Are Your Points Safe? How to Protect Your Rewards (And What to Do if They’re Stolen)

Criminals are now going after credit card rewards. Here’s what to do if you become a victim — and how to keep yourself safe to begin with.

My Points Were Stolen: What Do I Do Now
Updated May 13, 2024
Fact checked

We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

With all the different redemption options out there, the fact that thieves have started targeting credit card and loyalty points is no surprise. Points and miles can be redeemed for travel, cash, gift cards — you name it. These rewards can be highly valuable. Depending on how many points or miles you have, their value can be in the thousands of dollars.

If you were unlucky enough to be the target of one of these criminals, it can be deflating to learn all your earnings have vanished. But hope isn’t lost until you’ve exhausted all your options to restore your points. Exactly what can be done will depend on your unique situation and the policies of the points issuer.

Since it’s best that you waste no time when handling this situation, let’s jump right into what to do if your points were stolen.

In this article

How points and miles theft can happen

If you’re asking yourself, “How did my points get stolen?” that’s a good place to start. As much as we try to keep our lives secure, there’s always seems to be someone working just as hard to gain access to it.

There are several ways a criminal can break into your account, such as stealing your passwords, phishing, and taking advantage if you use an unsecured Wi-Fi network. Passwords can be stolen if the computer you’re using is compromised or even just from you using a weak password. Phishing, on the other hand, is the criminal practice of communicating by emails, texts, or even phone calls and claiming to be from a reputable company in order to convince you to reveal personal information, such as passwords, account numbers, etc.

Once a hacker has your login credentials, they can access your account as easily as you can. Often, they’ll change the email on file so that when they redeem your points, you aren’t notified. If they don’t change the email and you have notifications turned on, you should receive a confirmation message regarding the transaction. Hopefully, you do. That’s what happened to Albert H., a member of our FBZ Elite - Travel and Points Facebook group.

“I was checking my email when I saw a point redemption-email congratulating me on my recent redemption,” Albert said. “They redeemed my points for cash and sent it to a bank account I didn’t recognize.” Luckily, Chase zeroed out the transfer, and Albert got his points back. But this isn’t always the case.

There are numerous horror stories from people across the various credit card and airline discussion forums describing these types of incidents. Not all of them end with points being returned, either. One person even claimed their verbal password had been compromised. According to a Reddit user, a criminal spoofed his phone number, called Chase, and transferred his entire point balance to a different account. This means the caller somehow also knew this person’s verbal password, as Chase asked for it and then allowed the transfer to go through.

What to do if you discover your rewards have been stolen

The moment you find out your rewards have been stolen, report it. The issue will be tougher to resolve the longer you wait. Call the credit card company or loyalty program that issued your points and explain the situation as soon as you can.

If you find out your points were cashed out or used by a hacker for a free hotel stay, you might be wondering if you can get those points back. This will likely depend on how quickly you report the theft, the evidence provided, and the policies a given company has in place to deal with points fraud and theft.

While some companies may assume full responsibility, others may not. For instance, according to the Southwest Airlines Rapid Rewards terms and conditions, “Southwest Airlines is not responsible for unauthorized access to a Member’s Account and will not replace stolen points or awards.” But that doesn’t mean you shouldn’t report any fraudulent activity or theft of points. Southwest will still likely investigate the situation, and even though its policy states it isn’t responsible, you may see results in your favor. According to members of the Southwest Rapid Rewards discussion forum, some were lucky enough to have success dealing with the Customer Relations team.

Here’s a list of the popular rewards card issuers, airlines, and hotel loyalty programs and their respective phone numbers should you need to contact them regarding points theft:

Issuer Contact info Department
American Express 1-800-528-4800 Customer Service
Barclays 1-866-928-8598 Customer Service
Capital One 1-800-427-9428 1-800-239-7054


Fraud Protection

Customer Service

Chase 1–800–432–3117

1–888–262–4273 (Chase Sapphire customers)

Customer Service
Citi 1-800-950-5114 Customer Service
Discover 1-866-240-7938



Customer Service

Alaska Airlines 1-800-654-5669 Customer Care
Allegiant Air 1-702-800-2088 Member Services
American Airlines 1-800-882-8880 Customer Service
Delta Air Lines 1-800-221-1212 Customer Service
Frontier Airlines 1-801-401-9000 Customer Relations
Hawaiian Airlines 1-800-367-5320 Customer Service
JetBlue 1-800-538-2583 Customer Service
Southwest Airlines 1-800-445-5764 Customer Service
Spirit Airlines 1-801-401-2222 Customer Service
InterContinental Hotel Group 1-888-211-9874 Customer Care
Hilton Hotels 1-888-446-6677 Customer Service
Marriott Bonvoy 1-800-627-7468 Customer Service
World of Hyatt 1-888-344-9288 Customer Service
Wyndham Hotel Group 1-800-466-1589 Customer Care

What you can do to protect yourself against points theft

Many security systems are flawed, and hackers are too good. While long, complex passwords created by tools like Google Chrome’s built-in generator or third-party programs like LastPass are a great start, adding even more layers of protection is the best way to ensure your account is locked down.

