Gift cards are a wonderful product, and they provide advantages both for consumers and businesses. Consumers get the benefit of a flexible, useful gift for a loved one, and businesses are able to sell gift cards while knowing that they can only be used in their store – securing future sales and potentially drawing in new customers, among other benefits.
But nothing is perfect – and gift cards are no exception. Gift cards are often the target of fraud and abuse – not only by thieves and shoplifters, but even by store employees. Gift card fraud is on the rise, and the recent fraud liability switch introduced alongside EMV chips in October of 2015 has caused more retailers to become aware of the dangers of gift card fraud.
Gift card fraud can happen to any retailer, big or small – from the largest electronics store to the smallest grocery store with a gift card stand. If you’re selling gift cards, you’re at risk, whether it’s an enterprising shoplifter or an employee defrauding your store.
So in this article, we’ll go over the basics of credit card fraud, both internal and external, and what steps can be taken to help minimize fraud and maximize the security of gift cards in stores.
The Primary Methods Of Gift Card Fraud
There are numerous methods of gift card fraud. Given the high cost of additional security measures for gift cards, many retailers are still using very simple cards – plastic cards with unencrypted magnetic strips, sometimes even lacking a PIN required for use.
Because of this, there are many security vulnerabilities associated with gift cards. Here are the most common methods of gift card fraud
Internal – “The Switch”
Internal theft by employees can be a huge issue for retailers, and The Switch is one example of the easiest methods by which employees can scam customers out of their gift cards, and it can be quite difficult to catch, especially if you have a large organization with many customer service representatives.
The scam itself is simple. The employee checks out a customer as usual, and the customer attempts to pay with their gift card. The employee runs the gift card and notices that it still has a remaining balance after the purchase. Then, the employee switches the gift card when the customer isn’t looking, replacing it with a zero-balance gift card left by the register.
The customer will leave with a zero-balance gift card unknowingly – and it may be weeks before they try to use it again – and the employee stashes the card with its remaining balance, spending it at will.
This can be hard to prevent because of the subtlety of the scam. Consumers rarely check their gift card balances after making a purchase, and they may not notice that their card is empty for weeks. By then, they may have forgotten who checked them out, or may just assume that they spent their entire gift card balance.
Internal – Gift Card “Laundering”
An employee will begin a transaction on register #1 – a gift card is sold for $100, but no money is placed in the register, as no customer is present. The gift card is activated for $100, and then the employee goes to register #2, purchasing 2 $50 gift cards with the newly-activated $100 gift card.
Next, they go back to the original register and void out the original $100 sale, essentially rendering that $100 gift card as nonexistent, and ending up with 2 “clean” $50 gift cards, which they paid nothing for.
The best way to prevent this is with careful monitoring of employees, and a robust system of approvals for voided orders and other special actions taken by customer service representatives. Requiring managerial approval for every voided order can be difficult and lead to longer customer wait times, so think about setting a lower limit – how about managerial approval for every transaction above $25? This will allow customer service representatives to deal with simple problems, but prevent the temptation to commit fraud by laundering gift cards.
Internal – POS Shutdowns
This form of fraud relies primarily on the specific architecture of a register or a POS. The customer service representative rings up a gift card and activates it at the point of purchase. Before the transaction is “complete” and the money (which doesn’t exist) enters the register, they perform a hard shutdown of their system, turn off its battery backup, or unplug it completely from the wall.
If the POS registers activation of a card before cash is tendered, this essentially means that the card is activated, but not registered with the system at all. Neither the sale of the gift card nor the receipt of cash will be recorded, so the employee’s transactions will still seem legitimate, but multiple gift cards can be stolen with almost no record of the theft unless you look at a full list of gift cards sold/gift cards used in your store, which can be extremely time-consuming.
The primary drawback of this method is that it’s quite time-consuming and obvious, and can only be done when the store is slow, which could mean that a manager would notice a customer service representative who is performing this type of fraud.
Internal Or External – Stealing The Numbers
Most gift cards aren’t encrypted, and have the information about their numbers sitting on the magnetic stripe of the card. Some organized thieves can get their hands on these cards – often by colluding with employees – and replicate the magnetic stripes using advanced techniques.
If done with an employee, they can prioritize sale of specific cards, ensuring that they’re activated, and inform their thieving partners, who will then use the cloned card before the customer can, essentially spending that customer’s money. These incidents are rather rare because of the amount of cooperation and technological skill required to pull them off.
However, there are simple means of stealing the numbers from gift cards. A lone individual could easily take several (or dozens) of gift cards off of the shelf, read and catalog their numbers with a magnetic stripe reader, clone them, and then return the cards to the shelf.
