Unwrapping holiday gift card fraud

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

Spending on gift cards is expected to hit new highs this holiday season – the National Retail Federation predicts that gift card sales will reach almost $30 billion. Unfortunately, cybercriminals are finding way to cash in as well. This leaves merchants with the pressing issue – how to capitalize on gift card revenue without increasing the risk for fraud?

Gift cards represent an important revenue stream – avoiding them altogether will undoubtedly cost you sales. Yet with the high transaction volumes during the holidays, retailers don’t have the bandwidth to manually analyze gift card sales or redemption. And the fraudsters count on the fact that retailers are too busy to track them.

Physical gift cards present a variety of security challenges – thieves have been known to steal, tamper with and replace gift cards from kiosks in brick and mortar stores. These exploits require comprehensive security measures – from costly in-store personnel to requiring additional identification when purchasing gift cards with a credit card.

But online activities are even more difficult to protect from fraud. Cybercriminals act on a global level, and online identities are fairly anonymous. With so many physical and virtual gift cards flowing through the economy, it’s not difficult for criminals to misdirect some of them, capitalizing on the profit.

The gift that keeps on taking
The gift card fraud risk doesn’t stop on December 25, as the cards purchased for the holidays will be redeemed throughout the year. The flexibility and anonymity of gift cards are very attractive for criminals – a gift card is like cash in hand. Here are a few of the most common online exploits involving gift cards.

Stolen virtual gift cards – For those last-minute gifts, nothing is as convenient as online gift cards or e-certs. Gift givers can send them at the last minute and they’ll arrive on time. If a criminal intercepts that digital certificate and steals the account information or redemption code, they can get to the goods before the intended recipient does. Cybercriminals will often redeem electronic gift cards for real physical goods, which they can then resell for profit in other countries or on auction sites.

Gift cards purchased with stolen credit cards – A gift card is one way to turn a stolen credit card into cold hard cash. Cybercriminals can purchase large quantities of physical or electronic gift cards using stolen credit cards. They can either resell the gift cards or use them to purchase goods for resale.

Theft of virtual and online goods – This holiday, the Xbox One and Sony PlayStation 4 (PS4) will drive sales of gift cards for games and gaming credits that will be redeemed both immediately and in the coming months. Unfortunately, virtual reality isn’t free of real crime – there’s a thriving black market in virtual goods such extra lives, points and customized features in online games. Even e-certificates for gaming points have value to the online fraudster.

Protecting online gift card transactions
Businesses cannot prevent people from losing their credit cards or from having their email (with electronic cards) hacked on insecure Wi-Fi networks. But they can try to protect the transactions that often lead to fraud losses.

One way cybercrime can be prevented is by analyzing online gift card purchases for the presence of stolen credit cards. These can be detected through a variety of risk factors, including a single device using several different credit cards or a transaction where the actual location of the device does not match the credit card holder’s address. Businesses should subject these transactions to additional scrutiny or real-time step-up authentication.

Gift card fraud is a form of identity fraud – the fraudster typically pretends to be someone else when purchasing and/or reclaiming the gift card. So businesses must look for transactions where the device does not match the individual’s history or is disguising its location, or for which a shipping address has been changed.

Fortunately, retailers don’t have to tackle cybercriminals alone this holiday season. One of the most effective ways to protect gift card transactions and user accounts this holiday season and beyond is by leveraging a global repository of fraud data to differentiate between authentic and fraudulent transactions. Retailers can collaborate with other businesses to share information about accounts, devices and online personas involved in fraudulent activities – escalating any transactions from these sources to a higher risk category and requiring additional screening.

Leveraging a global repository of fraud data also helps retailers strike a balance between implementing effective cybercrime prevention strategies and interfering with the customer experience. By differentiating between low and high risk transactions, retailers can assure accounts and gift cards are protected without making trusted customers face arduous authentication steps.

The gift card challenge will linger long after the last gift is unwrapped this year. Gift cards are a popular year-round vehicle for fraud. The good news is that any protections retailers and other businesses put in place for the holiday season will protect against potentially fraudulent transactions year round.