Customers who sign up for loyalty programs could be exposing themselves to increasingly targeted and sophisticated cyber attacks, a leading marketing and ethics lecturer says.

When the consumer watchdog released its final report on Tuesday into the nation’s customer loyalty schemes, Deakin University’s Michael Callaghan said there was one glaring omission from its 150-odd pages: Cyber security.

The Australian Competition and Consumer Commission (ACCC) has been investigating a swathe of schemes for the better part of the year.

Its culmination makes a range of recommendations to address concerns around users’ data harvesting and slippery terms and conditions.

It has called on businesses to be more transparent about where and why data is being shared to third parties, and to stop automatically synching a shopper’s payment card to their member account.

The report also pushes for an overhaul to consumer and privacy law, which was flagged in its digital platforms inquiry findings in July.

What concerns Dr Callaghan, who specialises in business ethics and online marketing, is the absence of recommendations around how securely a customer’s harvested data is stored.

• Read more: The ACCC’s guide to customer loyalty schemes

The information gathered through loyalty schemes – like someone’s purchase history, transaction methods and how likely they are to subscribe to special deals – can be combined with their personal details to make a pretty accurate individual profile, Dr Callaghan told The New Daily.

Hackers and cyber criminals can then use this profile to their advantage.

“They can use that (data) to figure out what’s the best way to approach you with a deal that’s too good to be true,” Dr Callaghan said.

Through a convincing email offering an exclusive deal (maybe from a website or brand you’ve bought before), a quick link-click can deliver your data into the hands of a criminal.

The ACCC’s investigation found lots of consumer complaints about reward points expiring without their knowledge. Photo: Getty

• Related story: Customer loyalty programs ‘stealing’ data

It’s a threat that’s alluded to in the ACCC’s report but not directly addressed: “As consumer data is shared more and more frequently, the risks of a data breach increase.

“The lack of clarity and broad discretions and consents in privacy policies may also lead to low consumer awareness of the underlying risks of joining a loyalty scheme, such as data breaches of either the scheme or the partners to which consumer data is disclosed.”

The report states that no breaches of loyalty program data have been disclosed to the national privacy commissioner – but Dr Callaghan said that many companies might not even be aware their databases had been compromised, or if they were required to notify the commissioner if they had been targeted.

Is loyalty really rewarded?

Overall, consumers need to remember loyalty schemes exist in order for companies to maximise their products through detailed insights.

“Everyone should really be waking up to the fact that if someone is making money off you, they’re not your friend,” Dr Callaghan said.

“It really does come down to consumers being very careful with what they’re not only buying but what they’re sharing.”

His verdict on loyalty and reward schemes? You’re better off buying the “incentive” straight up.

The ACCC said in a statement one of the big concerns raised during the investigation was the profiling of customers, and increasing amounts of targeted advertising.

• Related story: Foxtel’s frantic bid to keep its customers

ACCC chairman Rod Sims said such practices could result in individual customers being offered different prices for the same product or service.

“Many consumers are increasingly concerned about receiving targeted advertising, in some cases from companies that they have never dealt with before,” Mr Sims said in a statement.

“There is also an emerging risk of real consumer harm if individual consumers were to be charged inflated prices based on profiling derived from their data.

“For example, if a person’s frequent flyer data or online search history indicates they can only travel on certain dates, or otherwise based on their income, geographic location or other information collected through the loyalty scheme, they may be charged extra.”