Gift Card Fraud Prevention

Gift Card Fraud TIPS: Gift Card Fraud Prevention Chargeback Prevention FAQ: What is a chargeback? How do I prevent them? Chargeback Services TIPS: How to choose Chargeback Services & Management Chargeback Process FAQ: What is the Chargeback Process? Chargeback Representment FAQ: What is Chargeback Representment? Bank of America Chargebacks Bank of America Chargebacks Visa Chargebacks FAQ: 2020 Visa Chargeback Guide

Table of Contents

  1. Why Is Gift Card Fraud Growing?
  2. What Types of Gift Card Fraud Exist?
  3. Gift Card Refund Fraud
  4. Gift Card Number Theft
  5. Buying Gift Cards With Stolen Credit Cards
  6. Account Takeover Gift Card Purchases
  7. Physical Gift Card Tampering
  8. How Can Merchants Prevent Gift Card Fraud?
  9. Gift Card Fraud Leads to Chargebacks
  10. Can Gift Cards Be Traced?
  11. Can Fraudsters Go to Jail for Using Stolen Credit Cards?
  12. Can Stolen Gift Cards Be Refunded?

Gift cards are one of the most popular holiday purchases and remain in demand year round. A recent survey reported that 83% of consumers intend to purchase a gift card this holiday season. 51% anticipate spending between $50 and $100 on gift cards, while 24% say they will likely spend between $500 and $5,000.

Unfortunately, fraudsters like gift cards too. There are a variety of schemes they can employ to take advantage of the fact that gift cards have few of the security features that modern credit cards do. Many of these schemes will result in chargebacks, with the merchant left holding the bag. But there are ways for merchants to protect themselves and reduce their revenue losses.

BNPL E-GuideAccording to a market research report released in March, the US gift card market is estimated to be $162 billion. Other reports have estimated the global market to be as high as $778 billion.

It makes sense that merchants would want to offer gift cards. Customers want them, they increase sales, and they can be a good marketing tool. That doesn't mean that gift cards are all upside, however.

Gift card fraud is a growing threat for merchants and consumers alike. In order to protect themselves and their customers, merchants need to be aware of the risks and have strategies in place to mitigate them.

Why Is Gift Card Fraud Growing?

Part of the reason gift card fraud is on the rise is the increase in overall gift card sales. Wherever the money goes, fraud is sure to follow. Another factor is the increasing security of credit card payments, making gift cards a comparatively appealing target.

The rapid rise in e-commerce due to COVID-19 brought with it a rise in purchases of online gift cards. More people than ever were suddenly looking for an easy way to send a gift to friends and family they might not see in person, and delays throughout the US postal system made many people wary of purchase gifts that would have to be shipped.

After that initial spike, gift card purchases have continued to increase, and any growing payment method will attract fraudsters looking to exploit it.

At the same time, the security of credit card payments has been increasing. More merchants than ever are using fraud prevention tools like AVS and risk scoring to prevent credit card fraud. Unfortunately, these tools often rely on customer information that isn't available for a gift card.

For example, AVS attempts to verify the customer's identity by asking them for their billing address. Unless you require everyone who purchases a gift card to enter the billing address of the person who will receive it, information they might not even know, AVS can't be used to authenticate a gift card transaction.

What Types of Gift Card Fraud Exist?

Common types of gift card fraud include refund fraud, card number theft, account takeover, and physical tampering. Stolen credit cards may also be used to purchase gift cards, as they're easier to convert to cash than most products.

There are two types of gift cards: open-loop gift cards that can be used with any merchant, such as those from Visa or Mastercard, and closed-loop gift cards tied to a single merchant. Most of the information here will apply to both.

Gift cards are typically untethered to individual identities, hard to trace, easy to convert to cash or resalable goods, and ubiquitous. Better yet for fraudsters, they’re not bound by the same extensive regulations as credit and debit card transactions. It’s no wonder so many different scams have developed around gift cards. Here are the main ones you should be aware of, along with some advice about how to defend yourself:

Gift Card Refund Fraud

If a customer ever wants to return a product and asks to have it refunded to a gift card, watch out. It could be part of a scheme to extract untraceable funds from a stolen credit card. Here's how it works:

Fraudsters use a stolen card number to make an online purchase, then send it back for a refund and ask for the funds to be put on a gift card. Eventually, the payment card’s true owner will report the unauthorized transaction and request a chargeback. The merchant loses twice the transaction amount plus the chargeback fees and hidden costs. Meanwhile, the fraudster has a gift card they may be able to use or sell without issue.

This method of fraud can be easier to get away with during the holidays, as customers returning gifts might have a legitimate reason to request their refund be put on a gift card rather than returned to the original method of payment.

Merchants can avoid this by always insisting that funds be returned to the same payment card used to make the purchase at the risk of annoying those customers making legitimate requests.

Sometimes customers may claim that the account is closed, but this is a red flag for potential fraud. Even if it's true, the funds can still be returned to the closed account and the customer can claim them from the issuer.

Gift Card Number Theft

Fraudsters can virtually print money for themselves by hacking into a company gift card database to steal card numbers and activation codes. This can be done via brute force hacking methods, malware, or using phishing or social engineering attacks against company employees. These last two methods are by far the most common.

Merchants who manage their own gift card data must make sure robust information security technology is in place to defend it against hackers and should track gift card numbers and their usage carefully to look out for suspicious activity.

