RGCA Best Practices, Types of Gift Card Scams and Tips for Safe Gift Card
Gift cards are safe, secure and convenient payment and gift options—evident by their widespread popularity and use. According to the National Retail Federation, gift cards have been the most popular gifts in America for 13 years in a row with 59 percent of consumers hoping to receive them this year—and millions planning to give them. In addition to being popular gifts, they can also be used as incentives and rewards. According to Fiserv, 64 percent of consumers buy gift cards just to spend on themselves!
Consumers love giving, receiving, and using gift cards, but unfortunately so do fraudsters. Criminals can abuse gift cards and other methods of payment like debit/credit cards or checks.
Here’s a list of common types of fraud and scams that involve gift cards:
Credit and Debit Card Fraud
Fraudsters steal credit card information and use it to buy gift cards or merchandise, book travel, and make other unauthorized purchases.
Criminals steal a product and return it to get refund.
Gift Card Fraud
Fraudsters steal gift card balances or sell stolen gift cards for cash. Examples of gift card fraud include account takeover fraud, victim assisted fraud, social engineering (aka internal) fraud, product tampering, fake fraud, and upstream system access fraud.
Account Takeover Fraud
Fraudsters hack into a customer’s online account and gain access to gift card data—allowing them to drain or transfer the balance.
Victim Assisted Fraud (Elderly, IRS, Tech Support Scams)
A scammer impersonates someone like a grandchild, the IRS, or a tech support team and demands payment in the form of gift cards.
Social Engineered/Internal Fraud
Criminals target retail employees and trick them into activating stolen gift cards, providing data needed to redeem gift cards such as gift card numbers and/or PINs, or granting access to the merchant’s registers by claiming to be members of the company’s IT department servicing the equipment.
Fraudsters steal or alter the gift card’s number and/or PIN in stores. “Skimming” is a type of product tampering.
Fake Fraud Claims
Fraudsters claim to be victims of gift card fraud in attempts to receive compensation from retailers or gift card exchanges.
Upstream System Access Fraud
Fraudsters hack into gift card processing systems, distribution centers, and stock locations that create and/or store physical and digital card information.
Fraud Prevention Tactics
The RGCA and its members (which include many of the top retailers in the world) take all forms of fraud involving gift cards very seriously. We are dedicated to fighting fraud by continually sharing our collective knowledge, pooling resources and expertise, and collaborating to defend our customers and businesses from criminal activity.
Fraud prevention and mitigation tactics RGCA members are using to neutralize fraud and stay ahead of scammers fall into the following categories:
Card Data & Technology:
Ensuring we are EMV compliant.
This means we have the very latest point-of-sale (POS) equipment and in place in stores to accept chip-enabled credit (and debit) cards as opposed to those with just a magnetic stripe. Chip-enabled cards are more secure.
Incorporating randomized PIN codes on gift cards.
Using technology that flags suspicious activity before, during and after activation and redemption.
Using complex algorithms to prevent gift card data replication.
Using online service providers to create algorithms that can evaluate whether a purchase is being made by a cardholder or fraudster.
Only using supply chain partners that employ strict security protocols for handling card data and inventory.
Requiring multi-factor authentication (MFA) that adds an extra login step to ensure the person trying access or use gift cards is the rightful owner of the balance.
Using software like CAPTCHA and bot managers during gift card purchase and registration processes.
CAPTCHA is a program that distinguishes human from machine input to protect websites from bots that fraudulently extract gift card data.
Using packaging techniques to cover and protect card data, magnetic stripes, and gift card PINS.
Using print and material techniques that make it hard to counterfeit gift cards.
Educating cashiers about how to inspect gift card packaging for tampering before selling to consumers, watch for suspicious buyer behavior like purchasing gift cards in large quantities, and recognize other cues of fraudulent activities.
Ensuring cashiers do not activate or sell gift cards that have exposed PIN numbers.
Make sure you have a defined escalation path as responding quickly to fraud when it does occur is critical to shutting it down.
Regularly re-examining and updating return policies to prevent fraudsters from being able to return stolen merchandise for store-issued gift card refunds that can be re-sold to unsuspecting consumers.
Continually reviewing cashier training and point-of-sale (POS) processes to implement safeguards and controls at the time of purchase. This includes measures that are intended to keep fraudsters from being able to manipulate checkout systems and new cashiers.
For example, limiting or eliminating cashiers’ ability to manually enter card numbers during purchases and turning off gift card purchases at remote registers overnight.
Practicing and clearly communicating requirements for lost, stolen and damaged cards that require proof of ownership.
Cooperation & Partnerships:
Cooperating with distribution partners to investigate potential fraud.
Working with reputable gift card exchanges and gift card malls as authorized gift card sellers.
Cooperatively coordinating with law enforcement to identify and prosecute fraudsters.
Sharing best practices with consumers to help them recognize and avoid fraud.
Work with your social listening team to monitor key words that may indicate fraudulent activity (i.e. gift cards at 50% off).
Storing physical gift cards in secure locations before they are activated and distributed to retailers or gift card malls.
Vaulting and transferring egifts using file-protected and encrypted methods.
Mailing inactive cards to their final destinations and activating once the purchaser validates the receipt of the cards.
To ensure shoppers avoid scams and have a safe and positive experience purchasing and redeeming gift cards, the RGCA recommends these tips:
Avoid ANY unsolicited demands for payment by gift card (online or phone). Gift cards are only an acceptable form of payment with their affiliated brand, so if someone contacts you claiming to be from a police department, a utility company, the IRS or another third party informing you that you owe money and must pay via gift card, hang up the phone, delete the email, and cut off communication. You cannot pay outstanding speeding tickets, back taxes, or any similar types of bills using gift cards and are likely being targeted by a scammer. The elderly are a target to these common types of scams, so be sure to inform your friends, family and peers.
To report IRS impersonation scams to the Treasury Inspector General for Tax Administration, you can visit their website or call 800-366-4484.
If you think you’ve been scammed, contact the FTC at ftc.gov/complaint or via this toll-free number: 1-877-FTC-HELP.
Check physical gift cards bought from a retailer or gift card mall for package tampering before purchasing. If the scratch-off material covering the card’s PIN number is uncovered, pick another card and show the questionable card to a store associate.
Buy gift cards from trusted sources and known brands, especially when buying online.
Keep physical cards secure in a wallet, purse, or other secure place. If the card has a PIN covered by scratch-off material, leave the scratch-off material in place until the PIN is required.
Keep digital or egift cards secured in an account or mobile wallet that is password-protected with a strong password and multi-factor authentication (MFA).
Never share the account number or PIN number on the back of gift cards with an unsolicited source.
Send physical gift cards via trackable shipping methods and egifts via a secure email or mobile programs that are password protected.
For tips for having a positive, safe experience with gift card exchanges, click here.