With all the different redemption options out there, the fact that thieves have started targeting credit card and loyalty points is no surprise. Points and miles can be redeemed for travel, cash, gift cards — you name it. These rewards can be highly valuable. Depending on how many points or miles you have, their value can be in the thousands of dollars.
If you were unlucky enough to be the target of one of these criminals, it can be deflating to learn all your earnings have vanished. But hope isn’t lost until you’ve exhausted all your options to restore your points. Exactly what can be done will depend on your unique situation and the policies of the points issuer.
Since it’s best that you waste no time when handling this situation, let’s jump right into what to do if your points were stolen.
How points and miles theft can happen
If you’re asking yourself, “How did my points get stolen?” that’s a good place to start. As much as we try to keep our lives secure, there’s always seems to be someone working just as hard to gain access to it.
There are several ways a criminal can break into your account, such as stealing your passwords, phishing, and taking advantage if you use an unsecured Wi-Fi network. Passwords can be stolen if the computer you’re using is compromised or even just from you using a weak password. Phishing, on the other hand, is the criminal practice of communicating by emails, texts, or even phone calls and claiming to be from a reputable company in order to convince you to reveal personal information, such as passwords, account numbers, etc.
Once a hacker has your login credentials, they can access your account as easily as you can. Often, they’ll change the email on file so that when they redeem your points, you aren’t notified. If they don’t change the email and you have notifications turned on, you should receive a confirmation message regarding the transaction. Hopefully, you do. That’s what happened to Albert H., a member of our FBZ Elite - Travel and Points Facebook group.
“I was checking my email when I saw a point redemption-email congratulating me on my recent redemption,” Albert said. “They redeemed my points for cash and sent it to a bank account I didn’t recognize.” Luckily, Chase zeroed out the transfer, and Albert got his points back. But this isn’t always the case.
There are numerous horror stories from people across the various credit card and airline discussion forums describing these types of incidents. Not all of them end with points being returned, either. One person even claimed their verbal password had been compromised. According to a Reddit user, a criminal spoofed his phone number, called Chase, and transferred his entire point balance to a different account. This means the caller somehow also knew this person’s verbal password, as Chase asked for it and then allowed the transfer to go through.
What to do if you discover your rewards have been stolen
The moment you find out your rewards have been stolen, report it. The issue will be tougher to resolve the longer you wait. Call the credit card company or loyalty program that issued your points and explain the situation as soon as you can.
If you find out your points were cashed out or used by a hacker for a free hotel stay, you might be wondering if you can get those points back. This will likely depend on how quickly you report the theft, the evidence provided, and the policies a given company has in place to deal with points fraud and theft.
While some companies may assume full responsibility, others may not. For instance, according to the Southwest Airlines Rapid Rewards terms and conditions, “Southwest Airlines is not responsible for unauthorized access to a Member’s Account and will not replace stolen points or awards.” But that doesn’t mean you shouldn’t report any fraudulent activity or theft of points. Southwest will still likely investigate the situation, and even though its policy states it isn’t responsible, you may see results in your favor. According to members of the Southwest Rapid Rewards discussion forum, some were lucky enough to have success dealing with the Customer Relations team.
Here’s a list of major travel credit card, rewards card, airline, and hotel loyalty programs and their respective phone numbers should you need to contact them regarding points theft:
|American Express||1-800-528-4800||Customer Service|
|Capital One||1-800-427-9428 1-800-239-7054
1–888–262–4273 (Chase Sapphire customers)
|Alaska Airlines||1-800-654-5669||Customer Care|
|Allegiant Air||1-702-800-2088||Member Services|
|American Airlines||1-800-882-8880||Customer Service|
|Delta Air Lines||1-800-221-1212||Customer Service|
|Frontier Airlines||1-801-401-9000||Customer Relations|
|Hawaiian Airlines||1-800-367-5320||Customer Service|
|Southwest Airlines||1-800-445-5764||Customer Service|
|Spirit Airlines||1-801-401-2222||Customer Service|
|InterContinental Hotel Group||1-888-211-9874||Customer Care|
|Hilton Hotels||1-888-446-6677||Customer Service|
|Marriott Bonvoy||1-800-627-7468||Customer Service|
|World of Hyatt||1-888-344-9288||Customer Service|
|Wyndham Hotel Group||1-800-466-1589||Customer Care|
What you can do to protect yourself against points theft
Many security systems are flawed, and hackers are too good. While long, complex passwords created by tools like Google Chrome’s built-in generator or third-party programs like LastPass are a great start, adding even more layers of protection is the best way to ensure your account is locked down.
To reduce the likelihood of having your points stolen, follow these tips:
- Use strong passwords: I wasn’t knocking password generators before. Complex passwords are a must and are your baseline for protecting your information. Password generators are great way to produce unique, complex passwords. Emphasis on unique.
- Enable two-factor authentication: Also known as 2FA, two-factor authentication grants a computer user access only after successfully presenting two or more pieces of evidence (factors) for authentication. You’ll often see this in the form of a passcode sent to your phone or having to answer a few security questions.
- Don’t stockpile your rewards forever: Criminals can’t steal what you already redeemed. While you may want to save your rewards for something in the future, holding onto rewards indefinitely makes your account ripe for the pickings for criminals. And if you never use your rewards, what’s the point of earning them anyway?
- Use a point-tracking service: AwardWallet is a service that allows you to track your rewards and loyalty points in one place. You can also set an alert for redemptions, so you always know when your rewards balances change. Membership is free, unless you go with its Plus plan for $30 a year. The Plus plan will give you more insight into your balances, such as historical transactions and unlimited reward expiration notifications.
- Pay attention to alerts you receive: Don’t get in the habit of ignoring the redemption or spending alerts your card sends you, but also be careful that they’re not phishing messages. Use alerts for what they are. If you aren’t sure if the message is legit or not, don’t click any links or provide any sensitive information. If you’re in doubt about a message’s authenticity, log into your account by going straight to an official portal rather than clicking on a link in a text or email message.
- Don’t join any old Wi-Fi willy-nilly: Don’t be too eager to connect to any public Wi-Fi you come across. Joining an unsecured network opens you up for attack. Consider purchasing a VPN (virtual private network) to ensure that your connection is secure. Pricing can be anywhere from $3 to $15 a month.
The bottom line when it comes to protecting your points
Loyalty program and credit card points are very valuable, especially in the eyes of criminals, so treat them as you would cash. Dealing with multiple layers of security might seem like a pain, but it’s hard to argue that the extra effort isn’t worthwhile. Always check your point balances frequently, and report any fraudulent activity you see as soon as possible.
If your points were stolen, we’re sorry to hear that happened. This is a real bummer, and we know you worked hard for those points. You can do everything in your power to protect yourself, but sometimes it’s out of your hands. But keeping the tips and information in mind that we provided in this article may keep you safe in the future.