All employees with access to company computers or systems should receive cybersecurity awareness training, ideally with an occasional refresher. Merchants can also run tests such as simulated phishing emails or social engineering attempts to assess the effectiveness of the training. Areas of weakness can be identified and emphasized in future training.

The most important things for employees to remember are to keep an eye out for unusual or suspicious emails and to never plug an unknown device into a computer. Leaving a USB drive stamped with the target organization's logo in a parking lot is a common method of attack, and even the US Department of Defense has fallen victim to it.

Buying Gift Cards With Stolen Credit Cards

The most widespread form of gift card fraud is also the simplest.

Fraudsters simply use stolen credit card numbers to buy gift cards online and use or resell them before the merchant gets hit with the inevitable chargeback. This is one of the easiest ways for a fraudster in possession of stolen payment credentials to make a quick profit.

Learn How To Fight Them The Smart Way

Merchants who find themselves dealing with this kind of fraud need to look at the software tools, operational procedures, and customer service training that is allowing fraudulent purchases to go through.

Things like AVS/CVV verification, 3-D Secure, and recognizing some of the telltale signs of fraudster behavior can help you stop these transactions before they go through and become a problem.

Some merchants may benefit from anti-fraud tools that use machine learning to identify potentially fraudulent transactions, assigning them a risk score based on information gathered from past transaction data.

Account Takeover Gift Card Purchases

When fraudsters gain access to a customer’s account, they may have free reign to make purchases with stored payment credentials. In many cases, however, this kind of fraud is discovered before the merchandise is shipped out, since customers usually receive an email confirming any purchase.

A more reliable way for fraudsters to wring actual cash out of a stolen account is to buy mass quantities of gift cards, which can be used immediately. Most merchants would benefit from putting a system in place to automatically flag large or repeated gift card purchases for review.

Physical Gift Card Tampering

When you sell physical gift cards in open retail locations, you’re open to a few different kinds of schemes that involve tampering with them. While there are various protections in place to prevent this, most of them are relatively easy for determined or experienced fraudsters to get around.

One method involves copying one gift card’s barcode onto other cards, so that when shoppers purchase and activate the cloned cards, the fraudster has access to those funds.

Fraudsters may also copy down the card numbers and activation codes on cards still on the sales rack, using stickers to cover up any scratch-off coverings they removed. As soon as an honest customer purchases and activates one of the cards, the fraudster can start using it.

When merchants aren’t in direct control of the retail environment in which their cards are sold, it’s difficult for them to prevent this kind of exploitation. Smaller merchants may be able to be more restrictive about how and when customers have access to unsold gift cards. Customers should be aware that it’s always safer to buy gift cards online, direct from the merchant, and that any time you buy a gift card from a retail location you should change its PIN as soon as it is activated.

How Can Merchants Prevent Gift Card Fraud?

The best ways to prevent gift card fraud include:
  • Using effective fraud detection tools to block fraudulent gift card purchases
  • Placing limits on large or repeated gift card purchases
  • Having a system in place to track individual gift cards

Because gift cards are a common target for fraudsters, merchants may choose to require additional authentication steps for gift card purchases. It's also wise to block or require additional authentication for purchases over a certain amount or when multiple gift cards are purchased with the same payment card or from the same IP address.

In order to obtain additional customer information, merchants could choose to require the recipient of a gift card to create an account before using it. While many merchants avoid implementing this requirement more broadly over fears of cart abandonment, that's not an issue with closed-loop gift cards.

Merchants should have a way to tie a chargeback on a gift card purchase to the individual gift card number and either block or void the balance on the card. Note that while this is usually permitted as long as the original purchaser of the gift card has been refunded, laws regarding gift cards vary by jurisdiction.

Gift Card Fraud Leads to Chargebacks

Remember, a gift card security problem is a chargeback problem waiting to happen — or more likely, a chargeback problem already happening. The customers whose payment cards get used to fund the gift cards used in these schemes are virtually guaranteed to dispute the charge sooner or later, and even the best chargeback representment strategies won’t do much to help you when true fraud is the reason.

Don’t treat gift card management like an afterthought. Conduct information security reviews and do what you can to enable as much tracking and monitoring as you need to identify the sources of gift card fraud and take whatever action might be necessary to stop it.

If you're struggling to prevent gift card fraud or any other chargeback issue, you may want to look into hiring a chargeback management firm. They can help you set up the appropriate anti-fraud measures for your business, as well as prevent and fight chargebacks in general.

For more information on holiday fraud and chargebacks, check out our 2022 Holiday Chargebacks webinar.

FAQ

Can Gift Cards Be Traced?

Gift cards tied into credit card networks, such as Visa prepaid cards, can be traced. For gift cards tied to individual merchants, it depends on what systems and processes the merchant has in place.

Can Fraudsters Go to Jail for Using Stolen Credit Cards?

Yes. 18 U.S.C section 1029 states that fraudsters in credit card scams can face up to $250,000 in fines and 10 years in jail.

Can Stolen Gift Cards Be Refunded?

Refund policies for stolen gift cards depend on the seller. Some merchants may be able to void the stolen gift card and issue a refund or replacement, others may not.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com

Chargebacks 101

Similar Posts

Ready to Start Reducing Chargebacks?