To help raise awareness among our members, the RGCA has pulled together a list of the most common types of fraud and scams that involve gift cards:
Credit and Debit Card Fraud
Fraudsters steal credit card information and use it to buy gift cards or merchandise, book travel, and make other unauthorized purchases.
Criminals steal a product and return it to get a refund loaded onto a gift card.
Account Takeover Fraud
Fraudsters hack into a customer’s online account and gain access to gift card data—allowing them to drain or transfer the balance.
Victim Assisted Fraud (Elderly, IRS, Tech Support Scams)
A scammer impersonates someone like a grandchild, the IRS, or a tech support team and demands payment in the form of gift cards.
Social Engineered/Internal Fraud
Criminals target retail employees and trick them into activating stolen gift cards, providing data needed to redeem gift cards such as gift card numbers and/or PINs, or granting access to the merchant’s registers by claiming to be members of the company’s IT department servicing the equipment.
Fraudsters steal or alter the gift card’s number and/or PIN in stores. “Skimming” is a type of product tampering.
Fake Fraud Claims
Fraudsters claim to be victims of gift card fraud in attempts to receive compensation from retailers or gift card exchanges.
Upstream System Access Fraud
Fraudsters hack into gift card processing systems, distribution centers, and stock locations that create and/or store physical and digital card information.
Fraud Prevention Tactics
We continually monitor fraud trends so we can keep our members apprised of emerging or changing fraudster strategies.
As an industry, we must be dedicated to fighting fraud by continually sharing our collective knowledge, pooling resources and expertise, and collaborating to defend our customers and businesses from criminal activity.
Here are some fraud prevention tactics we encourage our members to consider to safeguard their programs and their customers:
Card Data & Technology:
• Incorporating randomized PIN codes on gift cards.
• Using technology that flags suspicious activity before, during and after activation and redemption.
• Using complex algorithms to prevent gift card data replication.
• Using online service providers to create algorithms that can evaluate whether a purchase is being made by a cardholder or fraudster.
• Only using supply chain partners that employ strict security protocols for handling card data and inventory.
• Requiring multi-factor authentication (MFA) that adds an extra login step to ensure the person trying access or use gift cards is the rightful owner of the balance.
• Using software like CAPTCHA and bot managers during gift card purchase and registration processes.
o CAPTCHA is a program that distinguishes human from machine input to protect websites from bots that fraudulently extract gift card data.
• Using packaging techniques to cover and protect card data, magnetic stripes, and gift card PINs.
• Using print and material techniques that make it hard to counterfeit gift cards.
• Educating cashiers about how to inspect gift card packaging for tampering before selling to consumers, watch for suspicious buyer behavior like purchasing gift cards in large quantities, and recognize other cues of fraudulent activities.
• Ensuring cashiers do not activate or sell gift cards that have exposed PIN numbers.
• Making sure you have a defined escalation steps to respond to fraud quickly when it does occur so you can shut it down.
• Regularly re-examining and updating return policies to prevent fraudsters from being able to return stolen merchandise for store-issued gift card refunds that can be re-sold to unsuspecting consumers.
• Continually reviewing cashier training and point-of-sale (POS) processes to implement safeguards and controls at the time of purchase. This includes measures that are intended to keep fraudsters from being able to manipulate checkout systems and new cashiers.
o For example, limiting or eliminating cashiers’ ability to manually enter card numbers during purchases and turning off gift card purchases at remote registers overnight.
• Practicing and clearly communicating requirements for lost, stolen, and damaged cards that require proof of ownership.
Cooperation & Partnerships:
• Cooperating with distribution partners to investigate potential fraud.
• Working with reputable gift card exchanges and gift card malls as authorized gift card sellers.
• Cooperatively coordinating with law enforcement to identify and prosecute fraudsters.
• Sharing best practices with consumers to help them recognize and avoid fraud.
• Working with your social listening team to monitor key words that may indicate fraudulent activity (i.e. gift cards at 50% off).
• Storing physical gift cards in secure locations before they are activated and distributed to retailers or gift card malls.
• Vaulting and transferring egifts using file-protected and encrypted methods.
• Mailing inactive cards to their final destinations and activating once the purchaser validates the receipt of the cards.
RGCA's law enforcement partners include:
- FTC: If you think you or a customer have been scammed, contact the FTC at ftc.gov/complaint or at 1-877-FTC-HELP
- TIGTA (Treasury Inspector General for Tax Administration): treasury.gov/tigta/ or 800-366-4484
- National Elder Fraud Hotline (at the DOJ): 833-FRAUD-11 (833-372-8311)
- Felix Salazar, Investigator, Elder Abuse Unit at the San Diego County District Attorney's office (spoke at our 2021 Forum): (619) 531-3572, firstname.lastname@example.org