Gift cards are an easy, flexible option for gift-givers all over the world, but what makes them so useful also makes them easily exploited by scammers.
The number of gift cards being sold is on the rise, with U.S. online retailers selling nearly 7,000 in just the month of May in 2020. This spike is expected to be a result of Covid-19, but the numbers are still rising at more than double earlier in 2020.
Gift card fraud prevention is hugely important for retailers wanting to keep the convenience and flexibility that gift cards allow, without having to suffer through the chargebacks that happen when fraudsters exploit your systems.
It may seem like a small part of ecommerce fraud protection, but implementing gift card fraud detection systems is a significant step towards guarding against fraud.
What is a gift card fraud?
Gift card fraud involves using stolen credit card details to purchase gift cards.
Part of the reason gift card fraud is popular among scammers is its anonymity. By using credit card information to purchase a gift card, a fraudster essentially keeps stolen cash without having spent it.
It’s particularly common over peak periods. Holiday season, Christmas and Thanksgiving are all times when people do a lot of shopping, which means fraudsters can more easily hide beneath the collective weight of thousands of other shoppers.
An increase in online shopping since the COVID pandemic is widely expected to result in a spike in CNP scams, which includes gift card fraud.
How do fraudsters exploit gift cards?
When a fraudster obtains stolen credit card information, their window of opportunity to use that card closes the moment the card owner cancels it.
However, by purchasing a gift card, a fraudster can get access to large amounts of money without having to worry about when they need to spend it.
Gift card fraud schemes often target retailers that have explicit exchange policies, allowing the chance to redeem a gift card that was illegally purchased for cash. In these instances, they can be incredibly hard to catch without protection measures in place.
1. Buying gift cards with stolen payment data
This technique is easy to understand and explain. Fraudsters use stolen credit card information to purchase gift cards, which they can then resell online for cash, redeem, or exchange for money from the retailer. This is a classic example of CNP fraud.
Retailers who don’t keep a record of gift card purchases will have to pay out twice - a chargeback for the initial purchase of the gift card, and again when the gift card is redeemed.
Often there will only be a very small space of time between when the gift card is purchased and when it’s redeemed. In the mind of the fraudster, the quicker they can turn the gift card into cash or items, the better.
2. Opting for a gift card instead of a refund
This happens when a fraudster uses stolen credit card information to buy something, only to quickly cancel the purchase. Instead of getting a refund, they request the value of their purchase as a gift card.
Usually this is an ideal situation for the retailer, however in this instance it is most certainly not.
Fraudsters may actively look to exploit your enthusiasm for keeping their business through giving them a gift card. Customers would generally prefer a refund to be in cash if at all possible, so it might pay to be wary of anyone who says they’d rather a gift card.
3. Buying a gift card by taking over an account
This is a form of account takeover fraud where a fraudster gains access to the victim’s bank or online shopping account and uses it to purchase gift cards.
It’s another example of fraudsters capitalizing on a limited window of time to purchase gift cards that can be used later, and yet another instance that’s made easier when retailers don’t keep track of gift card information.
Merchants who can’t identify which gift cards were purchased in an account takeover will be left unable to trace them. In fact, these merchants can be further targeted for their relaxed approach to gift cards when fraudsters know about them.
4. Hacking into merchant accounts and stealing gift cards
There are any number of ways fraudsters can get access to a retailer’s gift cards. It can even be done in a way that the retailer never finds out they’ve been the victim of theft.
By hacking into online accounts, using phishing techniques or leveraging employees, thieves can obtain gift card information. They can even copy the information on gift cards that haven’t yet been activated and use it later, after they’ve been bought. In this instance, the scammer can use the gift card number to try and buy something each day until the legitimate customer activates it, and the scammer makes the purchase.
Tracking stolen gift cards is something that a lot of businesses fail to consider, but gift cards are essentially cash, and should be treated as such.
How can merchants prevent gift card fraud?
Gift card fraud detection requires a high level of vigilance in regard to gift card purchases and monitoring. Because the nature of gift cards make them able to be exploited by scammers, merchants do need to actively consider key steps to protecting themselves.
By taking a proactive approach, particularly around the time that gift cards were obtained, retailers can identify patterns of behavior that can suggest impending gift card fraud.
1. Keep a track of gift card data
There are some key behavioral traits that signal a gift card may be being used by fraudsters. Merchants that know what those behaviors are, and that track gift card users’ activity, have a much better chance of preventing them being used for nefarious purposes.
For example, if a gift card is activated shortly after it was purchased, that can be a sign it’s being used by a fraudster. It usually takes at least a few hours, and more commonly a few days or more, for a gift card to be given to someone, and then activated and used.
Having a stand down period where a gift card can’t be activated for a period of time after it was bought can help to protect you in this example.
2. Include stringent internal controls
Any employee that has access to gift card information or details could be exploited by scammers. That means that you should only rely on your most trusted staff to generate gift cards.
Always create gift cards in the same way. That way, if you see something has been done differently, you can investigate why and find out if something is amiss before a gift card is used improperly.
You can even design your gift card so that no employee has complete gift card information. For example, automatically generating gift card numbers instead of doing them manually. Don’t create them in ordered batches, such as 1-100, but issue them as random numbers that aren’t in a sequence.
3. Monitor brand mentions on gift trading sites
Gift card trading sites have increased in popularity in recent years, and are an easy marketplace for people to innocently swap or sell gift cards they don’t want. Sites such as Raise, Gift Card Spread and CardCash can even allow people to set prices for their gift cards.
However, they can also be used by fraudsters who’ve obtained gift cards illegally.
For example, a gift card skimmer can steal the details of a $100 gift card from your store, offer it for sale on a trading site for $75, and someone who is planning on buying something from you can buy it, essentially saving themselves $25.
4. Introduce better security protection
Your gift cards contain details that allow them to essentially be used as cash, so you should protect them as if they were.
You can explore cybersecurity systems to prevent online gift cards from being exploited by fraudsters. I.T. and data breaches can target gift card systems as an easy way to make money, but you can introduce further layers of protection against these kinds of hacks.
For example, online gift cards can be encrypted, so anyone accessing your systems faces an additional barrier to find them.
For more security tips on preventing gift card fraud, check out this link.
The whole idea behind gift cards is convenience and flexibility, and this is why fraudsters love them so much. It can be costly to your website when your gift cards fall into the wrong hands, so it’s worth taking the time to protect yourself from being exploited.
FingerprintJS can help. FingerprintJS Pro is a visitor identification service that can help websites prevent fraudulent behavior including gift card fraud. FingerprintJS Pro can flag visitors with suspicious browsing patterns to be authenticated before they make potentially fraudulent purchases.
Not only that, but we monitor the latest trends and update systems to protect you against any new scams or methods of fraud that can otherwise place you at risk.