Sainsbury’s has strengthened the security of its Nectar app to protect customers from the growing Nectar card scam, where fraudsters steal reward points. The supermarket launched a new ‘Spend Lock’ feature in February, allowing account holders to freeze their points and control where they can be redeemed.
Previously, the system lacked restrictions on point redemptions. Anyone with access to a user’s account number or barcode could potentially steal and spend their points. This loophole left many shoppers vulnerable to scams, prompting Sainsbury’s to implement tighter security measures.
Millions of Nectar Points Stolen
Reports surfaced in January revealing that scammers had siphoned off approximately 12.5 million Nectar points, valued at over £63,000, in the past year. Many customers discovered their rewards had been spent in distant locations, even though fraudsters had no access to their physical card or app.
Dozens of Nectar card scam victims reached out to the media, reporting unauthorised transactions linked to their accounts. Some discovered their points had been redeemed in shops hundreds of miles away. Despite these cases, Sainsbury’s has not disclosed exactly how scammers accessed such vast amounts of data, fearing that revealing details could encourage more fraud.
Fraudsters Exploit Weaknesses
Investigations suggest criminals have been sharing anonymous Nectar account numbers via encrypted messaging apps. Some fraudsters are even selling access to compromised accounts, enabling widespread exploitation. In April 2023, Sainsbury’s intensified its Nectar loyalty program by launching Nectar Prices, making security concerns even more pressing. With an increase in customers engaging with the program, fraudsters seized the opportunity to exploit any system vulnerabilities.
The introduction of Spend Lock aims to curb unauthorised redemptions. When activated, customers must manually approve each point’s redemption. The account holder can now enable or disable this feature in the app’s settings. However, sources report that Sainsbury’s has not yet fully implemented Spend Lock across all Nectar accounts. Some users still lack access to the feature, leaving them at risk of fraud. Sainsbury’s is gradually rolling it out, but until all customers have it, scammers may continue to exploit unprotected accounts.
Supermarkets Facing Fraud
The rise of scams is becoming a major issue for supermarkets. With loyalty schemes relying more on technology, fraudsters are finding new ways to bypass security measures. Nectar points accumulate when shoppers scan their cards during purchases.
Customers can redeem them for discounts at Sainsbury’s, Argos, and various partners, including British Airways and the Woodland Trust. This makes them an attractive target for fraudsters. A Nectar spokeswoman reassured customers, stating: “We’ve introduced a new Spend Lock feature to enhance security and prevent unauthorised redemptions. Protecting our customers’ points is our top priority.”
Sainsbury’s Tightens Security
While Sainsbury’s strengthens its security measures, customers should take additional steps to protect their accounts:
- Enable Spend Lock as soon as it becomes available.
- Regularly check account activity for suspicious transactions.
- Use strong passwords and avoid sharing account details.
- Report any unauthorised redemptions to Sainsbury’s immediately.
Fraud concerns are not limited to Nectar scams. In the summer of 2024, Sainsbury’s faced a wave of fraudulent coupons, forcing the supermarket to introduce additional security measures at self-service tills. To combat fraud, the supermarket is investing in new fraud prevention strategies. As scammers become more sophisticated, companies must continuously update their systems to protect customers.
