Most small business owners love the idea of gift cards — and for good reason.
When dealing specifically with electronic gift cards (aka eGift cards), everything is automated. There’s no need to buy, print, mail, or collect any physical cards on your end. Customers can purchase eGift cards through your website or mobile app and have them emailed or texted to their recipients. Digital gift cards provide an easy gift-giving solution for last-minute shoppers, family and friends who don’t live near each other, or any hard-to-buy-for person.
These benefits explain why 60% of gift cards purchased annually are digital. However, all that growth also attracts unwanted attention from cybercriminals. As a small business owner, it’s important to take proactive steps to help protect your business from this type of fraud and abuse.
The convenience that makes eGift cards so popular among consumers and merchants alike also attracts criminals. In fact, gift card scams accounted for $148 million in losses in the first nine months of 2021.
Below are some of the more common methods criminals use to defraud businesses and consumers who rely on electronic gift cards.
Sometimes, criminals will contact customers pretending to be the IRS or some other government agency issuing a fine. To pay off the fine, the user must purchase a gift card from a retailer and send the card number back to the “IRS” (a.k.a., the criminal).
Although there are many variations of these scams, you and your business suffer the consequences, since you’re stuck honoring gift cards that should never be in circulation. In other words, you lose inventory, and you never collect the money. You might also end up processing refunds and chargebacks for gift card purchases of unknown origins.
All of the above is a major problem with “open loop” cards that can be used at numerous locations. However, it’s can be an even bigger issue with “closed loop” cards that are only usable at your store. This is because eGift card criminals often target smaller merchants who lack the resources to protect themselves.
Yet, even on a budget, you can use detection and prevention methods to help reduce your exposure and minimize gift card scams within your store.
Detecting gift card fraud can be tough. Fortunately, there are a number of telltale signs that can help make catching criminals in the act a little easier.
For starters, most eGift cards are attached to an email address and name. Lazy criminals often use nonsensical names and alphanumeric email addresses that are easy to spot. Thus, if you ever see someone who goes by Mr. MaIgg7J aGFT3al with the address firstname.lastname@example.org, you should flag that purchase until you’ve had a chance to inspect it more closely.
In addition, criminals often test stolen credit cards by making smaller back-to-back purchases, confirming a card is active. Once confirmed, they tend to purchase gift cards in small denominations to avoid detection.
There is a huge secondary market for unused gift cards. This means recipient email addresses and names change frequently, even if the exchanges are happening between legitimate buyers and sellers. What’s more, criminals are getting really good at exploiting these eGift card transfers.
Because of the inherent limitations of detection, focusing your efforts on prevention may be the better strategy.
One of the most important steps in gift card fraud prevention involves shoring up your payment environment. If you or your payment processor don’t follow and comply with the latest PCI compliance security standards, you may be exposed to all kinds of fraud, including gift cards and credit cards, and run the risk of racking up penalty fees, in addition to other financial losses that could result from a breach.
The same goes for installing updates, patches, and virus protection software. Criminals tend to exploit vulnerabilities in your IT infrastructure. If your system is unprotected, you’re putting your company’s data and your customers’ information at risk.
IT security should also extend to the passwords you and your employees use. If even one team member uses an insecure password such as “password1234,” your entire operation may be at risk, including your eGift card program.
Every employee should use alphanumeric passwords that are difficult for thieves to guess and more challenging for bots to decode. Unfortunately, these are also much harder to remember, but free password management tools can help.
Additional ways to help protect your business include:
Finally, consider removing sensitive data from your environment and using a payment processor that specializes in cybersecurity to host it. Additionally, all transactions should be encrypted and tokenized.
Given all of the benefits gift cards offer, finding ways to help detect and prevent physical and eGift card fraud can help boost sales and increase customer confidence in your brand.
To learn more about our gift card program and our payment security solutions, contact a Clover Business Consultant today.CONTACT SALES