As retailers gear up for the holidays, industry experts expect the COVID-19 pandemic to further accelerate the already well-established trend of growth in e-commerce sales. According to the U.S. Department of Commerce, consumers spent nearly $200 billion online from July through September, a 37% jump from the same period last year, and nearly $1 of every $5 spent came from orders placed online.
Industry experts are projecting a 25% to 35% increase in e-commerce orders this holiday season. Gift cards, always a popular gift option, are no exception to the digital shift. According to the National Gift Card Group, digital redemptions grew from 30% of the gift card market in 2018 to 45% in 2019, and that share is projected to rise again in 2020.
A magnet for fraud
Unfortunately, many of the characteristics that make digital gift cards so convenient and popular with consumers also make them a prime target for fraudsters. Digital gift cards — anonymous, transferable, easily liquidated and not subject to credit card regulations — attract more fraud attempts than almost any other category of online purchase.
Following are some of the most common types of digital gift card fraud.
- Using stolen payment card data to purchase gift cards. The fraudster uses a stolen credit card number to buy gift cards online and then resells them before the credit card holder discovers the illicit transactions — leaving the merchant that sold the gift cards exposed to the inevitable chargebacks.
- Asking for gift cards as refunds. The scammer makes an online purchase with a stolen credit card number and then cancels the order after it has been approved. The fraudster asks to be refunded with gift card credit. The gift card is untraceable, and the merchant is hit with a chargeback from the holder of the stolen credit card when the unauthorized purchase is discovered.
- Taking over an account and purchasing gift cards. Using stolen credentials, a fraudster takes over a bank account or online shopping account and purchases gift cards (or converts stolen loyalty points to gift cards) that can be spent or sold before the owner of the account realizes that it has been compromised.
- Stealing gift card numbers and PINs. Scammers steal gift card numbers and activation codes through brute force database hacking, malware attacks or social engineering (for example, posing as a company executive and asking an employee to purchase a batch of gift cards and supply the numbers). If they lack the activation codes, cybercriminals can use bots to rapidly test millions of number combinations.
In addition to the obvious economic costs to retailers, digital gift card fraud brings reputational costs, as security incidents significantly erode customer trust. But the fear of fraud is also costly: the tools used to prevent fraud are often blunt and overly aggressive, blocking some legitimate transactions and thus reducing merchants’ revenue and frustrating customers. So, what steps can organizations take to reduce their fraud risk without sacrificing good sales?
Mitigating fraud risk
At the most general level, merchants must ensure that they have up-to-date information security technologies to protect against network intrusions and data breaches, effective authentication methods to prevent account takeovers, and security training for staff that includes boosting awareness of social engineering attack methods.
Retailers should track gift card numbers and monitor activity from purchase to redemption in order to identify suspicious activity for further investigation. Red flags can include instant card activation and use, accounts that suddenly begin purchasing unusual quantities of cards, high numbers of card failures, balance checks on cards that have not been activated yet, and activity from an unusual or fraud-prone geographic location.
Risk assessment and fraud prevention technology — which includes stringent business rules at checkout — plays a critical role in analyzing online activity and blocking fraudulent transactions before they go through. New tools can stop illicit purchases without causing friction for legitimate customers and without tipping off fraudsters that their activity is under observation.
For example, the purchaser will receive a message indicating that the transaction has been completed successfully, while in reality it has been placed in silent pending mode, and the merchant holds fulfillment until the final decision is push-updated later. This interval allows for additional investigation using machine learning and deep link analysis of other orders placed since the initial order — an approach that not only helps prevents fraud but also boosts revenue by enabling retailers to loosen their acceptance parameters and take on borderline risky transactions that they might otherwise have declined, leaving good money on the table in many cases.
Time to act
Digital gift cards are poised to achieve record sales this pandemic-tinged holiday season, but scammers will be looking to capitalize on the growing opportunity as well. Merchants that want to grow their gift card business securely will need to implement operational best practices and effective technology tools to reduce their risk. Taking these steps now can help retailers safeguard their bottom line, their brand and their legitimate customers.