To reduce the likelihood of having your points stolen, follow these tips:

  • Use strong passwords: I wasn’t knocking password generators before. Complex passwords are a must and are your baseline for protecting your information. Password generators are great way to produce unique, complex passwords. Emphasis on unique.
  • Enable two-factor authentication: Also known as 2FA, two-factor authentication grants a computer user access only after successfully presenting two or more pieces of evidence (factors) for authentication. You’ll often see this in the form of a passcode sent to your phone or having to answer a few security questions.
  • Don’t stockpile your rewards forever: Criminals can’t steal what you already redeemed. While you may want to save your rewards for something in the future, holding onto rewards indefinitely makes your account ripe for the pickings for criminals. And if you never use your rewards, what’s the point of earning them anyway?
  • Use a point-tracking service: AwardWallet is a service that allows you to track your rewards and loyalty points in one place. You can also set an alert for redemptions, so you always know when your rewards balances change. Membership is free, unless you go with its Plus plan for $30 a year. The Plus plan will give you more insight into your balances, such as historical transactions and unlimited reward expiration notifications.
  • Pay attention to alerts you receive: Don’t get in the habit of ignoring the redemption or spending alerts your card sends you, but also be careful that they’re not phishing messages. Use alerts for what they are. If you aren’t sure if the message is legit or not, don’t click any links or provide any sensitive information. If you’re in doubt about a message’s authenticity, log into your account by going straight to an official portal rather than clicking on a link in a text or email message.
  • Don’t join any old Wi-Fi willy-nilly: Don’t be too eager to connect to any public Wi-Fi you come across. Joining an unsecured network opens you up for attack. Consider purchasing a VPN (virtual private network) to ensure that your connection is secure. Pricing can be anywhere from $3 to $15 a month.

The bottom line when it comes to protecting your points

Loyalty program and credit card points are very valuable, especially in the eyes of criminals, so treat them as you would cash. Having one of the best travel credit cards can bring you a lot of benefit. And while dealing with multiple layers of security might seem like a pain, it’s hard to argue that the extra effort isn’t worthwhile. Always check your point balances frequently, and report any fraudulent activity you see as soon as possible.

If your points were stolen, we’re sorry to hear that happened. This is a real bummer, and we know you worked hard for those points. You can do everything in your power to protect yourself, but sometimes it’s out of your hands. But keeping the tips and information in mind that we provided in this article may keep you safe in the future.

Easy-to-Earn Unlimited Rewards


Card Details

  • Earn 25,000 online bonus points after you make at least $1,000 in purchases in the first 90 days of account opening - that can be a $250 statement credit toward travel purchases
  • Earn 1.5 points per $1 spent on all purchases
  • Longer intro APR on qualifying purchases and balance transfers
  • No foreign transaction fees
  • Apply Now
  • Earn unlimited 1.5 points per $1 spent on all purchases, with no annual fee and no foreign transaction fees and your points don't expire as long as your account remains open.
  • 25,000 online bonus points after you make at least $1,000 in purchases in the first 90 days of account opening - that can be a $250 statement credit toward travel purchases.
  • Use your card to book your trip how and where you want - you're not limited to specific websites with blackout dates or restrictions.
  • Redeem points for a statement credit to pay for travel or dining purchases, such as flights, hotel stays, car and vacation rentals, baggage fees, and also at restaurants including takeout.
  • 0% Intro APR for 15 billing cycles for purchases, and for any balance transfers made in the first 60 days. After the Intro APR offer ends, a Variable APR that’s currently 19.24% - 29.24% will apply. A 3% Intro balance transfer fee will apply for the first 60 days your account is open. After the Intro balance transfer fee offer ends, the fee for future balance transfers is 4%.
  • If you're a Bank of America Preferred Rewards® member, you can earn 25%-75% more points on every purchase. That means instead of earning an unlimited 1.5 points for every $1, you could earn 1.87-2.62 points for every $1 you spend on purchases.
  • Contactless Cards - The security of a chip card, with the convenience of a tap.
  • This online only offer may not be available if you leave this page or if you visit a Bank of America financial center. You can take advantage of this offer when you apply now.
Bank of <span class='whitespace-nowrap'>America<sup>®</sup></span> Travel Rewards credit card
Apply Now

on Bank of America’s secure website

Read Card Review

Intro Offer

Earn 25,000 online bonus points after you make at least $1,000 in purchases in the first 90 days of account opening - that can be a $250 statement credit toward travel purchases

Annual Fee



Why we like it

Author Details

Matt Miczulski

Matt Miczulski is a personal finance writer specializing in financial news, budget travel, banking, and debt. His interest in personal finance took off after eliminating $30,000 in debt in just over a year, and his goal is to help others learn how to get ahead with better money management strategies. A lover of history, Matt hopes to use his passion for storytelling to shine a new light on how people think about money. His work has also been featured on MoneyDoneRight and