Digital gift cards (or e-gift cards) are an easy, convenient method of gift giving. And at an annual growth rate of 200%, they’re the fastest growing segment of the $127 billion gift card industry. But as with many emerging technologies, particularly those involving instant delivery or action, fraudsters have found ways to exploit digital gift cards and scam unsuspecting victims.
What makes digital gift cards such attractive targets for fraudsters?
Cybercriminals capitalize on the speed of delivery of digital gift cards to commit various crimes, from testing stolen credit card information to buying gift cards en masse using said stolen information to resell online. Many online and mobile merchants don’t have security systems that are equipped to prevent fraud as fast as fraudsters can steal. This makes digital gift card sales a breeding ground for thieves looking to make a literal quick buck.
The fact that e-gift cards don’t get shipped to a physical address reduces the risk of a fraudster’s location being revealed. And when they’re resold for cash in online marketplaces, it becomes almost impossible to trace the transaction back to the fraudster.
As a result, despite growing customer demand for digital gift cards, many merchants are still hesitant to offer them. They’re stuck between a rock and a hard place: if they offer digital gift cards, they risk increasing fraud rates. If they don’t offer them, they risk disappointing customers who expect them as a gift-giving option.
What are some common ways fraudsters exploit digital gift cards?
Profiting from credit card theft. Digital gift cards are the perfect way for cybercriminals to utilize stolen credit card information: delivery is instantaneous, and they can either be spent immediately or resold on online gift card swap sites and marketplaces. A common gift card scheme is for a fraudster to place an ad on a peer-to-peer marketplace for a hot-ticket item, like a video game console, and ask for a lower price than retail. The buyer jumps on the deal and legitimately pays for the item; the fraudster then purchases a gift card using stolen credit card info and buys the console from an online retailer, before shipping the item to the buyer.
Stealing gift cards from resellers. Even legitimate consumers selling digital gift cards on swap sites or marketplaces need to be careful of fraudsters looking to steal the funds on the card without paying for it. One way this is done is when a phony buyer asks the seller to perform a three-way phone call with the merchant to check the gift card balance on the phone. While listening to the seller enter the gift card number, the buyer records the sound of the touch tone numbers as they’re being entered to steal the gift card number and use it without purchasing it.
Another scam occurs when the seller emails the “buyer” the codes on the back of the card so they can confirm the value of the card, and the “buyer” pays the seller using PayPal or a peer-to-peer (P2P) payments app. Once the fraudster has the codes, they’ll quickly use the card and then cancel the payment. (Check out our blog post on why P2P apps shouldn’t be used for marketplace transactions.)
Using free gift cards as a trap. Some cybercriminals have begun to prey on consumers by creating fake free gift card sites. Some of these sites are real and used by companies to give out gift cards in exchange for filling out surveys, viewing ads, or signing up for promotions, but savvy thieves are developing convincing lookalike sites that are actually harvesting consumer data. The victim is asked to pick what gift card they want, but instead of completing a survey or watching a video they’re instead asked for personal information like a phone number or email address. Some of these phony sites will even ask the person to download an app or file that claims to offer deals or discounts, but is actually malware or adware that will subject the person to popups and send their data to fraudsters.
Requesting gift cards as a form of payment. The FBI issued a warning late last year against scammers that ask for gift cards as payment for goods or services in marketplaces. Fraudsters will use social engineering to play on the seller’s sympathies, claiming they’ve been hurt in the past by shady practices like chargebacks. The victim often falls for this and provides the scammer with the gift card info, and the funds on the card are instantly removed and the victim never receives their service or product.
Redeeming stolen rewards points. Account takeover plays a part in digital gift card fraud, as well. If a cybercriminal gains the credentials to a victim’s credit card or loyalty rewards program, they will often redeem the victim’s points for gift cards and then exchange the card for cash using online gift card exchange services. As more brands and credit cards offer these programs, more consumers are opting in and sitting on large points balances that are ripe for stealing.
Money laundering. According to the U.S. Department of the Treasury’s Office of Terrorist Financing and Financial Crime, terrorists and money launderers are increasingly turning towards online payment services, gift cards, and other prepaid cards to move illicit funds because of the anonymity they provide. The issue has become so widespread that the Department of the Treasury is considering new regulations to monitor the $163 billion stored-value industry (which includes gift, payroll, long-distance, and money cards).
How can retailers satisfy consumer demand for digital gift cards while staving off fraud?
Merchants will have to balance digitizing gift cards to keep up with customer expectations and investing in fraud prevention methods to protect their bottom line. Choosing to stay away from offering this product will only send potential customers to a competitor. So what can you do to arm yourself against digital gift card fraud?
Download our ebook, Trust & Safety for On-Demand Businesses, and learn how you can offer on-demand goods like digital gift cards while preventing fraud, maintaining frictionless checkout, and growing customer loyalty.