Member Verification for Canadian Loyalty Programs

In a landscape where digital security is paramount, recent developments in identity verification have sparked significant interest. Amidst these advancements, organizations are increasingly adopting new protocols to bolster user protection.

At RewardOps, we've observed a notable shift in the Costco login process, where members are now required to re-verify their identities using Interac^Ⓡ’s sign-in service.

Costco’s message was, “Interac^Ⓡ verification service helps verify your identity to enable access to Costco’s digital membership services. Interac® verification service connects trusted sources that Costco members already have and use, like a financial institution, which can help verify their identities with”. 

However, the process failed when it linked to the user’s bank, indicating the service was not yet available. 

Interac’s sign-in service has been growing quickly, surpassing 100 million transactions in 2022. It has been adopted by most Canadian government agencies, including the CRA and several banks, although not all banks yet support it.

This is a welcome move. Fraud in loyalty programs is ever-present and growing. While some of the volume comes from bad actors inside companies, in most cases, it seems to be due to account takeovers. Miscreants then redeem points for gift cards and certain merchandise, all while the account owner is unaware. 

While companies like RewardOps put in place excellent technology and processes to trap likely fraud at the point of redemption, volumes would be lower if account security was better in the first place, with, for example, minimum standards of two-factor authentication. In fact, it’s probably a good idea for loyalty programs to adopt Costco’s approach and ensure that all members undergo a new verification process rather than reissue the odd ‘card’ to compromised members. Roll on all banks adopting this.

It does feel like the days of proprietary authentication are over; the sector is being standardized and commodified but in a good way. 

While touching on the standardization of verification/authentication, this is also something that needs to progress for business-to-business applications.

It is interesting to note that Antavo’s excellent recent loyalty survey highlighted the need for easy integration with loyalty vendors. The survey’s list of actionable insights refers rightly to API readiness as key.

API integrations have also more or less reached an excellent level of standardization, with most vendors and clients utilizing REST JSON. All good vendors typically have a library of APIs for key functionalities, such as integration with  Points Banks.

However, what is sadly lacking in standardization is (SSO) Single Sign On, which plays a crucial role in loyalty integrations for managing marketing and customer service data, often more than APIs.

While there are a few attempts at establishing a true standard, the reality remains a big soup of different protocols and processes, including many homegrown methods, making SSO the most inefficient piece of the puzzle. It would be great to see a concerted effort towards agreed-upon standards while ensuring the best level of security.