Subscribe to the Non-Human & AI Identity Journal

Incrementality

A measure of whether a loyalty incentive actually changes customer behaviour rather than rewarding behaviour that would have happened anyway. It depends on identity resolution, clean data, and testing that can distinguish causal uplift from habitual redemption.

Expanded Definition

Incrementality is the degree to which a loyalty incentive causes a measurable change in customer behaviour that would not have happened otherwise. In practice, it separates true uplift from routine redemption, so the metric is only meaningful when identity resolution, clean event data, and controlled testing can attribute outcomes to the offer itself.

In loyalty and customer analytics, incrementality sits closer to causal measurement than to simple engagement reporting. A campaign can look successful because customers redeem points, use a coupon, or re-enter a channel, yet still produce little or no additional value if those actions would have occurred without the incentive. That is why definitional discipline matters. As with the measurement logic used in the NIST Cybersecurity Framework 2.0, the control question is not whether activity happened, but whether the intervention changed the outcome in a way that can be evidenced and repeated.

Definitions vary across vendors on how much uplift is required, which customer segments count, and whether near-term revenue or long-term retention should be the endpoint. The most common misapplication is treating any redemption as incremental, which occurs when teams skip control groups and rely on post-campaign conversion totals.

Examples and Use Cases

Implementing incrementality rigorously often introduces measurement delay and sampling constraints, requiring organisations to weigh cleaner causal insight against faster campaign reporting.

  • A loyalty team runs an A/B holdout test to compare customers who received bonus points with those who did not, then measures the true lift in repeat purchases.
  • A retailer uses identity resolution to avoid counting the same household twice when evaluating whether a targeted offer changed store visits.
  • A bank tests whether a fee waiver increased card activation, or merely rewarded customers already planning to activate.
  • A growth team reviews whether a promo shifted channel behaviour or simply accelerated purchases that would have occurred later.
  • An analyst uses the methods discussed in the Ultimate Guide to NHIs to keep event sources, identities, and entitlement data consistent when measuring customer actions tied to automated journeys.

For teams that also rely on automation, the same discipline used in Ultimate Guide to NHIs is relevant: if records, tokens, and identity links are noisy, incrementality tests become contaminated before they begin.

Why It Matters for Security Teams

Incrementality matters to security and governance teams because weak measurement can hide waste, misaligned incentives, and data-quality failures that later become operational risk. If identity stitching is inaccurate, a business may over-credit campaigns, under-estimate fraud-like behaviour, or misread how automated journeys interact with customer consent and access events. That is especially relevant where loyalty platforms, API integrations, and agentic workflows share the same identity graph.

NHIMG research shows that only 5.7% of organisations have full visibility into their service accounts, a reminder that poor identity visibility is usually a data problem before it becomes a control problem. The same principle applies to incrementality: without trustworthy identity and event records, the organisation cannot tell whether a programme created value or merely recorded activity. The Ultimate Guide to NHIs highlights why clean lifecycle and visibility controls matter when automated systems influence customer outcomes, while the NIST Cybersecurity Framework 2.0 reinforces the need for reliable governance, measurement, and monitoring.

Organisations typically encounter incrementality problems only after budgets are cut and campaign results fail to translate into durable behaviour, at which point the metric becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0 provides the primary governance reference for this term.

Framework Control / Reference Relevance
NIST CSF 2.0 GV.ME Defines governance measurement expectations that apply to causal uplift and performance validation.

Measure whether loyalty actions change outcomes, not just whether activity was recorded.