By NHI Mgmt Group Editorial TeamPublished 2026-06-16Domain: General NHISource: Comarch

TL;DR: A shift in loyalty strategy toward behavioral psychology, AI-driven empathy, and measurable financial outcomes was highlighted at Comarch User Group 2026, with 107 brand strategists from 33 countries contributing across 22 sessions. The governance lesson is that customer data, segmentation, and decisioning now need tighter controls, clearer ROI logic, and stronger auditability across identity-adjacent workflows.


At a glance

What this is: Comarch User Group 2026 is a loyalty-industry event that argues the next phase of customer retention will be driven by behavioral science, AI, and tighter financial accountability.

Why it matters: It matters to IAM practitioners because customer experience programmes increasingly depend on identity data, segmentation logic, and automated decisioning that can create governance, privacy, and trust issues across human and machine workflows.

By the numbers:

👉 Read Comarch's analysis of Comarch User Group 2026 and the loyalty agenda


Context

Customer loyalty has moved from simple points and discounts to identity-linked decisioning, behavioural segmentation, and AI-assisted personalisation. That shift matters because the same data used to shape offers can also shape access, trust, and customer treatment across channels.

For IAM, NHI, and governance teams, the real issue is not marketing creativity but control over who or what makes a decision, which data it uses, and how those decisions are audited. As loyalty systems become more automated, they start to resemble identity-adjacent control planes rather than standalone campaign tools.


Key questions

Q: How should teams govern AI-driven loyalty personalisation at scale?

A: Teams should govern AI-driven loyalty personalisation as a decisioning system, not a campaign feature. Define who owns the rules, which signals are allowed, what evidence is retained, and when human review is required. If the system can change treatment in real time, it needs policy boundaries, audit trails, and clear escalation paths.

Q: Why do invisible loyalty journeys create governance risk?

A: Invisible loyalty journeys create governance risk because they hide the identity and entitlement checks that decide who receives what benefit. When identification, payment, and redemption are fused into one flow, failures can be hard to detect and harder to explain. Teams need traceability across the full trust chain, not just a smooth customer experience.

Q: What do security and privacy teams get wrong about behavioural segmentation?

A: They often treat behavioural segmentation as low-risk marketing logic, even when it influences pricing, eligibility, and sensitive inferences. The mistake is assuming a profile is harmless because it is not directly authentication-related. Once inferred context affects treatment, the logic becomes a governed decision surface.

Q: Who is accountable when automated loyalty decisions cause harm?

A: Accountability sits with the organisation that defined the policy, approved the data use, and deployed the automation. If no one can explain the inputs, logic, and override process, then accountability is already weak. Governance should assign a named owner for the decision system, not just the platform.


Technical breakdown

Behavioural segmentation in loyalty systems

Behavioural segmentation uses observed customer signals such as purchase cadence, response patterns, and channel engagement to assign treatment. In modern loyalty programmes, this is no longer a static rules exercise. It becomes a continuous decision layer that can change offers, messaging, and even service pathways in near real time. The technical risk is that segmentation logic often sits across CRM, CDP, marketing automation, and analytics stacks, so no single team fully owns the policy boundary. Once those decisions are automated, the system needs traceability for inputs, thresholds, and override paths.

Practical implication: define ownership for segmentation logic and require audit trails for every rule, model, and override path.

AI empathy decisioning and data sensitivity

Empathy decisioning is the use of AI to adapt offers and tone based on inferred life context, such as financial stress or changed behaviour. The article’s example shows why this is more than personalisation: the system is making contextual judgments about how to treat a person. That creates a governance problem around data minimisation, model boundaries, and harmful inference. If AI can infer sensitive states from weak signals, then the organisation needs to know which attributes are allowed, which are prohibited, and how human review is triggered when the model crosses into high-impact decisions.

Practical implication: classify inferred-life-context signals as governed data and set explicit review rules before they influence offers.

Invisible loyalty ecosystems and identity trust

Invisible loyalty removes visible friction by embedding identification, payment, and benefit redemption into a single flow. Technically, that means several systems are exchanging identity and transaction signals behind the scenes while the customer sees one seamless interaction. The hidden cost is that trust now depends on the reliability of those integrations, the consistency of identity resolution, and the assurance that rewards are granted to the right subject at the right time. When loyalty becomes invisible, the failure mode is not just a broken campaign. It is a broken trust chain spanning customer identity, transaction identity, and entitlement logic.

Practical implication: test the end-to-end trust chain across identity, payment, and reward systems before making the journey invisible.


NHI Mgmt Group analysis

Loyalty has become an identity governance problem, not just a marketing one. The article shows customer experience systems moving toward behavioural targeting, real-time decisioning, and automated reward logic. That changes the control question from campaign performance to decision accountability, because the same systems now shape who gets what, when, and why. Practitioners should treat loyalty stacks as governed decision environments, not harmless engagement tooling.

Invisible personalisation creates a hidden trust boundary that most programmes do not map. Once identification, payment, and rewards are fused into one journey, the system depends on multiple identity and entitlement decisions happening without user visibility. That makes the trust boundary harder to test and harder to explain after a failure. The practitioner implication is simple: if the journey cannot be traced, the entitlement cannot be trusted.

