Trip Astute has partnered with CardRatings for our coverage of credit card products. Trip Astute and CardRatings may receive a commission from card issuers. Responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered. Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities.
Points and miles theft isn’t something you hear about often, but it’s on the rise. Thieves are starting to realize that it’s not only easier to steal points, but it often can be done more discretely than making unauthorized purchases. A lot of people who’ve had their accounts hacked and credit card points stolen did not realize it until they wanted to use their points to book a redemption.
Why points theft is on the rise
While banks are getting better at detecting fraudulent charges and activity that relate to your spending, there is less effort spent on monitoring your points and rewards. Most people do not check their points every day. This means that a savvy thief could redeem your points for while without you or the bank detecting any unusual activity. If they change the contact info on the account, it makes it even more difficult to detect.
With all the recent hacks, there is a ton of user data floating around the dark corners of the internet. Since many people use the same password for multiple accounts, hackers will use this compromised data to see if they can access other accounts. Add to the fact that a lot of banks, including my Chase account, don’t have robust security options when logging into their website. This makes it hard for the average person to protect their account.
What to do if your points are stolen
Report it immediately
It’s important to be vigilant about any unusual activity. Most points theft results in gift card redemptions rather than transfers to travel partners since it’s harder to trace. If you notice missing points, the first step is to report it immediately to your issuer or bank. Just like with any fraudulent charge, the bank or issuer will do an investigation on how the theft occurred. Since using your points means that the thief likely had access to your account, you’ll want to immediately change your password. It’s important to also verify that your contact information is correct. Hacker will often change your contact information in order to intercept account alerts.
From what I’ve heard, most people have been able to get their points back. However, it can take some time for the banks to perform their investigation and come to a conclusion.
Work with loyalty programs
Also, if you have a co-branded credit card, like a Marriott Bonvoy Boundless or IHG Rewards Club Premier card, you may have to contact the loyalty program to determine how the points were stolen. They will likely be involved in getting your points back instead of the issuer.
Report the incident to local law enforcement
You may want to consider reporting the incident to your local law enforcement. Notifying them of the incident can help investigators collect data and connect activities to other cases. Having additional data points may help to pinpoint a suspect, especially if others have reported similar circumstances.
I hope none of you have to deal with this situation. For a lot of us, points carry a lot of value, not just in monetary terms, but also in the fact that they represent future vacations and travel. Just like with anything valuable, it feels like a huge violation to have them stolen.
Tips to protect against credit card points theft
I want to share some tips to help reduce the risk of being a victim of points theft.
1. Use a password manager:
Password managers are a great way to not only keep all your passwords unique and difficult, but also removes the headache of memorizing them. For example, I’ve used 1Password for years. 1Password generates random new passwords for me that are synced to all my devices. When I need to log into a website or app, I can have it pull the password once I enter my master password.
1Password also detects when an account has experienced a data breach and recommends when you should change your password for specific sites.
There are many other password managers out there. For example, Fiona prefers to use LastPass and it seems to work well for her. The bottom line is that you should be creating complex and long passwords that are unique to every site you visit.
2. Avoid open network connections:
Have you often seen the “free wifi” hotspots at cafes and airports? Be careful when joining them — actually, just avoid them! They’re often a way for thieves to intercept your data, especially your login information. I recommend avoiding these connections or using tools to secure your data.
3. Use a VPN:
If you’re using a connection that may not be secure, I recommend using a VPN service. There are a ton of VPN providers out there. I personally recommend Private Internet Access. It works seamlessly with both my computer and phone, and I use it whenever I’m on a public network. The VPN creates a virtual tunnel between you and the website or service that you’re accessing. This prevents others from intercepting your traffic.
4. Avoid public USB charging ports:
This is a security vulnerability that I recently learned about. Apparently, some public USB charging ports have been altered to install malware on your device. I have to admit that I’ve been guilty of using these USB ports in the past, especially at hotels and airport lounges.
Since you’ve likely packed your own charger when traveling, I recommend using it instead of these open USB ports. Not only will it be more secure, but you can often charge your device faster using a multi-port USB charger. In fact, my Anker 4-port USB charger can charge multiple devices faster than most basic USB ports and default chargers.
5. Track your points with AwardWallet:
AwardWallet is one of the best tools to use for tracking your credit card and loyalty points. Using AwardWallet can also notify you when there are changes to your point balances, which can be extremely helpful for detecting points theft.
6. Check your point balances if you get a fraud alert:
If you happen to have a fraudulent charge appear on your account, I suggest checking your point balances. Most times, we’re more concerned about getting a new card number and replacement card. We don’t check to see if our points or rewards have been affected. While having a fraudulent charge doesn’t mean that your points balances have been compromised, it’s good practice to check them anyway.
7. Beware of phishing emails or calls:
Since stealing your points requires access to your account, your login information is more valuable than your actual credit card. One of the easiest ways for thieves to get this information is by simply asking you for it! Be wary of any emails or phone calls requesting that you enter your login information or provide any password details over the phone. In fact, even when I get emails alerting me to a new statement, I avoid clicking on the links. Instead, I log into my account like normal and access the statement. That way I know that I’m not going to a spoofed website that is trying to “phish” my information.
I would love to see issuers and banks implement more security measures for accounts. Specifically, multi-factor authentication measures like time-based passwords and tokens. Our financial accounts are so important to our lives. It doesn’t make sense that industry-standard security measures aren’t used to protect them!
Have any of you experienced points theft or know anyone that has? Also, do you have any other tips to share?
If you’re interested in applying for a new credit card, we encourage you to compare credit card offers. We do get a commission if you use our link. It doesn’t cost you anything extra, but it helps us to continue building content for our site and channel.