For a lot of people, gift cards are a wonderful thing. When trying to buy a present for a “hard to buy for” person, a gift card for that person’s favorite store is the perfect solution – let them pick something out for themselves! Gift cards are also huge money makers for merchants.
It is estimated that $46 billion was spent on gift cards in 2016. Gift cards bring people into a store, whether it is the physical store or online. Once there, a consumer will buy, often spending more than the initial amount on the gift card.
It is safe to say that convenience and additional revenue streams are why both consumers and merchants love gift cards. You know who also loves gift cards? Thieves.
Buyer beware, because gift card thieves are now hackers, committing their crime right at the source, which is the gift card systems themselves.
Traditional Fraud
Let’s step back and review traditional gift card fraud. Since the beginning of the gift card, thieves have figured out ways to steal them. Traditionally this type of crime has been in the form of:
- Gift cards purchased with stolen credit cards
- Gift cards tampered with, then purchased by legitimate consumers
Money Laundering Schemes
Traditionally, gift cards have been a quick way to make stolen credit card numbers pay off. This type of crime turns gift card fraud into a money “laundering” scheme for stolen credit cards.
Basically, thieves buy the gift cards online, in bulk, then either use the gift cards themselves or resell them to unknowing consumers. By the time the charges start coming into the credit card companies for the legitimate gift cards and/or the merchants catch onto the fraudulent gift card purchases, it’s often too late. Since the cards themselves are not compromised, they can be flagged and deactivated before they are spent, but not always. Often the credit card companies and associated merchants have to absorb the losses.
Stealing the Code off the Card
Another way gift card fraud is carried out is to manipulate the physical card itself. Recently there have been schemes caught by authorities where gift cards have been physically tampered with by overlaying the bar code with a fake barcode. In this scheme, the criminal captures the funds from the consumer when the card is scanned by the merchant, transferring the funds to the thief’s account instead of the merchant’s account.
In another gift card scheme, the thief quickly scratches off the protective covering over the security code, copies down the code, puts a replacement strip over the code and leaves the store. The criminal then uses sophisticated programs to detect when the card is activated (i.e. purchased by a consumer). Once activated, the thief quickly spends the balance before they can be detected.
In these cases, the consumer takes the loss.
Now cyber criminals are using bots and other hacking techniques to steal from the systems themselves, in some cases BEFORE the code is even printed onto a physical card.
Digital Fraud
When it comes to cyber-based gift card theft, there are now three points of theft:
- Existing cards with unused gift cards with balances
- New gift cards en route or existing in stores
- Gift card codes not yet applied to a gift card
For all of these instances, hackers are involved, stealing gift card codes right off back-end systems. For gift cards that have been legitimately purchased, cyber criminals use bots to look up security codes with remaining balances. Other hackers hit the backend gift card systems and steal security codes before the gift card hits the stores or in some cases before they are even assigned to a gift card. No matter what the situation, once the security codes are stolen, the codes are printed on cards and given to groups of people that then spend the balances, purchasing goods/services before the consumer/merchant knows what hits them.
To protect the consumer and the merchant, changes must be made. One essential way is to require dual authentication on all gift cards. This will ensure the rightful “owner” has access to the funds only.
Gift card fraud is here to stay. So, remember “buyer beware” when purchasing gift cards this holiday season. As technology evolves, so too does the criminal.
Timothy Dimoff – Speaker, National Expert, Author
Tim Dimoff’s engaging and thought-provoking presentations are sure to enlighten, inform and move you into taking action on such critical issues as workplace risks, substance abuse, security and societal threats. Feel free to contact Tim today to speak at your organization.