AI empathy decisioning is a named concept for a real governance shift. The article describes systems that infer distress, habit change, or other life context and then adapt offers accordingly. That is not just smarter personalisation. It is a new form of policy inference that can drift into sensitive profiling if boundaries are unclear. Teams should recognise the difference between helpful adaptation and uncontrolled inference before the model becomes the decision-maker.

Customer segmentation is now converging with identity lifecycle discipline. Loyalty systems create, modify, and retire customer treatment states in ways that resemble lifecycle governance for access and entitlements. That does not make them IAM systems, but it does mean revocation, eligibility, and state change deserve the same operational seriousness. The practitioner implication is to align data, entitlement, and customer-state governance before scale exposes gaps.

Finance-led proof will increasingly shape how identity-adjacent programmes are justified. The article repeatedly ties loyalty strategy to ROI, customer lifetime value, and measurable return. That pressure will also affect identity teams supporting these platforms, because governance controls will need to show business value rather than only risk reduction. Practitioners should expect auditability and financial traceability to become part of the control conversation.

From our research:

What this signals

Invisible personalisation will push more customer decisioning into systems that resemble identity controls. As loyalty, payment, and redemption converge, the challenge is no longer only campaign design but policy traceability. The control question becomes whether the organisation can explain every automated treatment change and prove that the right subject received the right entitlement.

AI empathy decisioning raises the bar for governance because inferred context can become sensitive context very quickly. If a model can alter offers based on signs of distress or financial pressure, privacy and risk teams need explicit guardrails before deployment. The practical move is to pre-classify the signals that may be used and then constrain how far inference can go.

The programme lesson is that loyalty teams will increasingly need stronger audit evidence, clearer approval paths, and tighter exception handling as personalisation becomes more autonomous. That is especially true when the business wants measurable ROI, because financial reporting pressure tends to expose weak ownership faster than a marketing review ever will.


For practitioners

  • Map decision ownership across the loyalty stack Document which team owns customer segmentation, offer generation, redemption logic, and overrides. Require named control owners for each decision point so there is no ambiguity when a campaign produces harmful or inconsistent treatment.
  • Set boundaries for inferred sensitive context List the behavioural signals that may be used for personalisation and identify which ones can reveal distress, financial pressure, or other sensitive states. Block those inputs unless there is an approved policy and review path.
  • Test the identity trust chain end to end Validate that identification, payment, and reward entitlement stay aligned across systems, including failure handling and exception paths. The goal is to prove that a customer receives the correct benefit even when integrations fail or data is delayed.
  • Create audit evidence for automated offer decisions Record the inputs, thresholds, and model version behind each materially different offer or treatment change. Preserve enough detail to explain the decision to risk, privacy, and audit stakeholders after the fact.

Key takeaways

  • Loyalty programmes are becoming governed decision systems, which means identity, entitlement, and auditability matter as much as customer engagement.
  • The article’s central evidence is scale and participation, with 107 strategists from 33 countries across 22 sessions signalling a category-wide shift rather than a niche trend.
  • Practitioners should map ownership, constrain inferred sensitive context, and test the identity trust chain before invisible personalisation creates avoidable trust failures.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0GV.OC-01Loyalty systems now shape governed business outcomes and need clear ownership.
NIST Zero Trust (SP 800-207)PR.AC-1Invisible journeys depend on continuous trust checks across integrated systems.
NIST CSF 2.0PR.DS-1AI empathy decisioning depends on sensitive behavioural data and clear handling rules.

Classify and constrain behavioural signals before they influence automated offers or customer treatment.


Key terms

  • Behavioural Segmentation: Behavioural segmentation is the practice of grouping customers by observed actions such as purchases, visits, or responses instead of by static demographics. In governed environments, those groupings can influence pricing, eligibility, and treatment, so the rules and data sources behind them need clear ownership and auditability.
  • Empathy Decisioning: Empathy decisioning is the use of AI to adapt customer offers or messages based on inferred life context, such as financial stress or change in routine. It can improve relevance, but it also introduces privacy and fairness risk because the system is making judgments from signals that may be sensitive or incomplete.
  • Invisible Loyalty: Invisible loyalty is a programme design where identification, payment, and rewards are embedded into one seamless flow. The customer sees one journey, but the organisation is still making multiple identity and entitlement decisions behind the scenes, which makes traceability and exception handling essential.

What's in the full article

Comarch's full post covers the session-level detail this analysis intentionally leaves for the source:

  • Speaker-by-speaker commentary from the 22 sessions, including the brands and practitioners behind each loyalty trend
  • Detailed examples of how loyalty programmes are being reworked around behavioural psychology, AI empathy, and financial measurement
  • Event-specific quotes and brand stories from Petron, HELLENiQ ENERGY, Virgin Active, and others that show how the ideas play out in practice
  • The closing product and sustainability references that point to Comarch's broader loyalty and data management messaging

👉 Comarch's full post includes the session examples, speaker quotes, and programme stories behind these loyalty trends.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or identity governance in your organisation, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-16.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org