How To Protect Your Business From Gift Card Fraud
Most retailers love the idea of gift cards and for good reason:
- Each gift card in circulation represents money already spent. You’ve made the sale, and you’re simply waiting for the card recipient to collect his or her goods.
- Most gift cards expire — without ever being used. This means you still make that sale without losing any inventory.
- Even when cards are used, there is often a balance that remains untouched. Again, this is money you get to pocket for yourself.
When dealing specifically with electronic gift cards (e-gift cards), managing these programs is pretty easy. Everything is automated, without you having to buy, print, mail or collect any physical cards on your end.
These benefits explain why e-gift cards are the fastest-growing sector of the larger gift card industry, responsible for an estimated $10 billion in sales annually.
However, all that growth attracts unwanted attention.
The Rise of E-Gift Card Fraud
The convenience that makes e-gift cards so popular among consumers and merchants alike also attracts criminals. In fact, e-gift card fraud is a nearly $1 billion industry
It’s not difficult to see why:
- When stealing physical gift cards, the damage is limited to that one victim (and card). As the merchant, you still technically get that sale since the card was already bought and paid for through legitimate channels.
- When stealing electronic gift cards, however, the damage is potentially unlimited since thieves can gain access to (and unlock) millions of cards all at once. If this happens, you’re the biggest loser because you’ll be stuck honoring gift cards that should never be in circulation.
In other words, you lose that inventory, and you never collect the money. You might also end up processing refunds and chargebacks for purchases of dubious origin.
All of the above is a major problem with “open loop” cards that can be used at numerous locations. Though it’s an even bigger issue with “closed loop” cards that are only usable at your store. This is because e-gift card criminals often target smaller merchants lacking the resources to protect themselves.
Yet even on a shoestring budget, you can use detection and prevention to dramatically reduce the frequency of e-gift card fraud within your store.
How to Detect E-Gift Card Fraud
Detecting gift card fraud can be tough. Fortunately, there are a number of telltale signs that make catching criminals in the act a little easier.
For starters, most e-gift cards are attached to an email address and name. Lazy criminals often use nonsensical names and alphanumeric email addresses that are easy to spot. If you ever see someone who goes by Mr. MaIgg7J aGFT3al with the address email@example.com, you should flag that purchase until you’ve had a chance to inspect it more closely.
In addition, criminals often make lots of back-to-back purchases to test new cards. They also tend to keep purchases small to avoid detection.
Also, be on the lookout for “no shipping address required” or “instant delivery.” These are not automatic warning signs. However, they do warrant closer analysis so be warned.
There is a huge secondary market for unused gift cards. This means recipient email addresses and names change frequently — even if the exchanges are happening between legitimate buyers and sellers. What’s more, criminals are getting really good at exploiting these e-gift card transfers.
Because of the inherent limitations of detection, focusing your efforts on prevention may be the better strategy.
How to Prevent E-Gift Card Fraud
If your goal is to prevent card fraud, the most important starting point involves shoring up your payment environment. If your payment processor doesn’t follow the latest PCI-compliant security standards, you’re becoming exposed to all kinds of fraud — from gift cards to credit cards.
The same goes for installing updates, patches and virus protection software. Criminals tend to exploit vulnerabilities — i.e., loose locks, broken windows and outdated software. If your IT infrastructure is unprotected, you’re basically inviting thieves to dig around.
This IT protection should also extend to the passwords your employees use. If even one team member uses “password1234,” your entire operations may be at risk; and it won’t be long until your e-gift cards get hacked — or worse.
Instead, every employee should use alphanumeric passwords that are impossible to guess. Unfortunately, these are also much harder to remember, but free password management tools such as KeePass can help.
Finally, consider outsourcing your data to services that specialize in cybersecurity. If you don’t keep usernames, passwords, credit cards or gift-cards in-house, there will be less data for thieves to steal.
If you absolutely must keep this information locally, you should tokenize this data or encrypt the information using hashes.
The Only Full-Proof Way to Prevent E-Gift Card Fraud
With billions of dollars up for grabs, gift card fraud is basically inevitable. The only foolproof way to prevent fraud within your business is to not use e-gift cards at all.
However, that’s not a very appealing strategy given all of the legitimate benefits these cards offer.
The next best approach? Combine all the fraud-prevention steps outlined above, including:
- Monitoring suspicious email addresses and customer names
- Being wary of expedited delivery and no shipping addresses
- Flagging purchases made from the same location or email address
- Using secure, long, alphanumeric passwords
- Outsourcing data storage to security experts
- Encrypting any information that must be stored in-house
Note that each of these steps may result in higher costs for you — the merchant, and they can create more friction for legitimate customers. That means you’ll need to decide whether fighting gift card fraud is worth the effort. But in most cases, the pros far outweigh the cons.
Have questions about this blog? Want to setup a custom gift card program for your business?
Visit us online at www.TailoredTransactions.com or call us direct at (888) 669.1686