Protecting E-Commerce Merchants From Digital Gift Card Fraud in a COVID-19 Era
With the holiday shopping season right around the corner, retailers are bracing for a 25 percent to 35 percent increase in e-commerce orders vs. last year, driven by the COVID-19 pandemic. This is having a major impact on one of the most popular gift options: gift cards.
Digital redemptions increased from 30 percent of the gift card market in 2018 to 45 percent in 2019, according to National Gift Card. The pandemic is now accelerating that shift. However, while they're convenient for both consumers and retailers, digital gift cards are also attractive to fraudsters and cybercriminals.
Most stores have policies limiting the number of physical gift cards that can be purchased in one transaction, but digital gift cards come with fewer protections and higher potential losses due to fraud.
Following are three types of digital gift card fraud that online retailers should be mindful of this holiday season — along with suggested steps to take to mitigate risk.
1. Gift Card Number Theft
Cybercriminals gain illicit access to a company’s databases and steal gift card numbers and activation codes. They can either use or sell the numbers, or make physical duplicate gift cards to resell.
To protect against this type of fraud and defend your gift card data from hackers, make sure software and systems are always up-to-date, that your information security processes include all necessary technological safeguards, and employees are trained to recognize potential phishing attacks and other forms of social engineering. Humans are often the weak link in an otherwise robust multilayered security system. You should also carefully track gift card numbers and their use to promptly identify suspicious activity.
2. Using Stolen Credit Cards to Buy Gift Cards
Scammers use stolen credit card numbers to buy gift cards online, then use or resell the cards before the merchant gets hit with the chargeback.
To prevent these illegal purchases, make use of risk assessment and fraud prevention technology, implement operational procedures such as stringent rules at checkout (e.g., flagging orders from fraud-prone locations or unusually large orders), and ensure appropriate customer service training.
Many retailers are turning to emerging tools that allow them to analyze transaction decisions without causing friction for legitimate purchasers — and without fraudsters being aware of any added scrutiny. After all, the activity that comes after a transaction reveals a lot about its risk. Purchasers will receive a message implying success, while the merchant is told the decision is "Silent Pending," holds fulfillment, and listens for the final decision on a URL that's push-updated later.
3. Gift Card Purchases After Account Takeover
Fraudsters compromise and gain access to a customer’s store account and, instead of buying products (which wouldn’t be delivered because the unauthorized orders would be discovered and canceled), they buy large quantities of digital gift cards for immediate use.
To prevent this scam, track gift card data from purchase to redemption and flag unusual behavior — e.g., instant activation and use — for further investigation. It’s critical to have systems in place that monitor for accounts that suddenly begin purchasing gift cards in unusual quantities. Better yet, tackle the problem earlier by implementing effective authentication, monitoring and fraud-prevention technology to stop account takeovers before they happen.
The pandemic has changed how consumers shop and what they buy. Fraudsters are determined to exploit any vulnerability they can, so as you prepare for an expected increase in digital gift card purchases this holiday season, be extra vigilant and ensure your business is armed with the right practices and software tools to protect your brand and its bottom line.
Tan Truong is the chief information officer at Vesta, a leading fraud detection platform.
Related story: Digital Gift Card E-Commerce Evaluation