Details
Written by: RJ
Wired is reporting on new findings from cyber security researchers on loyalty programs. The research looks at Points, the company behind running most loyal programs in the travel space. The study was commissioned by Points, who worked with researchers to patch the weaknesses .
The research highlights weaknesses in Points Application Programing Interface (API) that could allow customer data points and miles to be stolen or the entire loyalty program to be compromised.
“The surprise for me was related to the fact that there is a central entity for loyalty and points systems, which almost every big brand in the world uses,” Shah says. “From this point, it was clear to me that finding flaws in this system would have a cascading effect to every company utilizing their loyalty backend. I believe that once other hackers realized that targeting Points meant that they could potentially have unlimited points on loyalty systems, they would have also been successful in targeting Points.com eventually.”
-Researcher quote
“As part of our ongoing data security activities, Points recently worked with a group of skilled security researchers concerning a potential cybersecurity vulnerability in our system,”
“There was no evidence of malice or misuse of this information, and all data accessed by the group has been destroyed. As with any responsible disclosure, upon learning of the vulnerability, Points acted immediately to address and remediate the reported issue. Our remediation efforts have been vetted and verified by third-party cybersecurity experts.”
-Points quote
First reported by Wired
Thoughts
Interesting, as I never thought about how the loyalty programs are managed. Nice to see a company being proactive about managing the security of their systems.
Advertiser Disclosure: Some of the card links and products that appear on this website are from companies which RJ Financial/Profitable Content may receive compensation when you click on links to those products.Terms apply to the offers listed on this page. The content on this page is accurate as of the posting date; however, some of our partner offers may have expired. See our Advertising Policy here.
Editorial Note:
Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, vendors or companies, and have not been reviewed, approved, or otherwise endorsed by any of these entities.