Card brands receive trillions of dollars in payments worldwide (VISA data 2021) and these figures are based on the trust that the cardholder has to place their card data for purchases of goods and services in present and non-present card channels.

IQ Information Quality has fourteen years of experience in providing security services in digital payments for Latin America and the Caribbean, approved by the PCI SSC (PCI Security Standard Council), to perform the evaluation of compliance with international standards (PCI DSS, PCI PIN, PCI 3DS) that protect payments made with cards (VISA, Amex, Master, Discovery) in card present (POS) and card not present (e-commerce and telephone) environments.

PCI standards are industry best practices to protect any electronic transaction where sensitive data must be protected and can be used to secure other payment ecosystems such as:

  • Private Cards
  • BNPL (Buy Now Pay Later)
  • International Wire Transfers
  • Person-to-Person P2P payments
  • Toll Payment
  • Loyalty points
  • Cryptoassets.

In any payment your customers make, there is sensitive card data information that must be protected.


A loyalty program is a marketing strategy established by a company with the purpose of rewarding the purchasing behavior of its customers, which produces in them a sense of loyalty and faithfulness to the brand.

Fraud also surrounds loyalty points programs.

Your accumulated points and air miles - hard to earn - can be an easy target for cybercriminals, so you should protect yourself. If you are a loyal customer, you should take extra precautions to protect your accounts and the benefits you have accrued.

It's not just about protecting the points you can redeem, but also any sensitive personal information stored in those accounts.

Where can Points loyalty programs be included?

  • Free flights and hotel stays (e.g., airline miles)
  • Free or subsidized cab rides (e.g., Uber)
  • Free groceries

How do cybercriminals operate?

Essentially, there are three potential threats to loyalty cards in general:

  • Malicious employees within the company, who steal customer personally identifiable information (PII) and points.
  • The biggest threat is from external attackers, who hijack accounts to steal points, make purchases, transfer points and/or steal customers' PI to sell illegally.

The risks associated with this type of payment ecosystem are related:

  • Leakage of sensitive information of users' personal data.
  • Compromises in the systems that perform transactions associated with the accumulation of points and their redemption. These compromises can lead to unauthorized changes in users' accumulated points balances.
  • Compromises in the sensitive information with which users authenticate themselves in the stores that are part of the loyalty program that may lead to fraudulent transactions with users' points.

The services that support the protection of point ecosystems are :

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Scope identification and validation
  • Identification of the controls that apply to the scope according to the best practices of the PCI standards.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with control

Your mission:

Start NOW to protect your customers and your business.