Fraud Prevention

Beware of Increased Gift Card Fraud This Holiday Season

December 8, 20206 min Read

gift card fraud

Online retailers must be extra wary of gift card fraud because fraudsters will try to take advantage of the unprecedented increase in the number of online shoppers. Not only does online abuse disrupt the shopping experience of the consumers, but the brand reputation also gets adversely impacted. Online retailers must, therefore, focus adequate attention on protecting their customers and revenues from gift card fraud

Gift cards are a popular gifting option, as they save people from the hassle of choosing gifts and allow recipients to purchase items of their choice. Further, as people are still observing social distancing norms due to the coronavirus pandemic, retailers are making it convenient for the consumers by offering digital gift cards this holiday season. 

In addition to the ecommerce websites and apps making gift cards--and digital gift cards--easily available for online purchase, corporates are also driving the market growth by increasingly presenting gift cards as recognition to their employees. As a result, gift cards have become a profitable and brand-building revenue stream for retailers

According to a report, the global gift cards market size, in 2019, was $619.25 billion, which is projected to grow at a CAGR of 15.4% to reach $1,922.87 billion by 2027. Further, within the gift card industry, the digital gift cards segment is growing at a swift speed. These growing numbers are acting as a catalyst for growing gift card fraud, as fraudsters look to exploit the opportunity and make money easily.

Gift card fraud is appealing because it is easy and anonymous

Gift cards--both physical or digital--and prepaid cards have always been a favorite target among fraudsters and the coronavirus pandemic has further accelerated these attacks. The Arkose Labs Q4 2020 Report finds that there has been a recent rise in abuse in this area due to prepaid cards being used as a vehicle for government stimulus money for those who did not have bank accounts on file with the IRS. And with an unprecedented increase in the number of people using digital channels for holiday shopping, gift card fraud will receive a further boost.

With more and more consumers buying gift cards online, fraudsters have followed suit. Both physical and digital gift cards provide fraudsters with an easy money-making proposition, as the chances of prosecution are slim—owing to the low monetary value on each card. That said, while the dollar values attached to each card may be low, when committed at scale using bots, gift card fraud can run into millions of dollars. For instance, a person in Florida bought nearly 45,000 gift cards—of values ranging between $2 and $2000—using stolen credit card details and monetized them to fetch a massive $7.5 million. That's the reason the IRS calls prepaid cards the 'currency of the criminals'.

What makes gift card fraud uniquely challenging is the fact that it is difficult to trace, which affords fraudsters the anonymity to abuse them. Fraudsters use botnets to brute force attacks on gift card websites by testing thousands of card number and PIN combinations per minute. They also use bots and sweatshops to continually check the card balances and redeem them. They hack into a user account and abuse the auto-load feature to drain the account of the funds. Once fraudsters are successful in their account takeover attempts, they can redeem the credit card points into requesting for a digital gift card and escaping with the money undetected. This is because gift cards--both physical and digital--do not require the kind of authentication that a credit card or a bank account would.

Online is the flavor for gift card fraud this holiday season

Fraudsters usually steal the numbers and security codes off the gift cards in stores and wait for their activation. However, as offline stores are mostly closed this holiday season, fraudsters are taking the online route to access gift card numbers in bulk using SQL injection and social engineering. Using botnets, they are even exploiting the websites—that provide consumers with information about their card balance—to check for and drain the loaded cards. They also use social engineering to trick unassuming people into paying for fictitious items using digital gift cards. This large-scale duping of people has led the FBI to warn consumers against using their gift cards for any kind of payment.

Fraudsters have come up with novel methods to monetize the stolen gift cards. Apart from using gift cards to buy expensive items that can be resold later at a premium price, fraudsters also use certain websites and physical kiosks to convert physical and digital gift cards into cash for a small fee.

Online retailers must be extra vigilant

Gift card fraud is appealing to the fraudsters because it is as easy as stealing cash and that too without the need to go through any authentication. It not only disrupts the shopping experience of the consumers, it also damages the brand reputation of the retailer. This holiday season, online retailers must be extra wary because fraudsters will try to take advantage of the unprecedented increase in the number of online shoppers. They must focus adequate attention on protecting their customers from gift card fraud. They must deploy appropriate countermeasures that not only deter fraudsters from attempting to attack but also offer a seamless user experience. This is possible only when retailers can discern authentic users from fraudsters and use targeted friction to stop malicious users.

Arkose Labs helps leading retailers accurately identify fraudsters from authentic users by analyzing hundreds of digital parameters. Instead of blocking any user—who may potentially be a revenue-generating customer—the digital intelligence screens all users and affords them an opportunity to prove their authenticity by clearing enforcement challenges. Authentic users may not even see the challenges and continue unhindered; and those that do, can clear these user-friendly challenges in a fun way. Bots and automated scripts, however, fail instantly, as the challenges are trained against even the most advanced machine vision technology. Malicious humans are repeatedly presented with incrementally complex challenges that are designed to waste the time, effort, and resources. This depletes the returns against the investments in the attack and forces the attackers to call it quits.

To learn how Arkose Labs can help protect your customers and revenues long-term from the menace of gift card fraud, please book a demo now.