London24NEWS

ANGHARAD CARRICK: Why will not Sainsbury’s cease Nectar fraud?

Supermarkets have increasingly introduced loyalty or member prices for basic items, which means there is now two-tier pricing in most major shops.

That unfairness aside, we have reached a point where most Brits have a loyalty card for at least one big supermarket in their wallet.

As with our debit and credit cards, we expect some level of security when we hand over our details.

But sadly, some Sainsbury’s customers can’t say the same.

Scammers have targeted Nectar card holders - what is Sainsbury's doing about it?

Scammers have targeted Nectar card holders – what is Sainsbury’s doing about it?

We have heard from readers who have had thousands of their points stolen by scammers and used in stores up and down the country.

Unfortunately, this scam is not a new phenomenon.

This Is Money editor Lee Boyce wrote about someone losing £700 worth of Nectar points in 2017 and a cursory look at social media suggests the scam goes back as far as 2011.

Sainsbury’s bought Nectar in 2018 so the blame can’t be laid entirely at their door, but you would hope that since the deal they would have bolstered security on such a well-known scam.

Sadly, that doesn’t seem to be the case.

One reader recently got in touch to say that she lost over £230 worth of their Nectar points in a store miles away from their home. 

While the points were initially refunded, Suki was later told that the investigation team at Sainsbury’s had decided there was no fraudulent activity on the card. The refunded points were removed and she was directed to the police.

Another reader, James, who was defrauded nearly £400 worth of Nectar points tried to do exactly that and was told by Action Fraud it was ‘not a police recordable crime’.

Sainsbury’s is pointing customers in the direction of a police force that doesn’t have the time or, frankly, interest to investigate and is shirking responsibility entirely.

So, Sainsbury’s is pointing customers in the direction of a police force that doesn’t have the time or, frankly, interest to investigate and is shirking responsibility entirely.

Statistics show that there is not enough time to investigate crime in physical stores. 

Just 36 per cent of incidents of violence and abuse were reported to police by retailers, according to the British Retail Consortium. The main reason cited for failure to report was lack of expectation that it would make any difference, along with lack of staff time.

Only 8 per cent of reported incidents were prosecuted.

That the under-resourced police would dedicate time to Nectar point fraud is frankly laughable.

Separately, the ins and outs of this fraud are difficult to work out. There are no flash alerts, no stolen cards and no dodgy phone calls.

There are various online theories about how the scammers manage to replicate bar codes and generate the numbers for a card, but it remains a mystery.

When I put the most recent case to Sainsbury’s, I asked how the points were being used without a physical card and what measures were in place to protect customers.

Sainsbury’s refused to explain how the fraud was happening but said it has measures in place to detect and, in many cases prevent, fraud. 

It is understandable that it does not want to draw attention to the intricacies of this fraud, but its preventative measures don’t seem to be working as effectively as they should. 

It said the points fraud affected just a ‘tiny proportion’ of its 18 million customers. But even 0.1 per cent of 18million Nectar holders is 18,000 people. 

If the fraud isn’t as widespread then it should have better systems in place to protect its millions of customers. 

An option to only be able to use with a physical card or on one device could help, for example. 

Given that the scam has been going on for years, it throws up the possibility that it doesn’t know how to stop it. In this case, it is a serious security breach which will mean all 18million of its customers are at risk.

 Sainsbury’s refused to explain how the fraud was happening but said it has measures in place to detect and, in many cases prevent, fraud. It is understandable that it does not want to draw attention to the intricacies of this fraud, but its preventative measures don’t seem to be working as effectively as they should.

I struggle to understand how this could be the case, if not for their customers but for their bottom line.

It seems Nectar has changed its policy somewhat. 

When we wrote about the scam in 2017, it was slow to refund the points before we stepped in. 

Now it seems that when a customer flags it and there are signs of fraudulent activity, they’re much quicker off the mark.

If this is happening at scale, Sainsbury’s must be losing out. The cost of a security system overhaul could significantly outweigh this, though, so it is perhaps understandable. 

Retail experts often refer to something called ‘shrinkage’, which is the amount they expect to lose from administrative errors or shoplifting. Generally this averages around 2 per cent of total sales.

It may be that the Nectar card fraud is now being treated as part of this shrinkage and therefore part and parcel of running a large supermarket.

For the customers though, it is not a question of the points, which now tend to be refunded, but about the security of their details.

Ultimately, customers value trust. If other loyalty programmes don’t have security issues at such a large scale, why is Nectar so vulnerable?

If Nectar doesn’t step up its security, it could lose the loyal customers it is trying to reward, especially in an era where we’re being heavily pushed into using loyalty schemes or face higher prices.

How on earth are points being spent? 

I’ve been covering Nectar points fraud for nearly a decade, writes This is Money editor Lee Boyce.

Last week, I logged into my Nectar account for the first time in ages. 

I noticed 4,000 points had been pinched – spent in Sainsbury’s West Ealing last July.

You can only go back a year on the statement, so I have no idea if more points have been stolen. 

What I can’t understand is: I have the physical card, and presumably whoever redeems points would need my details to log-into the app to spend them at the till. 

Surely it’s time for Nectar to have a toggle on its app to say: points can only be spent with the physical card, or a device registered with the correct mobile number.

Perhaps the cost of implementing 2FA or extra security measures isn’t justifiable. 

But, considering we have been covering this scam for years, and we never hear from readers about points being nicked via other major loyalty schemes from retailers such as Tesco or Boots, it feels incredibly strange that it’s still persists. 

All it does is damage Sainsbury’s and Nectar’s brand – it’s not a good look. 

PS: There have been occasions in recent months when I’ve not had my Nectar on me in store. Instead of paying higher prices, I just nab one of the cards from customer services, use it for the discount, then never use it again…