TL;DR: Forrester’s Loyalty Platforms Landscape, Q3 2025 highlights 28 notable vendors while positioning member data, fraud detection, and AI-based business rules as core capabilities in modern loyalty systems. The governance lesson is that loyalty now depends on real-time data, control design, and fraud resilience, not just rewards design, according to Forrester.
NHIMG editorial — based on content published by Comarch: loyalty platform features, AI, and fraud controls in 2025
Questions worth separating out
Q: How should organisations govern fraud controls in customer loyalty platforms?
A: Treat fraud controls as part of programme governance, not just detection tooling.
Q: Why do loyalty platforms create identity and access governance risk?
A: Because they centralise customer data, reward logic, and operational overrides in one place.
Q: What do security teams get wrong about AI in loyalty systems?
A: They often focus on the AI label instead of the control boundary.
Practitioner guidance
- Separate loyalty administration roles from campaign operations Limit who can create offers, adjust reward rules, and override member outcomes.
- Treat member profiles as governed identity data Map which systems feed member attributes, where consent is stored, and who can export enriched profile data.
- Require auditability for reward changes and redemptions Keep immutable logs for point adjustments, tier changes, manual exceptions, and unusual redemption events.
What's in the full article
Comarch's full article covers the operational detail this post intentionally leaves for the source:
- Specific Comarch feature examples for personalization, tiering, rewards, and analytics workflows
- Detailed descriptions of fraud detection capabilities such as anomaly detection and loophole tracking
- Product-level examples of AI support through MAIA and marketing data analytics workflows
- Platform-specific implementation ideas for loyalty programmes that want to operationalise segmentation and reward logic
👉 Read Comarch’s analysis of loyalty platform features for 2025 →
Loyalty platforms and AI-driven fraud controls: what matters now?
Explore further
Loyalty platforms are becoming identity systems in disguise. Once customer behaviour, preferences, and rewards are tied to real-time decisioning, the platform is no longer just a marketing layer. It becomes an identity-adjacent control plane for entitlements, trust, and segmentation. That makes access, auditability, and data governance the hidden security requirements, not optional extras. Practitioners should treat loyalty data as governed identity data, not just campaign data.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: Who should own governance for loyalty platform data and rules?
A: Ownership should be shared across marketing, fraud, security, and data governance, with clear decision rights for each. Marketing should not be able to change reward logic without oversight, and security should not be disconnected from customer-impacting exceptions. That division is what keeps the programme accountable.
👉 Read our full editorial: Loyalty platforms now hinge on fraud, AI and real-time data