Supermarket giant Woolworths has reiterated its claim that there has been no unauthorised access to Everyday Rewards accounts amid mounting complaints of "disappearing" loyalty points accrued by members of the program.
Woolworths, which has been subject to data breach allegations in the past, told Yahoo News Australia that it has been "assisting a small number of members who appear to have been the victim of unauthorised access to their Everyday Rewards accounts", but deny a widespread issue.
"We have, however, not seen an increased spike in customer calls or emails in relation to unauthorised access in recent months and there is no evidence to suggest our Everyday Rewards systems have been breached or compromised," a spokesperson said in response to queries about the complaints.
Frustrated Everyday Rewards members have once again taken to Facebook to complain about their disappearing rewards points, sharing their experience in groups and the supermarket's page.
"What's happened? I have gone to boost my weekly rewards. And my $140 banked for Christmas is gone. I have no boosted offers at all and none available. I have multiple recent receipts missing since the 1st of October," one member complained on Facebook.
Other Everyday Rewards members posted similar complaints earlier this month, with one mentioning she had her rewards dollars spent in stores in another state she hadn't been to, while another member said she learned someone was trying to access her account after receiving two requests to reset her password.
'Fundamental security flaw'?
One Woolworths customer who works as an IT security engineer raised a similar issue with the supermarket chain, saying he had a fraudulent transaction on his account that wiped out $440 worth of his rewards.
The IT professional claimed on Facebook that the common occurrence was due to a "fundamental security flaw" with the Everyday Rewards system that "allows anyone to crawl the rewards system with generated card numbers and pull balances".
"Then all you need to do is generate a barcode and scan it at checkout and you can steal rewards," he explained.
Speaking with Yahoo News, the main said he did get his Rewards points back, but pointed out that the problem is "all too common" in large corporations with different IT departments developing apps such as Everyday Rewards.
"Red tape and bureaucracy often get in the way of developers writing good, secure code," he explained. "It's a huge industry-wide problem."
Woolworths, however, says that in cases reported to them, they found that accounts were accessed using valid login or account details, which scammers managed to obtain from members.
"This indicates fraudsters have likely obtained these members' login credentials and account details from online scams or other sources," the spokesperson said. "If any members' points have been accessed through fraud, the Everyday Rewards team will work with them to secure their account."
The Woolworths spokesperson added that they encourage members to "keep their accounts secure with strong passwords and to be wary of scams and phishing."
Do you have a story tip? Email: email@example.com.