Stored Value Cards & Fraud
Stored-value cards are one of the most popular holiday purchases and remain in demand throughout the year. They offer a convenient way to give a desirable gift to just about anyone, and they can be sent to the recipient through a simple email.
Unfortunately, fraudsters are attracted to stored-value cards as well. They employ various schemes to exploit the limited security features of these cards compared to modern credit cards. Many of these schemes lead to chargebacks, leaving merchants responsible for the losses. However, there are measures that merchants can take to protect themselves and minimize revenue losses.According to a market research report, the estimated value of the US stored-value card market is $162 billion. Some reports suggest that the global market could be as high as $778 billion.
It's understandable why merchants would want to offer stored-value cards. They are in high demand, boost sales, and serve as effective marketing tools. However, it's important to recognize that stored-value cards also have downsides.
Stored-value card fraud poses a growing threat to both merchants and consumers. To safeguard themselves and their customers, merchants need to be aware of the risks and implement strategies to mitigate them.
Why Is Stored-Value Card Fraud Growing?
The increase in overall stored-value card sales contributes to the rise fraud. Wherever there is money involved, fraudsters are likely to follow. Another factor is the enhanced security of credit card payments, making stored-value cards a more appealing target.
The COVID-19 pandemic accelerated the growth of e-commerce, leading to a surge in online stored-value card purchases. More people sought an easy way to send gifts to friends and family they couldn't meet in person, and shipping delays made traditional gift purchases less attractive.
Following the initial spike, stored-value card purchases have continued to rise, attracting fraudsters looking to exploit this growing payment method.
At the same time, credit card payment security has improved. Merchants now employ fraud prevention tools like Address Verification System (AVS) and risk scoring to combat credit card fraud. Unfortunately, these tools often rely on customer information that is not available for stored-value card transactions.
For instance, AVS verifies the customer's identity by requesting their billing address. Unless merchants require the purchaser of a stored-value card to provide the recipient's billing address, which they may not even know, AVS cannot authenticate a stored-value card transaction.
What Types of Stored-Value Card Fraud Exist?
Common types of stored-value card fraud include refund fraud, card number theft, account takeover, and physical tampering. Stolen credit cards are also used to purchase stored-value cards since they are easier to convert to cash compared to most products.
Stored-value cards fall into two categories: open-loop cards, which can be used with any merchant (e.g., Visa or Mastercard), and closed-loop cards tied to a specific merchant. The information provided here applies to both types.
Stored-value cards are typically not tied to individual identities, making them hard to trace, easy to convert to cash or resellable goods, and widely available. Moreover, they are not subject to the same extensive regulations as credit and debit card transactions, making them attractive targets for fraudsters. As a result, a variety of scams have developed around stored-value cards. Here are the main ones you should be aware of, along with some advice on how to protect yourself:
Stored-Value Card Refund Fraud
Fraudsters use stolen card numbers to make online purchases, return the products for a refund, and request the funds to be transferred to a stored-value card. Eventually, the true owner of the payment card will report the unauthorized transaction, resulting in a chargeback.
Merchants lose the transaction amount, chargeback fees, and hidden costs, while fraudsters obtain a usable or sellable stored-value card. Merchants can avoid this by insisting that funds be returned to the same payment card used for the purchase, even if customers request a refund to a stored-value card.
Stored-Value Card Number Theft
Fraudsters can gain access to a company's stored-value card database and steal card numbers and activation codes. This can be achieved through brute force hacking methods, malware, phishing, or social engineering attacks against company employees.
To prevent this, merchants must employ robust information security technology, track gift card numbers and their usage diligently, and provide cybersecurity awareness training to all employees with access to company systems.
Purchasing Stored-Value Cards With Stolen Credit Cards
This is the most common form of stored-value card fraud. Fraudsters use stolen credit card numbers to buy stored-value cards online and utilize or resell them before the merchant detects the fraud and receives a chargeback.
Merchants should examine their software tools, operational procedures, and customer service training to prevent such fraudulent purchases. Employing fraud detection tools, verification methods like AVS/CVV, recognizing fraudster behavior patterns, and utilizing machine learning can help prevent these transactions.
Account Takeover for Stored-Value Card Purchases
Fraudsters who gain access to a customer's account can make purchases using stored payment credentials. While this type of fraud is often identified before merchandise is shipped due to confirmation emails, fraudsters can secure cash by purchasing large quantities of stored-value cards. Merchants should implement systems to flag large or repeated stored-value card purchases for review.
Physical Stored-Value Card Tampering
Merchants selling physical stored-value cards in retail locations face the risk of tampering schemes. Fraudsters may copy the magnetic stripe data of one card onto another, allowing them access to the funds when customers purchase and activate the cloned cards.
Additionally, fraudsters may copy down card numbers and activation codes from unsold cards on display racks, covering up any scratch-off coverings they remove. Once an honest customer purchases and activates one of these tampered cards, the fraudster can immediately use it.
Merchants have limited control over retail environments where their cards are sold, making it difficult to prevent such exploitation. However, they can be more restrictive about customer access to unsold gift cards and educate customers about the benefits of purchasing gift cards online directly from the merchant.
How Can Merchants Prevent Stored-Value Card Fraud?
To prevent stored-value card fraud, merchants should consider the following measures:
- Utilize effective fraud detection tools to block fraudulent stored-value card purchases.
- Implement limits on large or repeated stored-value card purchases.
- Establish a system to track individual stored-value cards.
Given that stored-value cards are a common target for fraudsters, merchants may choose to require additional authentication steps for stored-value card purchases. It is also advisable to block or require additional authentication for purchases above a certain amount or when multiple stored-value cards are purchased with the same payment card or from the same IP address.
To gather additional customer information, merchants may require recipients of stored-value cards to create an account before using them.
While broader implementation of this requirement may raise concerns about cart abandonment, it is not an issue with closed-loop stored-value cards.
Merchants should be able to link chargebacks on stored-value card purchases to specific gift card numbers and either block or void the balance on the card. It's important to note that gift card laws vary by jurisdiction, so compliance with local regulations is crucial.
Stored-Value Card Fraud Leads to Chargebacks
It's essential to recognize that a stored-value card security problem is a chargeback problem waiting to happen or may already be occurring. Customers whose payment cards are used to fund fraudulently obtained stored-value cards are likely to dispute the charges, and chargeback representment strategies may have limited effectiveness against true fraud.
Therefore, merchants should prioritize stored-value card management and conduct information security reviews. Tracking and monitoring systems should be in place to identify the sources of stored-value card fraud, enabling necessary actions to prevent and mitigate such fraud.
In cases where merchants struggle to prevent stored-value card fraud or other chargeback issues, engaging a chargeback management firm can provide assistance in setting up appropriate anti-fraud measures and combating chargebacks effectively.