Detecting and preventing eGift card fraud

Most small business owners love the idea of gift cards — and for good reason.

• Each card in circulation represents money already spent. You’ve made the sale, and you’re simply waiting for the card recipient to redeem for products or services. 
  
• Gift cards can be a good way to increase brand awareness and expand your reach to new customers who may not have previously purchased from you.
  
•  While a gift card may be set to a specific dollar amount, oftentimes customers end up spending more once they browse your shop or your website.

When dealing specifically with electronic gift cards (aka eGift cards), everything is automated. There’s no need to buy, print, mail, or collect any physical cards on your end. Customers can purchase eGift cards through your website or mobile app and have them emailed or texted to their recipients. Digital gift cards provide an easy gift-giving solution for last-minute shoppers, family and friends who don’t live near each other, or any hard-to-buy-for person.

These benefits explain why 60% of gift cards purchased annually are digital. However, all that growth also attracts unwanted attention from cybercriminals. As a small business owner, it’s important to take proactive steps to help protect your business from this type of fraud and abuse.

The rise of eGift card scams

The convenience that makes eGift cards so popular among consumers and merchants alike also attracts criminals. In fact, gift card scams accounted for $148 million in losses in the first nine months of 2021. 

Below are some of the more common methods criminals use to defraud businesses and consumers who rely on electronic gift cards.

• Using stolen credit card data to buy legitimate gift cards before selling those electronic cards on the open market

• Using stolen credit card data to make legitimate retail purchases before exchanging these items for gift cards or store credit

• Using automated bots to scan for activated gift cards from retailers; whenever there’s a balance, the bots can make fraudulent purchases using the stolen payment information

• Putting “fake” gift cards on auction sites; unsuspecting consumers buy these cards only to learn that they can never be activated

• Putting real gift cards on auction sites with incorrect values. Consumers buy a $50 card before learning the true value is only $5

Sometimes, criminals will contact customers pretending to be the IRS or some other government agency issuing a fine. To pay off the fine, the user must purchase a gift card from a retailer and send the card number back to the “IRS” (a.k.a., the criminal).

Although there are many variations of these scams, you and your business suffer the consequences, since you’re stuck honoring gift cards that should never be in circulation. In other words, you lose inventory, and you never collect the money. You might also end up processing refunds and chargebacks for gift card purchases of unknown origins. 

All of the above is a major problem with “open loop” cards that can be used at numerous locations. However, it’s can be an even bigger issue with “closed loop” cards that are only usable at your store. This is because eGift card criminals often target smaller merchants who lack the resources to protect themselves. 
Yet, even on a budget, you can use detection and prevention methods to help reduce your exposure and minimize gift card scams within your store.

1. Electronic gift card fraud detection

Detecting gift card fraud can be tough. Fortunately, there are a number of telltale signs that can help make catching criminals in the act a little easier. 

For starters, most eGift cards are attached to an email address and name. Lazy criminals often use nonsensical names and alphanumeric email addresses that are easy to spot. Thus, if you ever see someone who goes by Mr. MaIgg7J aGFT3al with the address ghf&65sh@gmail.com, you should flag that purchase until you’ve had a chance to inspect it more closely. 

In addition, criminals often test stolen credit cards by making smaller back-to-back purchases, confirming a card is active. Once confirmed, they tend to purchase gift cards in small denominations to avoid detection. 

There is a huge secondary market for unused gift cards. This means recipient email addresses and names change frequently, even if the exchanges are happening between legitimate buyers and sellers. What’s more, criminals are getting really good at exploiting these eGift card transfers. 

Because of the inherent limitations of detection, focusing your efforts on prevention may be the better strategy. 

2. Electronic gift card fraud prevention

One of the most important steps in gift card fraud prevention involves shoring up your payment environment. If you or your payment processor don’t follow and comply with the latest PCI compliance security standards, you may be exposed to all kinds of fraud, including gift cards and credit cards, and run the risk of racking up penalty fees, in addition to other financial losses that could result from a breach. 

The same goes for installing updates, patches, and virus protection software. Criminals tend to exploit vulnerabilities in your IT infrastructure. If your system is unprotected, you’re putting your company’s data and your customers’ information at risk. 

IT security should also extend to the passwords you and your employees use. If even one team member uses an insecure password such as “password1234,” your entire operation may be at risk, including your eGift card program.

Every employee should use alphanumeric passwords that are difficult for thieves to guess and more challenging for bots to decode. Unfortunately, these are also much harder to remember, but free password management tools can help.

Additional ways to help protect your business include:

• Disallowing guest checkout options for gift card purchases; customers must register with a verifiable email before buying anything

• Limiting the number of transactions or gift card purchases that any one customer can buy (per unit of time) to help prevent criminals from testing cards and making fraudulent purchases

• Adding CAPTCHA to your checkout page to prevent bots from automatically depleting your customers’ gift card balances

• Implementing two-factor authentication (2FA) for all employee and customer logins; like CAPTCHA, 2FA can help slow down automated bots

Finally, consider removing sensitive data from your environment and using a payment processor that specializes in cybersecurity to host it. Additionally, all transactions should be encrypted and tokenized.

Want to learn more?

Given all of the benefits gift cards offer, finding ways to help detect and prevent physical and eGift card fraud can help boost sales and increase customer confidence in your brand.

To learn more about our gift card program and our payment security solutions, contact a Clover Business Consultant today.

Editorial Team

Gift cards, Insights, Security

Related Posts

Security

How secure are NFC payments?

Short for “near field communication,” NFC allows devices in close proximity to wirelessly transfer data back and forth. The technology is very... Read more

Payments & processing

Differences between prepaid, debit, and gift cards

The remainder is spread across debit cards, prepaid cards, and gift cards. While these other payment options are often used interchangeably, there... Read more