How to Identify and Protect Your Business from eCommerce Gift Card Scams

Advances in technology and digital payment options coupled with elevated post-pandemic online buying trends have given rise to a growing gift card market. Gift cards have evolved from a marginal category to a go-to solution for uninspired, non-sentimental gift-givers. According to MagePlaza, gift card sales are projected to hit $510M by 2025. 

Gift cards allow businesses to generate immediate revenue and turn customers into brand ambassadors. Consumers love gift cards for their flexibility and ease of giving, they enable shoppers to share what they love while allowing the recipient to get what they want. Unfortunately, businesses and consumers are not the only ones with a growing affinity for gift cards. 

Gift cards are notorious for their fraud appeal. The flexibility, transferability, and anonymity of gift cards make them alluring targets for bad actors. Gift cards can be used in store or online, they can be easily traded or sold, and they aren’t necessarily linked to any single individual.

While consumers are the primary target of gift card fraud, eCommerce merchants can be affected by gift card fraud losses in the following ways: 

1. A fraudster will use stolen credit card information to purchase a gift card on an eCommerce website. The fraudster will purchase the electronic gift card using the cardholder’s legitimate shipping address which will make the purchase more likely to appear legitimate. They will then use the gift card to complete a purchase on the same site, as opposed to using the stolen credit card information. Placing an order using the gift card, allows the fraudster to have merchandise shipped to an address other than the cardholder’s without raising any flags. By the time the chargeback for the purchase of the gift card comes in, the gift card, fraudster and stolen merchandise are all long gone. 

2. A fraudster can gain access to an existing customer’s account using stolen login credentials, this is known as an account takeover (ATO). The fraudster disguises themself as a returning customer and purchases a gift card through the legitimate account. In this scenario, as well as the previous one, the fraudster will likely use or sell the gift card before the unauthorized purchase is detected.   

3. An increasingly common gift card fraud scheme involves making purchases using stolen information, returning the merchandise before a chargeback is initiated, and requesting that the funds be put on a gift card. This is also a money laundering tactic as the funds on the gift cards are now clean, transferable, and untraceable. 

4. Sophisticated fraudsters may employ the use of bots to run scripts trying all possible digit combinations to guess valid gift card numbers. 

5. A hacker can gain access to an eCommerce store and generate gift cards for their own use, or to sell for profit.     

Tips to Protect Online Business from Gift Card Fraud

You can protect your eCommerce business from gift card fraud. Below are some tips and procedures to follow: 

1. Never allow a gift card to be redeemed within 12 hours of purchase. This will deter “hit and run” gift card fraud attempts.
2. It should be expected that an electronic gift card will be purchased using one email address but sent to an email address other than the cardholder’s. After all, it is a gift for someone other than the purchaser. However, care should be taken that the cardholder receives notification of the gift card at the original email address (the email address used to create the account), and if possible have the cardholder provide verification of the legitimacy of the purchase. This will help prevent gift card fraud committed through an account takeover.
3. Returns that request a refund via a gift card should be given an extra measure of scrutiny. Ensure that there are no other risk indicators linked to the customer or the original transaction details.
4. Retailers that offer gift cards should ensure their fraud prevention is equipped to handle bot attacks that input random gift card number combinations in rapid succession. This will provide protection against fraudsters running scripts to guess a valid gift card number. 
5.  Maintaining a high level of IT security is crucial to any eCommerce business, particularly a business that generates gift cards. Your internal database should be tracking all gift card numbers that are distributed and duplicates should be immediately flagged for review. Additionally, you can monitor gift card trading websites and keep an eye out for cards that can be redeemed on your site.. This can help you stay one step ahead of a fraudster selling ill-gotten gift cards to be used on your site.

Fraud is ever-evolving and your fraud detection and prevention strategies need to be that way as well. If fraud or the fear of fraud is slowing down your business development, consider outsourcing fraud prevention to a fully automated advanced full service fraud prevention solution, such as NoFraud, that can eliminate fraud and all your fraud related tasks–saving your business valuable time, resources, and money. Learn more about how NoFraud can improve your bottom line, HERE.