Gift Cards are already extremely popular in various regions around the world and are still finding new markets. Gift cards are great for sales and marketing, but unfortunately fraudsters love them too. The world has already encountered millions of gift card fraud attempts, so why not learn from the experience of others if you’re thinking about offering a gift card program in your eCommerce or Digital Goods & Services business?
Use what you already know to design a secure gift card environment
If you’re creating a new space for gift cards within your business, make sure that you are able to connect and leverage all of the processes that you’ve already created... If you already have some knowledge about your customers---purchase history, personal information, typical payment type, business info---make sure that the team that is responsible for the gift cards program has access to data about the customers. If you have the ability to join the data about the purchased gift card with the customer history that you already have, use that. If you already have some rules about fighting credit card fraud, then look at them and choose the ones that are not directly connected to the cards themselves, and implement them in your gift card space. You already have extremely valuable knowledge to fight fraud. Some of it is transferable. To be able to do that, it’s great to be able to think about the differences---what you do have from your other systems that you can leverage and what is new and unique in your new gift card environment. Of course a possible wonderful outcome of this exercise could be that you learn something new that can be adapted to your whole environment of assessing your fraud risk.
Types of gift card fraud
Gift Card fraud is so popular around the world that Google has a support page for it. So does Apple. It’s best to learn about the types of gift card fraud that are out there. Of course we talk about it on our blog, but there are so many fraud prevention resources out there as well---the Merchant Risk Council, The Paypers, About-fraud.com just to name a few.
Social engineering and manipulation. Here are some popular social engineering and manipulation scams: A fake CEO emails an employee of a company. It’s easy to get the CEO’s email address (and/or the office manager, for that matter) and contact info since they’re public figures. The fraudsters create a fake email asking for the following: “I need this purchase very quickly, please use the company card to buy 10 gift cards and send me their numbers.” Of course it doesn’t work 100% of the time, but it’s a numbers game. This type of fraud is hard to detect right away---the scams are identified only after someone does the accounting and they see there was money taken out of the cards. Scammers will call random people and claim to be a representative of a government agency, claiming that money is owed for taxes or debts. The scammer will say that the only way to avoid prison is to pay the debt off with gift cards. Or a scammer claims to be a family member in trouble, an attorney, or other representative of your family member. The scammer tells you that they need to be paid in gift cards in order to remedy the situation and may deter you from contacting the family member to verify the claim. This type of scam is often used in conjunction with WhatsApp in Brazil at the moment.
Physical gift card tampering. Compared to other payment methods, the chances are higher of a fraudster having physical contact with a gift card. Gift cards are often made available for purchase in a variety of brick-and-mortar stores. Scammers have a range of tools that they can use to get access to the information on the gift cards, even if the cards are nicely packaged. In contrast, people rarely make their credit cards available to random people (or even their loved ones, in some cases) unless they’re stolen.
Account Takeover (ATO). Some fraudsters will take advantage of the lesser security around gift cards to break in and transfer balances of nearly depleted cards and collect the money for themselves. They might gather 5,000 cards with $5 balances on them. Stolen account login credentials are available on both darknet and clearnet sites.
Buying gift cards with stolen credit card numbers. This is probably the most widespread form of gift card fraud, and also the simplest. Fraudsters that purchase stolen credit card numbers on the dark web are under a time crunch to quickly use the cards before they’re caught. The merchant gets hit with the inevitable chargeback, wasting time and money.
Gift cards are not credit cards
Gift cards are not credit cards; it’s helpful to consider the differences and then adapt your strategy accordingly. The first thing that is important in the credit/debit card space is BIN data, which tells you the issuer of the card, the level of the card, and from which country the card was issued. This is important knowledge that we always use whether assessing something is fraud or not. It’s a collection of knowledge that you’re missing with gift cards. Unlike credit cards, gift cards are a closed loop system that includes just the purchaser and user. In a credit card system, there are additional players involved, including the PSP, Acquirer, Card Scheme, and Issuer, each of which have their own fraud teams and support systems. Gift cards usually have smaller amounts of money behind them, which makes it a different environment. You know that the gift card environment is making fraudsters to be far more diversified in approaching you---they have to create multiple digital identities to make it look like there are many new users using multiple gift cards on your site. Every attempt needs to be far more unique than in the case of credit cards.
Gift Cards are a great way to promote your products and services! Unfortunately, Gift Cards are also popular with fraudsters all over the world. To launch the best possible Gift Card program in your business, be sure to learn from the experiences of companies that have already dealt with the problem, partner with fraud specialists, automate fraud prevention work wherever you can, and of course use the knowledge and experience you already have.