In this paper we investigate the problem of providing application domain security constraints to distributed systems will maintaining high availability. This study uses the application domain of business loyalty incentives as a motivating example. The loyalty incentives are earned through electronic point and currency programs while the modeled system ensures the incentives are not vulnerable to cyber-attack. We consider five loyalty activity categories rewarded by companies to their patrons; social networking rewards, web-site browsing rewards, mobile browsing rewards and referral/social circle rewards. We document vulnerabilities with each activity category, propose and implement a solution that will ensure the activity being rewarded is the activity that is intended by the reward program.