfortunately, that extends to the world of loyalty programs. Both Marriott Bonvoy and IHG One Rewards have been subject to data breaches that affected millions of customers, and the 2017 Equifax hack left millions of Americans vulnerable to identity theft. Clint Henderson, TPG’s managing editor, recently had his AAdvantage account hacked and more than 300,000 miles stolen.

Since loyalty programs are sensitive targets, protecting your information from exposure is more important than ever. So, how do you go about doing that?

Spoke to TPG Bahman Hayat, a software engineer specializing in cybersecurity who has worked for IBM and Microsoft, for advice on keeping our data safe from hackers. According to Hyatt, data hacks are becoming more common due to poor cyber security and sometimes carelessness.

“There are many ways data breaches can occur on the Internet, from insecure storage buckets and databases to social engineering attacks against authorized users, to simple human errors,” Hyatt said. “At this point, we must assume that we are already affected and expect to be affected again.”

While giving out our information puts us at risk, joining a rewards program is not something we can bypass. So, what can we do to protect ourselves from future data breaches? Here are simple steps you can take.

Avoid giving out sensitive information unless necessary

Sean Cudahy/The Points Guy

The first step to securing your account is to avoid giving out sensitive information in the first place.

“Anytime you have to give your personally identifiable information to a service, think twice about whether it’s necessary,” Hyatt said. “The less we give, the less chance we have of being affected by a breach.”

your date of birth, Passport numbers and addresses can also put you at risk, so avoid giving these out if possible. If you need to hand over this information, there is less risk if the website offers two-factor authentication. If the program doesn’t, then Hyatt recommends reaching out and requesting that he start offering it.

Related: How to recognize and prevent credit card fraud

Daily newsletter

Reward your inbox with the TPG Daily Newsletter

Join over 700,000 readers for the latest news, in-depth guides and exclusive deals from TPG’s experts

Use two-factor authentication

Setting up two-factor authentication for your loyalty account is a simple but important way to increase your online security.

Two-factor authentication adds an extra layer of security by requiring two forms of verification before granting access. Typically, this involves using something you know (like a password) and something you have (like a smartphone app that generates a temporary code or sends a push notification or email) or biometrics like fingerprints or facial recognition. This dual requirement makes it more difficult for unauthorized persons to gain access, as they will need both your password and the second factor.

In addition, two-factor authentication provides an immediate warning if someone tries to access your account, allowing you to take quick steps to protect it. This proactive approach is critical to preventing unauthorized transactions or misuse of your points and miles.

If you’re an Amazon customer, you’ve probably set up two-factor authentication and are used to receiving text messages with verification codes when you try to log into your account. This keeps your information safe from potential hackers who can access your password and charge items to your Amazon account. You might think, “That’s not smart. They have to give their home address for that order. They’re going to get caught.”

A hacker can have a variety of motivations to gain access to your Amazon account, including a A scam known as “brushing”. In which they send substandard products to customers who did not order them to leave fake reviews of these products to increase their reach in the online marketplace.

According to Hyatt, multifactor authentication can help prevent scenarios like this. While Amazon uses text-based authentication, Hyatt advises against it.

“They are vulnerable to SIM swap attacks, where an attacker can convince your carrier to transfer your phone number to their SIM,” he said. “If you must use text-based authentication, call your carrier and set up a PIN with them. I recommend using Microsoft Authenticator or Google Authenticator. If you want to take it a step further, YubiKey’s use.”

Related: Understanding 3D Credit Card Security and How It May Affect Your Trips to Other Countries

Check if your data has been compromised

Marriott

Hyatt also recommends that you check regularly Have I Been Winded? To see if your information has been leaked due to a data breach. If your account has already been compromised, it’s best to change your password immediately and use a password manager and multifactor authentication.

Use a password manager

Confession: In the past, I kept all my rewards program passwords in a document on my laptop. If someone had accessed that document, all my information would have been compromised. Experts recommend creating unique passwords for each account, but managing them is incredibly difficult if there is no option to store them all on a computer or paper file.

