Interviews

Valentine’s vigilance

by Mark Rowe

Xavi Sheikrojan, Senior Risk Intelligence Analyst EMEA, Signifyd, an e-commerce protection platform, writes of being vigilant against gift card fraud this Valentine’s Day.

Tradition might tell us that a bunch of flowers or box of chocolates are the ideal Valentine’s Day gifts, but there’s another present on this day of love that’s rapidly increasing in popularity: gift cards. Sales of gift cards have been growing consistently year-on-year, with the global market expected to reach US$1.4 trillion by 2026. Consumers like gift cards because of their flexibility and accessibility – most are purchasable and redeemable anytime, anywhere. Unfortunately, this flexibility can also be exploited for the financial gain of criminals.

Evolution of gift card fraud

The e-commerce space has boomed in the last few years due to the covid-19 pandemic. With people unable to shop or see their loved ones in person, facing postal system delays and an increasing wariness around parcel delivery providers. Many were looking for an easier and quicker way to purchase and send gifts, motivating a huge increase in online gift card purchases. This Valentine’s Day looks to be no different, with many sending gift cards to faraway family or long-distance partners to celebrate the occasion. But where money goes, malicious actors are sure to follow.

With the rise in usage of gift cards, the security of credit card payments has increased, with providers using fraud prevention tools like AVS and risk scoring to secure customer data. But these tools rely on customer information that isn’t available with gift cards. To make matters worse, gift cards are not bound by the extensive regulations that credit and debit card transactions are, and are untethered to individual identities, hard to trace, and easy to convert into cash or re-saleable goods, making them an appealing target for malicious actors.

How gift card scams work

There are multiple ways in which fraudsters can use gift cards to scam people out of their personal information and money. Refund fraud involves using stolen bank card numbers to make an online purchase before sending it back for a refund and asking for the funds to be put on a gift card. When the payment card’s real owner requests a chargeback, the merchant will lose twice the transaction amount, as well as any chargeback fees. Gift card number theft is another technique used by fraudsters, whereby they hack into a company gift card database through malware, phishing, or other social engineering methods to steal card numbers and activation codes.

But the most widespread form of gift card fraud is the most straightforward. Malicious actors can use stolen credit or debit card details to buy gift cards online and use or resell them before the owner of the card notices and the retailer is hit with the subsequent chargeback. Criminals have a strategy for this – by buying low value gift cards, the activity can bypass SCA requirements, avoid alerting retailer’s fraud detection solutions, and raise less suspicion to the original cardholder. The cards that pass this test and manage to bypass these hurdles can then be used to make larger purchases or the credentials can be sold on the dark web. Fraudsters, like merchants, need to ensure the quality of the product they’re selling before they sell it, so by validating the stolen bank card details, they ensure their reputation as sellers is upheld.

One recent example is an online merchant in Belgium, which was victim to a large-scale bot attack targeted on low value €10 digital gift cards. Fraudsters hit the site with a huge number of attempts within a short space of time, making the size and financial impact of the attack significant. The website was targeted using stolen UK payment cards, with devices and IP addresses randomised to look like unique attempts and avoid being blocked by velocity checks.

In these attacks, the criminals win twice – not only are they walking away with validated bank card details, but they are also able to resell the gift card for 80-90 per cent of its face value, higher than reselling other high risk stolen goods like electronics. Gift card fraud also goes hand in hand with romance scams, wherein scammers build up trust with victims over a long period of time, sometimes even years. Once the trust has been established, they will collect from victims, often multiple times with continuous promises to pay the victim back.

Staying vigilant

The potential financial impact of gift card fraud is alarming – one scheme saw a criminal in Florida purchasing up to 45,000 gift cards in person before selling them on exchange websites and receiving up to $7.5 million in profits. In addition, retailers that are affected by or involved in gift card fraud can be seen as vulnerable and untrustworthy, causing long term reputational damage to the business.

Merchants therefore need to ensure that their security solutions are robust enough to defend against hackers, track gift card numbers meticulously, and identify fraudulent transactions. Combining this with awareness training and continual testing helps to identify and stop these fraudulent transactions before they become an issue.

With gift card sales expected to surge this Valentine’s Day, fraudsters will be on the lookout for customers and retailers to target with gift card fraud. The continual evolution and sophistication of fraud techniques mean that, without up-to-date protections in place, anyone’s Valentine’s gift could be a criminal’s path to valuable financial information, with the merchants ultimately paying the price.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing