Gift cards are safe, secure and convenient payment and gift options—evident by their widespread popularity and use. According to the National Retail Federation, gift cards have been the most popular gifts in America for 12 years in a row with more than 60 percent of consumers hoping to receive them this year—and millions planning to give them. In addition to being popular gifts, they can also be used as incentives, rewards, and branded currency. According to First Data, 64 percent of consumers buy gift cards just to spend on themselves!
Consumers love giving, receiving, and using gift cards, but unfortunately so do fraudsters. Criminals can abuse gift cards and other methods of payment like debit/credit cards or checks.
Here’s a list of common types of fraud and scams that involve gift cards:
Credit and Debit Card Fraud
Fraudsters steal credit card information and use it to buy gift cards or merchandise, book travel, and make other unauthorized purchases.
Criminals steal a product and return it to get refund.
Gift Card Fraud
Fraudsters steal gift card balances or sell stolen gift cards for cash. Examples of gift card fraud include account takeover fraud, victim assisted fraud, social engineering (aka internal) fraud, product tampering, fake fraud, and upstream system access fraud.
Account Takeover Fraud
Fraudsters hack into a customer’s online account and gain access to gift card data—allowing them to drain or transfer the balance.
Victim Assisted Fraud (Elderly, IRS, Tech Support Scams)
A scammer impersonates someone like a grandchild, the IRS, or a tech support team and demands payment in the form of gift cards.
Social Engineered/Internal Fraud
Criminals target retail employees and trick them into activating stolen gift cards, providing data needed to redeem gift cards such as gift card numbers and/or PINs, or granting access to the merchant’s registers by claiming to be members of the company’s IT department servicing the equipment.
Fraudsters steal or alter the gift card’s number and/or PIN in stores. “Skimming” is a type of product tampering.
Fake Fraud Claims
Fraudsters claim to be victims of gift card fraud in attempts to receive compensation from retailers or gift card exchanges.
Upstream System Access Fraud
Fraudsters hack into gift card processing systems, distribution centers, and stock locations that create and/or store physical and digital card information.
The RGCA and its members (which include many of the top retailers in the world) take all forms of fraud involving gift cards very seriously. We are dedicated to fighting fraud by continually sharing our collective knowledge, pooling resources and expertise, and collaborating to defend our customers and businesses from criminal activity.
Fraud prevention and mitigation tactics RGCA members are using to neutralize fraud and stay ahead of scammers fall into the following categories:
Card Data & Technology:
- Ensuring we are EMV compliant.
- This means we have the very latest point-of-sale (POS) equipment and in place in stores to accept chip-enabled credit (and debit) cards as opposed to those with just a magnetic stripe. Chip-enabled cards are more secure.
- Incorporating randomized PIN codes on gift cards.
- Using technology that flags suspicious activity before, during and after activation and redemption.
- Using complex algorithms to prevent gift card data replication.
- Using online service providers to create algorithms that can evaluate whether a purchase is being made by a cardholder or fraudster.
- Only using supply chain partners that employ strict security protocols for handling card data and inventory.
- Requiring multi-factor authentication (MFA) that adds an extra login step to ensure the person trying access or use gift cards is the rightful owner of the balance.
- Using software like CAPTCHA and bot managers during gift card purchase and registration processes.
- CAPTCHA is a program that distinguishes human from machine input to protect websites from bots that fraudulently extract gift card data.
- Using packaging techniques to cover and protect card data, magnetic stripes, and gift card PINS.
- Using print and material techniques that make it hard to counterfeit gift cards.
- Educating cashiers about how to inspect gift card packaging for tampering before selling to consumers, watch for suspicious buyer behavior, and recognize other cues of fraudulent activities.
- Ensuring cashiers do not activate or sell gift cards that have exposed PIN numbers.
- Make sure you have a defined escalation path as responding quickly to fraud when is does occur is critical to shutting it down.
- Regularly re-examining and updating return policies to prevent fraudsters from being able to return stolen merchandise for store-issued gift card refunds that can be re-sold to unsuspecting consumers.
- Continually reviewing cashier training and point-of-sale (POS) processes to implement safeguards and controls at the time of purchase. This includes measures that are intended to keep fraudsters from being able to manipulate checkout systems and new cashiers.
- For example, limiting or eliminating cashiers’ ability to manually enter card numbers during purchases and turning off gift card purchases at remote registers overnight.
- Practicing and clearly communicating requirements for lost, stolen and damaged cards that require proof of ownership.
Cooperation & Partnerships:
- Cooperating with distribution partners to investigate potential fraud.
- Working with reputable gift card exchanges and gift card malls as authorized gift card sellers.
- Cooperatively coordinating with law enforcement to identify and prosecute fraudsters.
- Sharing best practices with consumers to help them recognize and avoid fraud.
- Work with your social listening team to monitor key words that may indicate fraudulent activity (i.e. gift cards at 50% off).
- Storing physical gift cards in secure locations before they are activated and distributed to retailers or gift card malls.
- Vaulting and transferring egifts using file-protected and encrypted methods.
- Mailing inactive cards to their final destinations and activating once the purchaser validates the receipt of the cards.
To provide shoppers with the best, safest experience when purchasing and redeeming gift cards, the RGCA recommends shoppers:
- Avoid ANY demands for payment by gift card (online or phone). Gift cards are only an acceptable form of payment with their affiliated brand, so if someone contacts you claiming to be from a police department, a utility company, the IRS or another third party informing you that you owe money and must pay via gift card, hang up the phone, delete the email, and cut off communication. You cannot pay outstanding speeding tickets, back taxes, or any similar types of bills using gift cards and are likely being targeted by a scammer.
- To report IRS impersonation scams to the Treasury Inspector General for Tax Administration, you can visit treasury.gov/tigta/contact_report_scam.shtml or call 800-366-4484.
- If you think you might owe taxes, call the IRS directly at 800-829-1040.
- If you think you’ve been scammed, contact the FTC at ftc.gov/complaint or via this toll-free number: 1-877-FTC-HELP.
- Check physical gift cards bought from a retailer or gift card mall for package tampering before purchasing. If the scratch-off material covering the card’s PIN number is uncovered, pick another card and show the questionable card to a store associate.
- Buy gift cards from trusted sources, especially when buying online. Many retailers and online dealers work closely to protect cards from fraud, but others aren’t concerned with card safety and provide fewer protections to consumers.
- Consider our tips for having positive, safe experiences with gift card exchanges and other third party resellers.
- Use gift cards quickly. The longer cards remain unused, the more time criminals have to obtain the card numbers and PIN or steal them.
- Keep physical cards secure in a wallet, purse, or other secure place. If the card has a PIN covered by scratch-off material, leave the scratch-off material in place until the PIN is required.
- Keep digital or egift cards secured in an account or mobile wallet that is password-protected with a strong password.
- Protect email accounts by opting into multi-factor authentication (MFA), keeping usernames and passwords secure, and never sharing passwords.
- Never share the account number or PIN number on the back of gift cards with anyone.
- Send physical gift cards via trackable shipping methods and egifts via a secure email or mobile programs.