Hyatt recommends a password manager as a secure way to store all your login credentials in one place.

“That way, you’ll have a strong and unique password for each service, and if one of them is leaked, an attacker can’t use it on other services. This will protect you against something called ‘certificate stuffing’.” Hayat said.

“Credential stuffing is where an attacker uses leaked credentials to gain unauthorized access to user accounts on other services,” Hyatt continued. “For example, if you use the same password on websites A and B, if website A’s data is breached, an attacker can use it to log into website B. Using unique passwords protects you against such attacks. will happen.”

Hyatt recommends 1Password as a great option that is reputable and secure.

Related: Why a password manager is an important part of my points and miles strategy

Monitor your credit

Hero Images/Getty Images

Do you invest in it? Check your score with a credit monitoring service or periodically, Hyatt recommends checking your credit report annually to ensure there are no discrepancies. If a hacker maxes out your credit card in your name, you’ll see it on your credit report. You can also get Free credit monitoring Receive notifications through Experian and when a new account is opened or your credit score changes.

Hyatt recommends freezing your credit before opening a new account and then temporarily lifting the freeze for added peace of mind. A credit freeze will prevent anyone from accessing your credit information or opening a new account. If your data has been leaked, a credit freeze is the best way to protect yourself against further damage.

Related: 6 things to improve your credit score

Petition loyalty program to get serious about security

With all the recent data breaches, it has become clear that companies are not taking the necessary precautions to protect our data.

“Many companies today are not making the necessary investments in their cybersecurity,” Hyatt told TPG. “We see it over and over again Leaked passwords are not hashed and salted Or weak hashing like MD5 is used, which can be easily cracked. Therefore, as users, we must take necessary steps so that we are protected in the event of a breach.”

Hyatt recommends contacting loyalty programs and banks that have not implemented two-factor authentication and requesting that they do. After all, we are responsible for our data, and if we are handing it over to a third party, such as a loyalty program, we must ensure that it remains secure.

How does your loyalty program protect you against infringement?

Recent data breaches have led to various airline and hotel loyalty programs requiring two-factor authentication as a mandatory step when logging into an account. While this can be frustrating for anyone who regularly logs into an account, it’s better to be safe than sorry. Here’s how major loyalty programs deal with data breaches:

Airline programs

  • American Airlines AAdvantage: Optional two-factor authentication via email
  • Delta SkyMiles: No two-factor authentication option
  • Frontier Miles: Alternative two-factor authentication
  • JetBlue TrueBlue: Mandatory two-factor authentication via email with option to change to more secure text message two-factor authentication
  • United MileagePlus: Rolling Out Choice Test of Two-Factor Authentication
  • Southwest Rapid Rewards: No two-factor authentication option
  • Free Spirit: No two-factor authentication option
  • Air Canada Aeroplan: Mandatory two-factor authentication via email
  • Air France-KLM Flying Blue: Mandatory two-factor authentication via email
  • British Airways Executive Club: Optional two-factor authentication via email
  • Qatar Airways Privilege Club: Mandatory two-factor authentication via email
  • Singapore Airlines KrisFlyer: Optional two-factor authentication for flight bookings; Mandatory two-factor authentication for changes to KrisFlyer accounts

Hotel programs

  • Hilton Honors: Mandatory two-factor authentication via email for limited activities only, such as logging in using a new device
  • Marriott Bonvoy: Optional two-factor authentication for email or phone verification
  • IHG One Rewards: No two-factor authentication option
  • Radisson Rewards: No two-factor authentication option
  • Hyatt World: No two-factor authentication option

Related: Why small charges on your credit card can mean big problems

Bottom line

With technology constantly advancing, it’s no wonder hackers are targeting our information. Since loyalty programs involve personal information as well as potentially thousands of points or miles, it’s important to protect your account.

Follow the tips outlined in this story to help minimize potential damage and protect yourself against further identity theft.

Leave a Comment