Little Gift Cards, Massive Fraud Threat

Secure gift cards to ensure happy customers and an increase in revenue this festive season

digital gift card

Gift cards are a hot gifting option this holiday season, as they save the hassle of finding the perfect gift for each individual; and recipients can use gift cards to buy what they want or need. The gift card industry is expected to grow to about $750 billion by the year 2026, according to Research and Markets report.1 And, as customers prefer the convenience of online shopping, the sale of digital gift cards has seen an expressive increase in recent years. CardCash reports digital gift cards are the fastest growing segment of the gift card industry, registering an annual growth rate of 200%, as against 6% growth of physical gift cards.2

 It’s All About Money

Where there is money involved, can the fraudsters be far behind? The festive season provides fraudsters with massive opportunities to buy themselves ‘gifts’ and make unsuspecting customers pay for them.

The low dollar amounts associated with gift cards make them an attractive proposition for fraudsters, because that reduces the chances of prosecution. In a reported incident, a fraudster bought approximately 45,000 gift cards (both in person and online) and monetized them to the tune of $7.5 million.3 So, even though dollar values on individual gift cards are low, the scale of fraud can be massive. Furthermore, gift cards do not need a physical delivery address. As a result, fraudsters face lower risk as their actual location can never be determined.

Who Moved My Card

Gift card frauds are easier to commit and can be monetized fairly quickly. In its simplest form, a fraudster takes the cards off the rack in a store, writes down the card numbers (or skims the numbers using a magnetic stripe reader), scratches off the decals to steal security codes, and replaces the decals with the ones available cheaply online. When customers buy these compromised gift cards and load them with money, fraudsters are automatically alerted through a software that keeps track of when the cards get activated. Fraudsters then monetize the cards or encode the details of the compromised cards to other cards and use them to buy stuff. Some gift cards come with an auto-load feature. When fraudsters get access to such auto-load cards, they can wipe clean the associated account of all the available funds.

Now that retailers have beefed up in-store security through video surveillance, fraudsters have taken the online route. They access gift card numbers in bulk through phishing, SQL injection, and social engineering. Some even go to the extent of creating fraudulent websites similar to those that offer visitors free gift cards for viewing ads or completing certain surveys. Fraudsters use these fake websites to harvest customers’ personal details such as phone numbers and email addresses. At times, customers are asked to download an app for details of the offer, which is actually infested with malware and sends customer data to fraudsters. This increases susceptibility to one of the latest and most vicious threats—account-takeover.

Fraudsters are also targeting the websites that provide customers with information about their gift card balances. Using botnets on hacked networks of PCs—and recently IoT devices— fraudsters can automatically skim through millions of gift card details to access the loaded cards. Since botnets mimic genuine human browsing behavior, fraudsters sail through undetected as genuine visitors.

Gift cards are also used to monetize value from other hacked accounts, such as credit card rewards programs or hotel points. Fraudsters use stolen credentials or malware to access details to a person’s credit card rewards program. Since fraudsters can neither redeem the reward points for items (that are delivered to customer address) nor get cashback (which is usually credited back through the statement), they opt for digital gift cards loaded with the dollar amount equivalent to the reward points. They get the gift card number instantly that can then be converted to cash just as quickly.

Stuffing the Stocking

To monetize their exploits, fraudsters use websites that convert gift cards into cash for a fee (say 30-40% of the card value). Similarly, physical kiosks are also available for conversion purposes. Some fraudsters sell the gift card details on the dark web, while others post a fictitious item—which they do not possess—for sale on an online marketplace or auction website. Items are usually expensive and offered at bargain prices. Fraudsters use social engineering to gain trust on the pretext of losses suffered through chargebacks and ask buyers to share gift card info for payment. The fraudster either uses the money on the stolen gift card to place an order with a retailer and has the item shipped directly to the buyer, or worse, leaves the buyer waiting endlessly for the item that would never arrive. The menace of requesting gift cards as payment has prompted FBI to warn customers against paying for any goods/services through gift cards.4

Get Up, Gear Up

Gift cards are a promising business that help retailers increase revenue and customer retention. Ensuring security of gift cards is, therefore, important to protect both retailers and their customers from fraud. The holiday season is right upon us and customers will flock to buy gift cards. It’s high time for retailers to gear up for greater business success by securing gift cards from potential fraud and stopping fraudsters from ‘gifting’ themselves at the expense of the customers.

Schedule a demo to know how Simility can help you address the fast fraud associated with the digital goods such as gift cards.  

1. The Global Gift Cards Market 2018-2026, Research and Markets,—increasing-demand-for-gift-cards-in-the-corporate-sector-300666385.html.
2. Gift card statistics 2017.
3.The Idiot’s Guide to Laundering $9 million. Forbes.
4.Beware of Gift Card Scams.
Vanita Pandey

Vanita Pandey

Vanita Pandey | Former Vice President of marketing and product strategy at Simility. In this role she was responsible for establishing Simility's brand, driving Similty's go-to-market strategy as well as product and market positioning.
Vanita Pandey