Use AI to Stem the Growing Threat of Loyalty Fraud


When we think of hotel assets, we tend to think of properties. But loyalty programs are some of the most valuable assets in the hospitality industry.

They drive occupancy during the week. They create repeat customers, who are far more profitable than new customers acquired through indirect channels. They can be the most frequent touchpoint with guests, who often receive program marketing even more than they stay on property, see brand advertising, or visit the hotel website. That’s why successfully combining loyalty programs was Marriott’s number one priority in its merger with Starwood.

At the same time, loyalty programs are major liabilities. All those unclaimed points on the books can reach billions of dollars. Loyalty points have real value, and that makes them targets for fraud.

There are many different forms of loyalty fraud perpetrated by many different actors across many different channels. For example:

  • Hackers breaking into customer accounts on and redeeming points.
  • GMs booking (and later canceling) fake reservations to inflate occupancy and receive higher loyalty redemption reimbursements from the brand.
  • Brand employees using their access to corporate systems to award themselves points.

This is just a sample of the fraud that already exists; there are many more. But with programs adding new ways to earn, share, access, and redeem points, the opportunities for fraud are only increasing.

The industry has been lucky so far. While there are many cases of fraud, there hasn’t yet been a massive case that lands a major brand on the front page of the newspaper. When it does happen – and it is when, not if – it will impose huge financial costs. Even worse, the damage to customer loyalty will be incalculable. Why stay loyal to a company that can’t keep your points and data safe?

With each new loyalty program feature, fraudsters are working tirelessly to find new ways to scam it. But too many hotel companies are still looking for fraud by periodically reviewing spreadsheets of historical data. These after-the-fact reviews are too late to prevent the fraud, so companies end up doing damage control rather than protecting themselves.

In addition, these reviews only identify large-scale fraud that follows known patterns. Companies are counting on customers to be their early warning for new types of fraud, monitoring call center reports and message board posts for suspicious reports. But the flood doesn’t always start in dribs and drabs; sometimes it hits you like a tsunami.

The industry needs a new approach that identifies potential fraud in real-time, just like credit card company alerts for charges outside usual spending patterns. With the massive numbers of loyalty transactions, this can be like finding a needle in a haystack. Luckily, that’s exactly what Artificial Intelligence (AI) is good at: exploring data sets to identify new correlations, trends, and patterns.

The term AI is often used as vague jargon. In this context, AI simply means algorithms that independently find patterns to predict events and diagnose transactions. Major industries – like credit card providers – have already incorporated this form of AI into business processes to increase customer satisfaction and decrease fraud. Proven techniques are available to solve real challenges for hotel companies. 

Consider the technique of anomaly detection, which discovers patterns that are abnormal relative to other interactions. These patterns are extremely difficult for humans to find: they are infrequent occurrences within giant datasets and only become clear when you combine multiple data sources. But anomaly detection can easily find a suspicious new combination of data points – such as customer attributes in the CRM, points transfers in the loyalty database, and room redemptions in the CRS – even if that combination happens two times out of a million.

Another useful technique is network analysis to assess customer relationships and similarities. Fraud often involves multiple people working in concert, whether colluding to carry out the scam or spreading activities out to reduce the risk of detection. In network analysis, similarities between individuals or other parties create relationships that link them together. AI can be used to evaluate these networks for risk and similarity, allowing clusters of suspicious behavior to bubble up. In addition, fraudsters frequently alter their online identities to avoid detection; network analysis can also help detect this.

Of course, you can’t just turn on AI and expect it to run on auto-pilot. When anomalous patterns are identified, they still need to be investigated by program experts. In some cases, the patterns will be legitimate. But that just points to an additional benefit: if what is happening isn’t fraudulent, then the AI has found new customer behaviors and personas that you weren’t aware of before. In that way, a false positive gives you new opportunities to understand and serve your customers.  

AI can feel like magic. But many industries have had tremendous success deploying AI methods to improve business processes. There is no need to turn your hotel company into Google. In fact, it’s better to start small and simple. Pick a subset of hotels, a handful of your data sources, and apply some simpler statistical techniques. Train the statistical techniques so that they can identify fraud types you already know about. This will help achieve some quick wins and benefits while you progressively build your capabilities.

This ad will auto-close in 10 seconds