Oh, how times have changed! Gift cards are no longer just a popular backup plan. In fact, gift cards – especially eGift cards – are becoming increasingly attractive not only as gifts, but also for personal use. eGift cards give retailers who offer them more reasons to celebrate. Unfortunately, there is always a catch. eGift cards suffer the highest fraud rate attempts and are the biggest targets of fraud attacks between Black Friday and Christmas. One of the biggest contributing factor to that is the growing popularity of online gift card exchange sites. These increasingly commonplace sites are also known as secondary gift card marketplaces. Digging deeper into how fraudsters operate on these sites gives better understanding on keeping your eGift cards fraud-free.
Gift card exchange sites: one man’s trash is another man’s treasure
For Christmas, Tim receives a $100 iTunes eGift card. As much as he appreciates the present, Tim does not shop there and decides to turn it into cash instead. The easiest way he could do so: the secondary gift card marketplace.
Jason frequently scours the exchange sites for discounted cards. He buys the $100 eGift card priced at $80. For Tim, it was still a profitable exchange since he walked away with an extra $80 in his pocket.
Alternatively, Jason offers to exchange his $100 Amazon eGift card with Tim’s $100 iTunes eGift card. Tim, who shops often at Amazon, is more than happy to make the exchange.
Online gift card exchange sites exist for unhappy owners of eGift cards to put them to better use – or value – rather than let them waste away. For buyers who manage to get eGift cards cheaper than they are worth, they are happy to frequent the sites for such great deals all the time.
A breeding ground for fraud
Online gift exchange sites bring more business and new customers for retailers, since customers are more likely to utilize the gift cards at the store. Even better news: consumers who visit a store armed with a gift card are usually likely to overspend the value of the card.
However, just as consumers throng to these secondary eGift card marketplaces to find deals on their preferred cards, so do fraudsters. A site full of willing buyers makes it a breeze to monetize eGift cards obtained through fraudulent means. When there is consumer demand for a specific merchants’ eGift card, the fraud risk of these online gift card exchange sites is even higher.
Fraudsters come up with various creative measures and schemes to avoid getting caught. Some of the more common scenarios would include:
Credit Card Fraud
Credit card fraud is straightforward. Fraudsters purchase eGift cards using stolen credit cards and resell them on the gift card exchange sites at discounted rates. In fact, a $200 iTunes eGift card can be priced as low as $3. Unfortunately, you have to borne the chargeback losses, together with the loss of merchandise or service.
Hackers can hack discount or gift card codes through various methods such as phishing or social engineering. Once they succeed, they sell the codes to fraudsters on black markets. Fraudsters who acquire these codes will proceed to sell them on gift card exchange sites to convert them to cash.
Account Takeover (ATO)
ATO has become a new pot of gold. Fraudsters have started infiltrating user accounts with stolen login credentials and could do damage through multiple ways:
- Using the card-on-file to purchase eGift cards to be resold on secondary marketplaces
- Chancing upon user’s stored eGift gift card credit to be transferred to a shell eGift card, to be sold on secondary marketplaces
- Exploiting auto-load function to drain the user’s credit into multiple eGift cards
A gift gone wrong
Chargebacks are not your only concern. According to the standard chargebacks procedure, you would have to remove the remaining funds from the fraudulent eGift card. Regrettably, the card might already be in the hands of a genuine user who bought it from an online exchange site. When he finds out that he essentially purchased nothing, you will then have to compensate him or reissue the card. Unfortunately, the colossal damage is usually already done: you have to suffer monetary losses through chargeback fees and operational costs such as manual reviews, decreased customer satisfaction, negative brand reputation and labor wastage on resolving fraud issues. Digital goods merchants spend much more on fraud management as compared to physical goods merchants, employing nearly 5 times the number of fraud-related personnel.
Unwrapping eGift card fraud and its risk
What is it about eGift cards that makes them so very attractive to fraudsters, to the extent that even Apple sees a need to alert customers?
Basically, eGift cards are digital goods. This is bad news for you since digital goods are highly vulnerable to fraud. Like all digital goods, eGift card purchases are quick and easy, anonymous, and do not require physical address for shipping. This makes it challenging to verify customer identities, especially when users demand instant delivery upon purchase. It’s no wonder that digital good merchants spend an average of $10.1 million every year on fraud-related costs.
In addition, eGift card code numbers are notoriously easy to hack. In fact, they can be cracked in less than 100 attempts. Many consumers do not use the eGift card immediately upon purchase to save them for special occasions. Unfortunately, this gives fraudsters plenty of opportunities to use them before a user does. Most consumers do not keep track of their eGift cards balance, either. By the time they want to use the eGift card credit, it would have been too late as all credit is lost.
Keep your eGift cards full of joy and free of fraud
eGift card fraud might sound ugly, but you can get to the good with fraud prevention practices in place. Simple procedures such as having well-constructed card codes, attaching a validity period to each eGift card, implementing daily purchasing limits and restricting online balance lookups can help in fending off fraudsters.
However, eGift cards are proving to be increasingly popular and fraudsters are getting increasingly sophisticated. To manage eGift card fraud efficiently, you need to go beyond simple practices to a comprehensive solution that fits well. eGift cards (and the revenue they bring) can be the greatest gift for you this holiday season – read our complete guide to make the most out of them.
Stay up to date on the latest cyber security news and everything SHIELD related