SAINSBURY’S is making a huge change to its Nectar loyalty scheme for 18million customers.
The UK’s second biggest grocery store has introduced a new security feature on its loyalty card app to prevent points from being stolen.
The free scheme allows customers to earn one Nectar point for every £1 spent at Sainsbury’s, both in-store and online.
Customers now have the option to freeze spending on Nectar points in the app until they are ready to spend them.
Shoppers can continue to earn points as they shop and get money off.
But it means customers will not be able to use any of their points to get money off their shopping or any other deals until the cardholder unlocks the points in the app.
Sainsbury’s said that when customers unlock their card, it should be instant, but it may take longer in busy stores or during busy times.
The move follows an investigation by The Daily Mail, which found that over 12million Nectar card points worth nearly £63,000 had been stolen from shoppers.
It was reported last October that criminals were using social media channels to sell 1,000 Nectar accounts at a time.
One victim told the outlet how they had planned to use the 10,000 points, worth £50, on a bottle of Remy Cognac for Christmas.
However, just days before they noticed their entire Nectar balance had been used in a store hundreds of miles away from their home.
Another woman living in Nottingham said 500 points worth £2.50 had been spent in Birmingham just days before the holiday.
Then, three hours later, she found that 39,500 points, worth £197.50, had been spent in Taplow.
Nectar did refund the points within a week.
A Nectar spokesperson told The Sun: “We’ve recently introduced a new spend lock feature to add an extra layer of security to our customer accounts, allowing customers to lock their points until they’re ready to spend them.
“Security is our highest priority and we have a range of measures which help to safeguard our customers’ points.”
The lock feature was first introduced in February and not every customer may see the feature in the app at the moment as it is still being rolled out.
LOYALTY CARD FRAUD
Sainsbury’s customers are not the first to be targeted by fraudsters.
Back in 2020, Tesco was forced to block 620,000 Clubcard accounts after scammers tried to steal points.
The grocery giant issued all affected customers new cards and asked them to reset their passwords.
A small number of customers may have had points stolen – but Tesco said that these would be returned and new vouchers would be issued.
It said that no financial data has been accessed and it systems had not been hacked.
More recently, Iceland customers were urged to check the balance on their loyalty cards after a spate of card hacking has left many without credit to pay for their Christmas food shop.
The Bonus Card encourages thrifty shoppers to load cash onto their accounts as they reward an extra £1 for every £20 spent via the scheme.
An Iceland spokesperson said at the time: “Iceland has identified instances of unlawful access to a small proportion of its customers’ Bonus Card accounts.”
“These login details are stolen through security breaches on other websites where customers have used the same password.
“There has been no breach of Iceland’s own systems, nor any loss of data from Iceland itself. Customers are strongly advised to use strong and unique passwords for every website they use.
“We have taken steps to make sure no customers have lost out because of this unlawful activity, and we have worked to restore their balance as quickly as possible.
Scammers tried to steal £250 worth of Nectar points from me
Carrie-Ann Skinner, 41, from Crayford in South East London, had spent a year building up points by regularly shopping at Sainsbury’s.
She had two-factor authentication enabled on her account, it meant that when she attempted to log in to Nectar she was sent an email with a verification code.
Without this function, she may not have been alerted when hackers tried to access her account.
In July last year she received a verification code email, despite not requesting one.
Carrie-Ann told The Sun she thought it was “a bit strange” when she got the notification but after checking her Nectar app, everything seemed fine so she “thought nothing else of it”.
But later in the day, she had an email saying the address on the account had been changed, to what she says was a completely different address to her own.
It’s not clear how the address was changed, as Sainsbury’s says the hackers weren’t granted access to the account.
She quickly changed her password and contacted Nectar, which fixed her address.
Carrie-Ann then changed her password three times.
However, days later she had another email saying her address had been changed again to the same new address.
Nectar then put a permanent block on her card and transferred £250 worth of points to a new card.
Carrie-Ann was left “very angry” and confused by the situation.
“They said everything would be fine, but to be honest, I didn’t believe them because I changed the password three times,” Carrie-Ann said.
“So if the password had been leaked, they shouldn’t have been able to get in the second and third time.”
As a former technology journalist, she says she is hot on spotting phishing scams, using complex passwords and not posting too much information online.
A spokesperson from Nectar said it had seen evidence of fraudulent attempts to gain access to her account, but denied hackers that had ever accessed it.
It says it blocked Carrie-Ann’s original Nectar account to keep her balance safe and transferred the points to a new account, showing their security measures worked.
Carrie-Ann said she no longer keeps too many Nectar points on her card – no more than £20 at a time – in case she is targeted again.
The 41-year-old has also changed her passwords and her email on her Sainsbury’s shopping account.
A Sainsbury’s spokesperson said: “The security of our customer accounts is of the utmost importance and we have a range of measures in place to help us detect, and in cases such as these, prevent fraud.”
