What To Do If Your Travel Or Credit Card Rewards Are Stolen – Forbes Advisor

Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

Data breaches are becoming far too common, but they mainly impact credit cards. While most folks are taking steps to secure their credit card accounts and protect against identity thieves, few are taking the same steps against credit card points theft.

So what happens when your points and miles are stolen? While the effects may not be as devastating as identity theft, the steps you need to take to protect yourself and restore your points balances are similar. Here’s everything you need to know about what to do if your rewards account is hacked.

How Credit Card Points Are Stolen

Stealing credit card points is more complicated than stealing a credit card for unauthorized use. Fraudsters must acquire your login, hack into your account successfully and clean it out. Stolen rewards typically end up being sold on the dark web, redeemed for gift cards or used for merchandise purchases through the rewards program. Unfortunately, credit card companies do not have fraud alerts for points, so fraudsters can easily go undetected.

This practice isn’t anything new, but the COVID-19 pandemic presented a prime opportunity for scammers. As travelers stopped traveling, they were still spending on credit cards and possibly paying less attention to their rewards accounts. The result was heaps of rewards for the taking.

Forbes contributor Brett Holzhauer fell victim to one of these scammers when his Amex Membership Rewards account was hacked. He and his wife were robbed of 200,000 points, but it didn’t stop there—the thieves went on a shopping spree with his The Blue Business® Plus Credit Card from American Express.

Ultimately, American Express returned his points and removed the fraudulent charges, but what’s concerning that this only came to Brett’s attention when he received a fraud alert about those large purchases the thieves had made. If they hadn’t triggered a fraud alert, it might have taken months before he learned of the missing points.

How to Get Your Stolen Points Back

Fortunately, there is hope if your points are stolen. If there has been a data breach and your points are gone, you can get them back by calling your bank or loyalty program immediately. As someone this has happened to in the past, I can attest that it’s a relatively pain-free process. In most cases, the customer service agent will look at how the points were redeemed. For example, if the rewards were used for a flight out of an airport far from your home address, with a passenger name that doesn’t match yours, it’s an easy way to determine the booking was unauthorized.

Some programs can also see which location your account was accessed from. If it was far from your usual location, that might indicate it wasn’t you. For the most part, determining a fraudulent point redemption isn’t too challenging. Still, it’s crucial to report it immediately when you learn of it.

Aside from calling your bank or loyalty program to report your points stolen, there are other steps you need to take to protect your account. Here’s a step-by-step guide to getting your points back and securing your account after a breach, although many of these steps can be implemented right now to help prevent the unauthorized use of your rewards.

Secure Your Account

The first thing you’ll want to do when discovering a discrepancy in your point balance is secure your account. Aside from points, your loyalty account has other information that might be compromised. Changing your password and setting up multi-factor authentication helps prevent further data breaches.

If you haven’t done so already, cyber security expert Bahman Hayat recommends setting up a password manager like 1Password. These password managers work by automatically storing and organizing all your usernames, passwords, PINs and account numbers within one encrypted and secure database.

If you haven’t changed your passwords in the last few years, chances are they’ve been compromised during one of the dozens of data leaks. You can find out whether that’s the case by going to Have I Been Pwned.

Hayat also recommends changing all your account passwords after a data breach. While you’re checking your point balances (more about this step below) this is also a good time to update your passwords.

Call the Program Immediately

Once your account is secure, you’ll want to call your affected loyalty program immediately. In most cases, you should be able to get your points back after an investigation.

Years ago, hackers got into my Radisson Rewards account and redeemed over 500,000 points for gift cards. As an avid travel hacker, I didn’t know what offended me more—that my points were gone or that they’d been redeemed at such a low value. Regardless, I called Radisson Rewards and they restored my balance within a few hours.

Not every program will be this quick, however. When hackers got into my JetBlue account three years ago, it took several days to get my points back.

Check to See If Other Accounts Were Compromised

Once you’ve notified your loyalty program, you’ll want to check your other accounts for similar breaches. I use AwardWallet to track all my point balances in one place.

If you’re not using a point tracker, you’ll need to log in to each individual loyalty program account to ensure your balance is intact. Check your balance and recent activity thoroughly because your balance may not be completely wiped out. This part might be tedious, but it will ensure that you secure not just the account that was compromised but others, as well.

How to Avoid Getting Your Points Stolen

When it comes to preventing point theft, a strong offense is the best defense. You should anticipate that your rewards accounts will be hacked at some point. The best way to deal with it is to stay ahead of the hackers. Here are three steps you can take to prevent point theft.

Track Your Points

Tracking your points is key to catching data hacks and ensuring your points don’t get stolen. With point tracking tools like AwardWallet, you can even set alerts so you’ll receive an email when your balance suddenly changes. A decade ago, this is how I learned that my Radisson Rewards points were wiped out by hackers.

Secure Your Passwords

Password security is key to preventing account hacks and point theft. Hayat recommends creating a different password for each account and using a password managing app to store them securely in one place.

Multi-factor authentication should also be part of your password security strategy. Hayat states, “I recommend Microsoft or Google Authenticator. It’s preferable to text-based authentication, which is vulnerable to swap attacks.”

Be Careful What You Click On

According to Cisco’s cybersecurity threat trends report, phishing is responsible for 90% of data breaches. Scammers are getting advanced in innovative emails that appear to come from banks and loyalty programs. Some of them will even address you by your first name and request that you click on a link to read a message or confirm account information.

When you get an email like this, it’s best to not click on it at all. Instead, go directly to the bank or loyalty program’s website. Log in securely and then go to the messaging center or account overview page to see if there really is information you need to verify.

Bottom line

Data breaches are inevitable and will affect almost everyone at some point. The best you can do is to secure your accounts to prevent point theft in the first place. Following the above-outlined steps can help you get your points back quickly and prevent further breaches.

Leave a Comment

Businesswebsiteindex