Loyalty card hacks can easily go unnoticed by consumers.
Hackers are very inventive when it comes to stealing money. This is demonstrated by the scams of a new kind that have emerged in supermarkets in recent months. As explained The telegramthey consist of using the euros accumulated by customers on their loyalty card by obtaining information about their account.
And to get the famous identifiers, the perpetrators of these scams only need to go to the dark net.
A bargain for hackers
“It’s not just about the loyalty cards of the shops but about all the accounts in which you have registered contact details. It can be names and surnames, addresses, credit card numbers, loyalty card numbers of a brand”, explained the lawyer specialist in the protection of personal data Hélène Lebon, in the columns of Western France last February.
Data that represents a real business for hackers who then sell these combolists on the dark net.
According to Telegram, the loyalty card data is offered via a server created specifically for this purpose on a social network. They provide the hacked person’s email address, username and password.
Also according to the regional newspaper, this data is sold at a price equal to at least 25% of the amount contained in the loyalty card account. But it can go up to 60% of the customer’s accumulated cat when he also gives access to the card’s PIN code. Auchan, Carrefour, System U… dozens of pirated loyalty cards are offered on a regular basis.
Once this data has been purchased, the scammers can go to the store and pay for the groceries using the hacked person’s loyalty card.
A few hundred cases identified
The Système U cooperative has confirmed to us that it has become aware of these specific scams.
“We have identified a few hundred cases out of a total number of 7 million carriers,” he says.
But they can easily go unnoticed by victims as consumers check their loyalty card account less often than their bank account.
And if the brand talks about a relatively far-reaching phenomenon, it claims to take it very seriously: “‘pirates’ are very active and loyalty cards (whatever the brand) are very targeted”. System U then indicates that it has “enabled additional ‘anti-bot’ protections” on its CoursesU.com and MagasinsU.com sites. “The store teams have been informed again,” adds the cooperative.
To recover this data, hackers use malware that can steal your loyalty card access data. “These malware are retrieved from our customers’ computers after browsing the Internet on trapped sites,” specifies Système U.
To limit the risk of hacking, the shop group reminds you that you should never reuse the same password for multiple websites. “You have to be careful in choosing the Card U PIN code, don’t choose a code that is the same as your date of birth, or a code that is too simple like 0000, 1234 or 1111,” he adds.
Finally, the brand encourages customers who have fallen victim to these scams to file a complaint, making sure that this has recently led to the conviction of a fraudster. In the event of proven fraud, it undertakes to systematically reimburse its customers.