Gift cards are some of the most popular tools for fraudsters. Just about any merchant can be hit by an attack that involves gift cards. There are many ways for organized criminals to exploit gift cards, from simple frauds that leave merchants stuck with chargebacks to hacking merchant gift card databases. Here’s what every merchant should know about this trending type of fraud.
U.S. consumers spent about $160 billion on gift cards in 2018. Gift cards are so popular that most of us don’t think twice about buying them, offering them to customers or accepting them as payment. But some of the things that make these cards such popular gifts also make them appealing to everyday scammers and organized criminals.
First, gift cards are anonymous and basically untraceable. Each gift card is like digital cash, with no permanently linked account information that could tie it to one person. It’s also easy to convert gift cards into merchandise or even back into cash. Legitimate gift card holders can shop with their cards or sell them at a discount online. Criminals can buy merchandise for resale or trade the card value for cryptocurrency.
Gift card sales peak during the holiday shopping season. The National Retail Federation’s 2019 Winter Holiday Trends survey found that 54.0% of shoppers will give gift cards to the people on their list. All those gift card transactions provide cover for fraudsters. They know it’s easier to hide fraud in the surge of transactions during peak sales seasons. They also know that many merchants loosen their fraud controls during major shopping seasons, to prevent order-approval bottlenecks and to maximize sales.
In addition, while gift cards may look like credit cards, but they’re not. Gift cards are not bound by the same industry standards for their activation, tracking and use. That means scammers have the freedom to get creative with gift card schemes, which is why gift card fraud ranges from simple purchases made with stolen data to in-house fraud gangs to international organized crime.
Here are some of the ways scammers exploit gift cards:
- Buying online gift cards with stolen payment data: The most common e-gift card fraud is plain old card-not-present fraud. Thieves use stolen credit card data to buy gift cards online, then resell the cards online for cash. When the credit card holder discovers the charge, the merchant who sold the gift card is hit with a chargeback.
- Asking for a gift card instead of a refund or exchange: Here, a fraudster buys something online with stolen card data. Soon after the order is approved, they call to cancel and request a refund—on a gift card. The gift card usually can’t be traced, and the merchant gets a chargeback from the holder of the stolen credit card.
- Taking over an account and buying gift cards: With someone’s bank or online shopping account credentials, criminals can buy lots of gift cards and spend them or cash them out before they’re caught.
- Hacking merchants to steal gift card numbers in bulk: Phishing, SQL injection, social engineering of employees, corruption of employees and accidental data exposure are some of the many ways hackers and thieves can obtain batches of gift card numbers from retailers.
- Other ways fraudsters exploit gift cards: Criminals can hack stolen credit card and loyalty accounts to convert points into digital gift cards. Email scammers often target a company’s employees by posing as a company executive, asking for a quick purchase of gift cards and requesting the numbers from each card. Criminals can match gift cards to their online activation codes by using bots to quickly test lots of combinations. And there are so many ways that criminals working together can exploit physical gift cards in stores that it would take another article to cover them all.
How can merchants protect themselves from gift card scammers?
Preventing gift card fraud is not a simple process, because there are so many fraud modalities and because the gift card lifecycle often combines online and brick-and-mortar retail. However, there are a few key steps merchants can take to reduce their gift card fraud risk.
- Track your gift card data. Retailers who offer gift cards can track each one from purchase to redemption. Tracking this data can flag unusual behavior, like instant activation and use, for investigation.
- Strengthen and broaden internal controls. Fraudsters often work in groups and run more than one scam at once. Stringent reconciliation processes can identify flags that may indicate employee fraud. Also, merchants can cross-check all instances of confirmed gift card fraud with their employees’ activity as well as activity at other locations to look for other fraud flags.
- Monitor brand mentions on gift card trading sites. This can help you spot and shut down brand impersonation fraud.
- Postpone card activation. To reduce the risk of fraudsters activating a card without completing their transaction, activate any gift cards last, after all the other items in a basket of products.
- Make data security a priority. Robust information security practices can help merchants avoid IT glitches and data breaches than can lead to some of the types of gift card fraud described above.
By taking these steps, your company can identify fraudulent gift card activity, spot internal fraud, protect your brand, reduce gift card theft and keep your gift card data safe from hackers. Together, these steps can make your business a much less tempting target for fraudsters and encourage them to move on.
ClearSale provides online retailers with fraud-prevention technology and services designed to protect against chargebacks.