Gift Card Fraud Prevention Methods & Solutions for 2023
Gift cards can be a blessing for businesses. They’re super convenient for customers, allowing them to spend without having to use cash or credit cards. They’re great for gift-givers, too—buying for “the person who has everything” is much easier when you let them make the purchase decision themselves.
And for businesses, there’s plenty of positives, too: increased footfall in stores, more engaging loyalty programs, and happier customers, for example. Prepaid gift cards remain in-demand all throughout the year, not just through each major holiday season.
But they do have their downsides.
Gift card fraud is a growing problem for businesses, as tech-enabled fraudsters continuously find new and creative ways to exploit their vulnerabilities.
Below, we’ll explore the scale of the problem, how a gift card scam works, how you can detect potential gift card fraud, and how you can prevent them. And if the worst happens, there are steps you can take to minimize the damage and prevent it happening again—we’ll take a look at those too.
How does gift card fraud affect your business?
Gift card fraud is a practice that involves the unauthorized use of someone else’s gift card to make purchases. Gift card fraud is perpetrated through various methods, like stealing physical cards, card cloning, using stolen account data, or using counterfeit cards.
The prevalence of gift card fraud has seen a steep rise in recent years, driven by various economic, social, and technological factors.
Firstly, legitimate use of gift cards has risen. The massive rise of e-commerce activity through the pandemic, alongside a reduction in physical retail, meant that more gift cards were sold to customers. The global gift card market was worth $295 billion by the end of 2020. In the US, more gift cards were sold between Black Friday and Christmas Eve than any of the previous three years. Customers are also buying cards of higher value than ever before.
But alongside these shopping trends, criminals have developed new methods and shifted their focus.
Thanks to various fraud prevention tools, credit cards are becoming more secure, which means criminals increasingly attempt their schemes through gift cards instead. They have a reputation as being easier to abuse, and safer for the criminal. There’s no personal information attached, and their fraudulent purchases are harder to trace. Gift card trading sites are becoming more common, meaning both consumers and criminals can buy gift cards online easier than ever before.
So it’s all the more important to keep your guard up. That said, why is it such a problem for businesses?
Gift card fraud can be seriously costly for business owners. While the victims are primarily customers, it often results in chargebacks to merchants when a dispute is raised. This can make for eye-wateringly high refund rates if the problem isn’t contained.
This loss of revenue goes alongside likely reputation damage. A single bad customer experience can cause a negative online review—and more than a few of those can be seriously difficult to come back from. You don’t want to be known as a business that’s risky to buy from.
How does gift card fraud work & why is it so successful?
There are different types of gift card fraud, depending on the intention of the perpetrator.
One type involves using gift cards to effectively make money from stolen credit card numbers. Fraudsters will use a stolen credit card to purchase a gift card, and then use the gift card to make purchases. The merchandise they buy can then be sold for cash.
Vulnerabilities on the merchant side can be exploited, too. Fraudsters can use carding to test different gift card numbers on your payment system to find one that works. If your gift card codes are numerical strings without many digits, they’ll be relatively easy to guess with the right software—so criminals will be able to use your gift cards without paying for them. While it doesn’t always directly result in a loss of revenue, carding can harm your online infrastructure while automated bots hammer your systems with thousands of different guesses. If the influx of traffic from automated threats like carding isn’t mitigated, your e-commerce store can go down for a few hours or longer—meaning a lot of lost sales.
Finally, gift card resellers can be victims of fraud, too. If someone tries to sell an unwanted gift card, fraudsters can use deception and social engineering methods to trick them into giving cards away without receiving payment.
See DataDome in Action
5 Common Types of Gift Card Fraud and How to Detect Them
1) Account Takeover Fraud
Account takeover (ATO) fraud occurs when a fraudster is able to gain access to login credentials for an account, and uses it to purchase gift cards. It’s an attractive method for criminals, because digital gift cards can be delivered immediately and used straight away.
How It’s Detected:
To detect account takeovers, a system needs to look at where the login is coming from, and whether the behavior is unusual for the account. This means considering the IP address, device and browser types, and location. Using cybersecurity software that can look at large amounts of connection data and spot suspicious patterns (preferably using machine learning to do so quickly) is the best way to do this.
2) Bots Brute-forcing Card Numbers
Another way that criminals steal digital gift cards is by using bot networks to brute-force guess card numbers until they find one that works. It’s a double threat for companies: not only can gift cards be stolen, but your online services can crumble under the weight of bot traffic, impacting your ability to serve legit customers.
How It’s Detected:
This activity is typically detected by looking at connection data and identifying patterns that look suspicious. These could include abnormally high page views, unexpected traffic spikes, or unusual session durations. While some bots are used for innocent activities like search engine indexing, price tracking, or site monitoring, plenty of bot traffic is harmful. This isn’t really something that you can scale manually, so you’ll have to use bot detection software.
3) Card Not Present Fraud
Card not present (CNP) fraud occurs when a criminal uses someone’s credit card information to buy a gift card without having the payment card at hand. The merchant unknowingly processes the unauthorized payment—and since the victim still has the payment card, they don’t spot the theft until they check their statement or see a notification from their banking app. They’re likely to trigger a chargeback, which the merchant will have to pay for.
How It’s Detected:
Detecting CNP fraud mostly involves looking at lots of customer and transaction data to identify patterns in behavior. Look for unusual activity in customers’:
- Location
- Spending amounts
- Spending patterns
- Login activity
- Personal information
- IP address
- Use of proxies and VPNs
- Browser and device fingerprints
To do this at scale, you’ll need to use a cybersecurity platform to monitor transactions.