This individual would then monitor the balances of these gift cards, using the IVR systems or web-based systems of the retailer to keep track of each one, and see when they’re activated. Once the cards are activated by a customer, the thief then begins spending the balance of the gift cards – before the customer can do so.
This type of fraud can also be done on the internet. If a number is read off of a card, the card can easily be used online, if the retailer has a web-based store that supports online shopping. This method is a bit more risky, however, especially if the individual is ordering products to their home. These shipments can easily be tracked, and the fraudster caught.
External – Hacking Of Customer Accounts
As shown in several high-profile cases involving Target, Home Depot, and even Starbucks, data breaches are quite common, even among the most sophisticated companies. In the case of Target and Home Depot, the primary data stolen was personal information, including names and credit card numbers.
However, gift card accounts can also be vulnerable to hacking – and that’s what happened to Starbucks. Hackers broke into customer’s accounts and began charging new gift card purchases, “reloading” the accounts in question.
After the accounts had been filled up with fraudulent gift card purchases, the balance on the accounts were “gifted” to email accounts belonging to the hackers. Finally, the hackers sold the balance on these gift cards on the black market, allowing them to cash out and rid themselves of the “dirty” gift card balances.
External – Fraudulent Purchase Of Gift Cards
This is a difficult form of fraud to prevent, as it involves multiple levels of fraud. First, a thief illegally obtains a credit card number, checkbook, or other method of fraudulent payment. This can be done through many means – a method as simple as mugging a person and using their credit card physically, or a more complex method involving hacking and identity theft.
Now, when a thief acquires a credit card, debit card, or checkbook from an individual, they know their time is short – they only have a small window in which they can spend the money without being caught, so they need to maximize their profits in that short time, and get rid of the “hot” items.
An ideal way for them to do this is by purchasing gift cards. While a bank may be quick to catch on to a thief using a stolen card, retailers are typically much slower to react, and even an extra day or two for the thief will allow them to use the fraudulent gift cards to purchase merchandise and get away scot-free.
Now, these are technically not “gift card” fraud techniques, as the true fraud happens to the customer whose information has been stolen. However, it’s important for retailers to realize that they can take steps to minimize losses incurred in this manner.
A good way to start is by keeping records of gift card purchases – require some basic information from customers when buying gift cards, especially if they’re high in value.
You can also create restrictions on high-dollar value gift card purchases, especially if a certain customer seems to be buying many of them in a short period of time with different payment methods.
Advice For Retailers
Gift card fraud is hard to prevent, but there are steps you can take to help reduce gift card fraud, both among employees and thieves.
- Keep your gift cards secure behind store counters, or in locked cabinets
- Have good policies and procedures for the handling of gift cards – your in-store gift cards should require a PIN, at the very least
- Avoid storing PINs with gift cards – this makes it harder for thieves to activate stolen cards
- Limit online balance lookups to several per hour at maximum – this prevents thieves from “checking up” to see which stolen cards have been activated. Any legitimate user of a gift card won’t require more than a few balance checks in an hour.
- Have a zero-tolerance policy towards employee theft, and keep an eye on suspicious employees. If you’re looking for it, employee gift card theft isn’t hard to see.
Advice For Customers
You don’t want to be stuck with a useless gift card because a thief got to it first. Here are some tips on avoiding gift card fraud:
- Only buy gift cards from reputable merchants
- Look for signs of tampering. Is the PIN scratch-off sticker on your card put on incorrectly? Does the magnetic stripe look worn? Is the card holder askew? Don’t pick out a card with any signs of tampering – it could be compromised.
- Keep your receipt – if you find that your card is drained of funds when you try to spend it, you can show the receipt to the retailer, and you may be able to recoup your losses.
Gift card fraud isn’t always preventable, but if you follow these guidelines, the chances that it will happen to you are very low.
Sell Your Unwanted Gift Cards At EJ Gift Cards
Fraud can be a problem for both retailers and customers who are using gift cards. But you know what else is a problem? Useless gift cards to stores you don’t like, restaurants you don’t eat at, or places you don’t go.
These gift cards represent a large waste of legitimate funds – and there are people out there who can use them! So if you have useless gift cards that you want to sell legitimately online, check out EJ Gift Cards!
Our website is simple to navigate, easy to use, and we offer a step-by-step gift card purchasing process that features highly competitive rates, and pays you via PayPal upon processing of gift card information and confirming its validit, or on receipt of tracking information for a physical gift card and confirming its validity.
Visit our website today, and see how you can convert your useless gift cards into cold hard cash – instantly!