Notifications
Clear all
Topic starter
25/06/2026 2:39 pm
TL;DR: Loyalty programs hold billions in stored value while facing synthetic accounts, credential stuffing, account takeover, insider abuse, and bot-driven redemption fraud, according to Transmit Security. The real issue is not just fraud volume but that customer journeys still assume trust can be layered on after enrollment, redemption, and personalization have already begun.
NHIMG editorial — based on content published by Transmit Security: How Kobie and Transmit Security are shaping the future of secure, seamless loyalty experiences
By the numbers:
- Together, we help reduce loyalty redemption fraud by as much as 70%.
Questions worth separating out
Q: How should security teams reduce loyalty fraud without breaking customer experience?
A: Security teams should separate low-friction engagement from high-risk value actions.
Q: Why do loyalty programmes need identity controls beyond fraud rules?
A: Fraud rules alone usually react to suspicious patterns after damage has begun.
Q: What breaks when loyalty accounts are treated like ordinary customer profiles?
A: What breaks is the assumption that every account has the same risk.
Practitioner guidance
- Add identity proofing to enrolment flows Require stronger verification when accounts are created at scale, when referral bonuses are involved, or when synthetic identity patterns appear.
- Apply step-up controls to high-value redemptions Treat premium rewards, point transfers, and profile changes as elevated-risk actions.
- Unify fraud and identity telemetry Connect behavioural biometrics, device intelligence, login history, and redemption history into one decision path.
What's in the full article
Transmit Security's full article covers the operational detail this post intentionally leaves for the source:
- How the Mosaic platform is positioned across identity verification, behavioural biometrics, device intelligence, and real-time fraud detection.
- The four loyalty-fraud protection pillars as described by the vendor, including enrolment, redemption, orchestration, and trusted identity flows.
- Industry use-case examples across travel, retail, grocery, and financial services.
- The vendor's stated performance claims around redemption fraud reduction and bot-driven sign-up abuse.
👉 Read Transmit Security's analysis of loyalty fraud and trusted customer journeys →
Loyalty fraud and identity verification: what IAM teams miss?
Explore further
25/06/2026 3:46 pm
Loyalty fraud is an identity governance problem, not just a fraud problem. Loyalty programmes now hold stored value, access pathways, and trust relationships that look increasingly like identity infrastructure. That means enrolment assurance, session risk, and redemption governance matter as much as campaign design. Organisations that treat fraud as a downstream exception will keep discovering that the account lifecycle itself is the control surface. The practical conclusion is that loyalty security belongs inside identity governance, not beside it.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when loyalty fraud occurs across marketing, support, and security teams?
A: Accountability should sit with the programme owner, but control enforcement must be shared across identity, fraud, and operations. If marketing owns growth, support owns recovery, and security owns detection, each part still needs a common policy boundary. Without that, attackers move through the seams between teams rather than through a single control failure.
👉 Read our full editorial: Loyalty fraud exposes the identity gap in customer journeys