4) Gift Card Refund Fraud
Gift card refund fraud occurs when a gift card scammer returns an item that they’ve bought with a stolen payment card, claiming it’s faulty or unwanted. They then ask for the refund as store credit on a gift card, which they’ll spend immediately. This all takes place before the legitimate cardholder realizes they’ve been stolen from.
How It’s Detected:
Again, unusual customer behavior is something to watch. For example, if a customer returns multiple items within a short period, that could be a sign of refund fraud. But sometimes the individual cases are hard to spot, and you have to consider the bigger picture. Are returns higher than usual? Are refunded gift cards being spent unusually quickly? Are individual people asking for refunds onto multiple gift cards? If so, it might be time to revise your store policy to make this type of fraud harder.
5) Physical Tampering
Selling physical gift cards in stores can leave you open to fraudsters who tamper with them. One way they do this is by copying the barcode onto other cards, so when consumers buy and activate the copied cards, the criminal can spend it themselves. Another way is by noting down the gift card number, leaving them on the shelf and covering them up with stickers or hiding them behind other stock.
How It’s Detected:
This type of fraud is usually only detected when customers come to redeem their cards and they don’t work. By then, the criminal is long gone and you’re left with an irate customer. Or a staff member might look closely at their stock and realize the gift cards have been altered—by which time, it might be too late.
How Businesses Can Prevent Gift Card Fraud in 2023
There are some really effective methods that businesses can use to help prevent gift card fraud, including:
1) Strengthen Return Policies
For scams involving returns and refunds, it’s important to set limits to prevent exploitation. Merchants can avoid gift card return fraud by only sending refunds to the same payment card the customer initially bought with. While this can be a minor inconvenience for legitimate customers, it can help prevent large-scale losses from determined cheats.
2) Have Stricter Gift Card Activation Rules
The best way to combat physical tampering is by having a policy that interrupts card activations. You could order that cards only be activated in the presence of a staff member. They can check the cards before they’re activated and make sure they haven’t been tampered with. You could also require ID or personal information with all physical gift card purchases, although some consumers wouldn’t be comfortable with this.
3) Require Strong Authentication for All Account Activity
This is especially important to prevent account takeover attempts. Use strong authentication methods including SSL, encryption, and CAPTCHA to reduce brute-force access attempts. Two-factor authentication will also help prevent account intruders. These methods should be combined with clear customer messaging to educate them on best practices for keeping their accounts safe.
4) Limit the Purchase of Gift Cards
Criminals often work in bulk, so reducing the amount of gift cards sold per customer (or per transaction) can slow down the rate of fraudulent activity. If someone’s repeatedly buying high-value gift cards, it could be a sign of something suspicious, so you may want to limit their account or IP address.
5) Don’t Take Gift Card Payments on Guest Checkouts
If you have a guest checkout system, you’re usually kept safe from most fraud by your payment gateway. But gift cards don’t have safeguards, so you could require a customer make an account with you before purchasing a gift card.
6) Use Fraud Prevention Software
Using a powerful cybersecurity platform is key for complementing your commercial measures. There are various fraud prevention tools out there, but you’ll want to choose one that offers both real-time and predictive analytics to give you the most comprehensive view of your data. Datadome is one such fraud prevention program that helps prevent bot-driven online fraud.
See DataDome in Action
How to Respond to Gift Card Fraud
For individual cases of gift card fraud, there’s not a lot you can do. Most of the time you can report it to your local law enforcement’s economic crime division, but you’ll likely just have to mark it down as a loss.
You’ll want to keep your customers happy and do your best to make sure you don’t leave them out of pocket if, for instance, they purchased a gift card that was already used by a fraudster. You’ll have to use your judgment on what’s appropriate compensation. It’s worth considering the lifetime value of a loyal customer and weighing it against the short-term revenue you’d protect by not refunding them.
A loss event serves as an opportunity to evaluate and strengthen your defenses. You might call it a one-off, but has it revealed a vulnerability in your gift card system? If so, it might be time to intervene.
Now’s your chance to reevaluate your policies, train your staff, educate your customers, and invest in technical solutions to strengthen your systems.
Preventing Gift Card Fraud with DataDome
One way to help protect your business from gift card fraud is by using DataDome. DataDome is a bot and fraud prevention cybersecurity platform. It keeps online services, businesses and organizations safe using AI and machine learning to keep out malicious intrusions and prevent fraud.
You can see it in action by booking a free demo.
FAQs
Can gift cards be traced?
Yes, depending on the seller and what detection methods they have in place. While most gift cards don’t require personal information to buy, retailers can keep records of when and where each card was bought. So if a serious crime occurs, gift card data can be traced back to a physical store. Online stores can also build custom systems for tracing gift card purchases, although it can be a little more complex.
How do you stop gift card fraud?
There’s no single solution to stopping gift card fraud, as there are multiple ways in which it’s performed. So you’ll need a range of measures that include retail policy, customer information gathering, and cybersecurity software to monitor and stop fraudulent activity.
How can I help my customers avoid gift card fraud?
Education is one of your best bets. Make sure your customers are aware of the signs of gift card fraud and know what to do to stay safe. Share your tips through blog posts, add them to your email newsletter, or spread the word on your socials for widespread coverage. You can also put up signage in your retail store near the gift cards, teaching customers how to avoid fraud.
*** This is a Security Bloggers Network syndicated blog from Blog – DataDome authored by DataDome. Read the original post at: https://datadome.co/threats/gift-card-fraud-prevention/