Every loyalty program relies on an element of trust with your customers. You trust that they will not game the system or expose it entirely. You trust that they will be honest and use the program as it is intended. But, there is always that 0.01% of people that are looking to take advantage or are willing to commit outright fraud.

It is important to realize that your loyalty program should focus on the profitable 99%, rather than focusing on the few who look to game it. This article gives suggestions on how to best address the small minority, without impacting the profitable 99%.

What is Loyalty Fraud

Loyalty fraud is when a customer finds a loophole or a hack to expose the system for a personal gain, that is considered excessive for the loyalty program. One of the best examples of this loyalty fraud is a $54 dollar Starbucks drink.

“My Starbucks Rewards” is one of the best customer loyalty programs in existence! But even the best can become victims of loyalty fraud. The Starbucks program allows a customer to get a free item on their birthday or after accumulating 12 stars. The program now says “some restrictions apply” after a customer took advantage in a major way.

A customer used his free beverage to create a $54 dollar monster of a drink. The drink included 60 espresso shots, many types of drizzle, protein powder and flavored syrup. The giant frappuccino was then placed in a glass vase, and was 100% free.

loyalty fraud starbucks

Original image @ACIFH/Twitter

This exactly the type of excessive redemption that would be considered loyalty fraud. While this particular example is in retail, people will still find ways to game the system in the ecommerce world as well. So how do you protect against loyalty fraud on your online store?

Prevent Loyalty Fraud With Smile.io

Most online loyalty fraud stems from activities that can be repeated to constantly accumulate points. With Smile.io this would be social shares, reviews, and referrals. At Smile.io we realize that these rewardable actions can be “gamed” and have integrated ways to battle loyalty fraud into our system.

Social Shares:

To deter constant social sharing we recommend two courses of action. The first is to set a daily cap for shares. Within Smile.io you can set the maximum amount of times a social share will be rewarded with points. The shopper will be able to continue sharing, but will not be awarded points after they exceed the daily limit.

loyalty fraud social share limits

The second way to deter constant social sharing is to have the points be awarded after a set period of time. You can set a time between the share and the actual awarding of the points. Many people looking to expose a program are looking for instant gratification and the lag between action and reward is enough to stop them. The combination of limits and time intervals makes gaming the system to slow to be profitable for most loyalty fraudsters.


To deter a shopper from leaving endless and non-value added reviews; Smile.io sets review points to be pending the approval of the review. This allows merchants to see if the review is worthy of points or if it is someone just looking to expose the system. Having reviews be pending approval eliminates people writing reviews to accumulate points.

loyalty fraud embarrassing review

Not the best review for a table

It also makes sure that you do not have embarrassing or rude reviews/comments on your site for the world to see.


To reduce the amount of points that are awarded for non profitable actions, Smile.io allows you to award for referrals when the referral signs up for an account or makes their first purchase. This makes it harder for a would be scammer to get points for awarding referrals.

A scammer would have to: make a fake email, refer that email, create an account from that fake email, and purchase something from that account just to be awarded points. Many scammers are looking for a quick way to game a system and this just has too many steps for them to bother.

Despite all the scam counters that have been put in place there is a very small chance someone will still try to compromise your program. This can be prevented with a few simple checks that will take you a couple of minutes a day. These monitoring techniques are listed below.

Further Protect at the Warehouse Level

After a discussion with Jason Russell of Magentity, we came up with further checks and red flags that can prevent loyalty fraud. Jason is very familiar with the Smile.io product and was spot on when he said  “Treat your loyalty program with respect, it requires monitoring just like any other process that is allocated money.”

loyalty fraud jason russell quote

If you monitor correctly there are signs that you may have a customer attempting to take advantage of your loyalty program. These red flags can be caught before shipping the product to the customer, and can prevent a costly hack by a shopper.

Just Shipping Costs

A red flag for loyalty fraud is an order that only has a shipping cost. If the order only has this cost it means that the order was completely paid for using points and the shopper is only paying the shipping.

loyalty fraud jason russell quote red flag

While this does not automatically mean that that order is fraudulent, it just means that it should be investigated further. This is especially true if it is for a large or expensive order. If a customer has accumulated that many points they may be gaming the system.

High Order Frequency

Another flag should be raised if you see the same customer’s name again and again when filling orders. If a single person seems to be ordering much more frequently than what would be standard, there might be a problem.

This customer may be rapidly accumulating points and spending them on frequent, smaller orders. Once again this is not a reason to immediately assume loyalty fraud, but a marker that this order may need to be investigated further.

How to Check Suspicious Orders

If a customer’s order looks suspicious for one of the reasons listed above it should be analyzed. The way to do this is to look into the customer that is ordering. You should be looking at the order history for this customer. Does this customer have multiple orders with only shipping costs? Does the customer order way too frequently?

As mentioned before, one instance of these alarms is not a reason to assume loyalty fraud. However, if after checking the orders you see multiple red flags, you should monitor that customer more closely. You should also look at this customer in Smile.io to see their loyalty activity. There are quick tells in our extension that prove if that customer is taking advantage of your program.

loyalty fraud smaller points transfer tab

If a customer has been flagged as suspicious, log into the Smile.io admin and search their name in the manage transfers tab. This will show you all the point transactions that have occurred with this customer. If the customer is receiving more than a normal amount of points for a particular activity you can look at each individual transaction and check for legitimacy. If the customer has hundreds of transactions more than the average this is an immediate flag for loyalty fraud.

If the transactions are not legitimate you can label that customer so they will no longer earn points on your site. This is usually done using a customer group. You can effectively put that customer in “loyalty point jail”. Once there, the customer will still be able to interact with your site but will no longer be rewarded for doing so.

Loyalty Program Monitoring

It is important to remember that 99% of your customers are using your loyalty program properly so do not punish them for the mistakes of the minority. If you set every rule to be pending approval you will catch loyalty fraud more often, but you will also create an experience that is slow and bureaucratic for the 99% of customers who are using the loyalty program as it was intended.

At Smile.io we recommend automating the awarding of points as much as possible. It creates less work for you and creates a better experience for you shoppers. Instead of putting every prevention tactic in place, Jason and I recommend a little bit of loyalty monitoring. Two checks that will take 10 minutes (or less) a day.

loyalty fraud 2 checks 10 minutes

Sort Orders by Cost

Sort your orders by cost and look for orders that only have the shipping cost. Are there any orders going out that meet this criteria? Do any of the orders look suspicious? If a large order is going out with only the shipping cost you might want to investigate further. If the name looks familiar from a previous order it will be worth checking as well.

Check Point Transaction History

If you check the points transfer page once a day you will see if anyone is accumulating points at an alarming rate before they get to spend them. This is the best way to check for loyalty fraud and you can dig deeper instantly if you see suspicious activity. This quick check will take you a couple minutes at most.

That’s it! Two checks you can easily perform to completely protect you from a would be fraudster.

Important to Remember

It is very important to remember that loyalty fraud is rare and conducted by a very small portion of program members. With minimal monitoring you can prevent loyalty fraud on your site without having to punish or limit the customers that are enjoying the program the way it was intended. Keep calm and loyalty on!

loyalty fraud who's using smile.io CTA