Gift Card Fraud Prevention 2020
It’s often said that giving gift cards is “impersonal,” but consumers have spoken, and it turns out that as both givers and recipients, we’re perfectly fine with impersonal. Consumers love the flexibility and convenience of gift cards, merchants love consumers who buy their gift cards. Unfortunately, gift cards are prime targets for scammers and fraudsters, and gift card fraud can leave merchants vulnerable to damaging chargebacks from the credit cards that were originally used to purchase them. How can merchants protect themselves—and their customers—against gift card fraud?
Gift card sales were around $160 billion in 2018, and eyebrow-raising figure that keeps growing every year. Despite the risks, it makes sense that merchants would want to offer gift cards—consumers want them, they increase sales, and they can be a good marketing tool. The important thing is to understand the ways in which fraudsters can exploit gift cards so that you can take precautions to minimize the risk and empower your consumers to keep their funds safe.
What Types of Gift Card Fraud Exist?
Gift cards are untethered to individual identities, hard to trace, easy to convert to cash or resellable goods, and ubiquitous. Better yet for fraudsters, they’re not bound by the same extensive regulations as credit or debit card transactions. It’s no wonder so many different scams have developed around gift cards. Here are the main ones you should be aware of, along with some advice about how to defend yourself.
Gift Card Refund Fraud
If a customer ever wants to return a product and asks to have it refunded to a gift card, watch out. It could be part of a scheme to extract some untraceable funds from a stolen credit card. What the fraudsters do is use a stolen card number to make an online purchase, then send it back for a refund on their gift card. Eventually, the payment card’s true owner will report it and request a chargeback, but the fraudster usually has plenty of time to spend or sell the gift card funds.
What merchants can do to avoid this is always insist on refunding to the original payment card. Customers may claim that they no longer have the card, but this is usually a red flag. Even if true, the funds can still be returned to the old card account and the customer can claim them from the issuer.
Gift Card Number Theft
Fraudsters can virtually print money for themselves by hacking into company gift card databases to steal card numbers and activation codes. This can be done via brute force hacking methods, malware, or using phishing or social engineering attacks against company employees.
Merchants who manage their own gift card data must make sure robust information security technology is in place to defend it against hackers, and should track gift card numbers and their usage carefully to look out for suspicious activity.
Buying Gift Cards with Stolen Credit Cards
The most widespread form of gift card fraud is also the simplest. Fraudsters simply use stolen credit card numbers to buy gift cards online and use or resell them before the merchant gets hit with the inevitable chargeback. This is one of the easiest ways for a fraudster in possession of stolen payment credentials to make a quick profit.
Merchants who find themselves dealing with this kind of fraud need to look at the software tools, operational procedures, and customer service training that is allowing fraudulent purchases to go through. Things like AVS/CVV verification, 3-D Secure, and recognizing some of the telltale signs of fraudster behavior can help you stop these transactions before they go through and become a problem.
Account Takeover Gift Card Purchases
When fraudsters gain access to a customer’s compromised store account, they may have free reign to make purchases with stored payment credentials, but often the cyberattack will be discovered before it’s too late to cancel delivery. A more reliable way for fraudsters to wring actual cash out of a stolen account is to buy mass quantities of gift cards, which can be used immediately.
It may be wise to flag accounts for review if they suddenly begin purchasing gift cards in unusual quantities.
Physical Gift Card Tampering
When you sell physical gift cards in open retail locations, you’re open to a wide range of schemes that involve tampering with them. While there are various protections set up to prevent this, most of them are relatively easy for determined fraudsters to get around.
This might involve copying one gift card’s barcode onto other cards, so that when shoppers purchase and activate the “cloned” cards, the funds go to the fraudster’s gift card. Fraudsters also copy down the card numbers and activation codes on cards still on the sales rack, using stickers to cover up any scratch-off coverings they removed. As soon as an honest customer purchases and activates one of the cards, the fraudster can start using it.
When merchants aren’t in direct control of the retail environment in which their cards are sold, it’s difficult for them to prevent this kind of exploitation. Smaller merchants may be able to be more restrictive about how and when customers have access to unsold gift cards. Consumers should be aware that it’s always safer to buy gift cards online, direct from the merchant, and that any time you buy a gift card from a retail location you should change its PIN as soon as it is activated.
Remember, a gift card security problem is a chargeback problem waiting to happen—or more likely, it’s already a chargeback problem. The customers whose payment cards get used to fund the gift cards used in these schemes are virtually guaranteed to dispute the charge sooner or later, and even the best chargeback representment strategies won’t do much to help you when true fraud is the reason.
Don’t treat gift card management like an afterthought, but subject it to information security reviews and do what you can to enable as much tracking and monitoring as you need to identify the sources of gift card fraud and take whatever action might be necessary to stop it.